Back
GDPR & Data Processing
Last updated: 26 June 2025
Who's Who
- You ➜ Data Controller for anything your visitors type into chats.
- FlowGent AI ➜ Data Processor for that chat content.
- We're the Controller for our own site analytics & billing info.
What We Store & Why
- Chat content + IDs per channel (contract performance)
- Account & billing details (legal obligation)
- Product-usage events (no end-user PII) (legitimate interest)
All data lives in the EU and is deleted on request or when no longer needed for the purpose above.
Where It Lives
AWS Frankfurt (eu-central-1).
Sub-processors
- AWS (infrastructure)
- Vercel (static & edge hosting, no data stored)
- DigitalOcean (server infrastructure, no data stored)
- OpenAI & Anthropic (stateless LLM calls, no data stored)
- PostHog EU (product analytics)
Security Basics
Data is encrypted in transit. Internal access requires MFA and follows least-privilege rules.
AI & Marketing Use
No customer data is used for model training or marketing, ever.
Your GDPR Rights
Access, rectify, erase, restrict, port, or object; just drop us a line.
Data Deletion & Export
Email privacy@flowgent.ai with your request and we'll handle it within 30 days.
Need a DPA?
Email jan@flowgent.ai and we'll send over a pre-signed copy for e-signature.
Data Protection Officer (DPO)
Data Protection Officer: For any data protection queries, email jan@flowgent.ai.