Privacy Policy

Last updated: April 2, 2026

Flowmail ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you create a Flowmail account, we collect:

  • Email address
  • Name
  • Organization name
  • Authentication credentials (passkeys, OTP tokens — we do not store passwords)

1.2 Email Data

When you connect your email account (Gmail or Outlook), we access:

  • Email headers (sender, recipient, subject, date)
  • Email body content (for AI classification and extraction)
  • Email metadata (thread IDs, labels)

We do not store raw email content permanently. We extract structured business data (entities, fields, statuses) and retain only what is necessary for the service to function.

1.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, access times)
  • Feature usage analytics
  • Error reports (via Sentry)

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Flowmail service
  • Classify emails and extract structured business data using AI
  • Display your Smart Inbox, entities, and action panels
  • Send transactional emails (OTP codes, notifications)
  • Improve the accuracy and performance of our AI models

2.1 AI Processing

Our AI processes your email content to classify emails and extract structured data. Important details:

  • Your data is never used to train AI models. We use third-party AI providers (OpenAI, Anthropic) for inference only.
  • AI classifications are always presented for human review before actions are taken.
  • You can view exactly what data the AI extracted at any time.

3. Data Sharing

We do not sell your personal information. We share data only with:

  • AI Providers (OpenAI, Anthropic) — Email content is sent for classification/extraction. These providers do not retain data beyond the API call per their data processing agreements.
  • Infrastructure Providers — Cloud hosting, database, and email delivery services that help us operate the platform.
  • Legal Requirements — When required by law, regulation, or legal process.

4. Data Security

We implement industry-standard security measures:

  • AES-256-GCM encryption for sensitive data at rest
  • TLS 1.3 encryption for all data in transit
  • OAuth 2.0 for email account connections (we never store your email password)
  • Organization-level data isolation
  • Rate limiting and DDoS protection
  • Regular security audits and dependency updates

5. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Extracted entities: Retained while your account is active
  • Email content: Processed transiently for AI classification; not permanently stored in raw form
  • Audit logs: Retained for 12 months

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to certain processing activities
  • Restrict processing of your data

To exercise any of these rights, contact us at [email protected].

7. GDPR (European Users)

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract performance: To provide the Flowmail service
  • Legitimate interests: To improve our service and ensure security
  • Consent: For optional features and marketing communications

We offer Data Processing Agreements (DPA) for enterprise customers.

8. Cookies

Flowmail uses essential cookies for authentication and session management. We do not use third-party tracking cookies.

9. Children's Privacy

Flowmail is not intended for use by individuals under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

11. Contact Us

For privacy-related inquiries: