Privacy Policy

Flowfolio is the controller for personal information processed in connection with accounts and use of the Service, unless we act solely as a processor on behalf of an organization (e.g. a team account) as described in agreements with that organization.

Contact: admin@excelso.space

Account and profile data: name, email address, password hash, role, preferences, and optional profile fields you choose to provide (e.g. phone, company, avatar or brand assets).

Service data you create: clients, projects, tasks, calendar entries, files, messages or notes you store, invoice metadata, and similar workspace content.

Technical and usage data: IP address, device/browser type, approximate location derived from IP, timestamps, diagnostic logs, cookies or similar technologies, and in-product analytics needed to operate and secure the Service.

Payment data: billing details are handled by our payment partners (e.g. Stripe). We typically receive limited payment metadata (e.g. subscription status, last four digits) rather than full card numbers.

Communications: messages you send to support and records needed to handle requests.

AI interactions: prompts and outputs you submit to AI features may be processed to provide the feature and to monitor abuse, subject to our security practices.

To create and maintain your account; authenticate users; provide core product features.

To process payments and subscriptions; detect fraud and abuse; comply with legal obligations.

To secure the Service, troubleshoot, and improve performance and reliability.

To communicate with you about the Service, including transactional messages and, where permitted, product updates.

To comply with law and enforce our Terms.

Where GDPR-style rules apply, we rely on one or more of: performance of a contract; legitimate interests that are not overridden by your rights (e.g. security, product improvement); consent where required (e.g. certain cookies or marketing); legal obligation.

We use cookies and similar technologies for authentication, session management, security, preferences, and analytics where enabled. You can control some cookies through browser settings; blocking essential cookies may affect functionality.

We share personal information with service providers who process it on our instructions (hosting, databases, email delivery, payments, error monitoring, authentication, and—where used—AI infrastructure providers).

We may disclose information if required by law, legal process, or to protect rights, safety, and security.

We do not sell your personal information as “sale” is commonly defined in privacy laws.

If Flowfolio is involved in a merger, acquisition, or asset sale, personal information may be transferred as part of that transaction with appropriate safeguards and notice where required.

We may process and store data in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.

We retain personal information for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and comply with legal obligations. Backups may persist for a limited additional period.

You may request deletion of your account subject to legal retention needs.

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, and data portability. You may also withdraw consent where processing is consent-based.

You may lodge a complaint with a supervisory authority in your country of residence or work.

To exercise rights, contact admin@excelso.space. We may need to verify your request.

If the California Consumer Privacy Act (CCPA/CPRA) applies, you may have additional rights regarding access, deletion, correction, and opt-out of certain sharing. Contact admin@excelso.space with requests. We do not “sell” or “share” personal information for cross-context behavioral advertising as defined under CPRA in the way we operate the Service today; if that changes, we will update this Policy and provide appropriate choices.

The Service is not directed to children under the age of digital consent. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. We will post the updated version here and update the “Last updated” date. Where changes are material, we will provide additional notice as required by law.

Privacy questions and requests: admin@excelso.space