Last updated: April 13, 2026

This Privacy Policy describes what personal data we collect, for what purpose, and how we protect it. By using the Service, you agree to the terms of this Policy.

1. General Provisions

This Privacy Policy (hereinafter — "Policy") governs the collection, processing, storage, and protection of personal data of users of the Flowcot platform.

The data controller is FOP Serozhym Yevhen Oleksandrovych, TIN: 3376509759 (hereinafter — "We", "Flowcot", "Operator"). The Service is available at flowcot.com.

This Policy is an integral part of the Terms of Use of Flowcot.

2. What Data We Collect

2.1. Data You Provide Directly

Contact information: name, email address, phone number, or Telegram username — when registering or filling out contact forms.
Company data: company name, job title — when subscribing or requesting a demo.
Payment data: we do not store payment card details — all payment processing is handled through certified payment systems.

2.2. Data Collected Automatically

Technical data: IP address, browser type and version, operating system, access time, referrer.
Analytics data: pages viewed, session duration, traffic source — via Google Analytics 4 (GA4).
Cookies: used to ensure Service functionality and analytics (see Section 7 for details).

2.3. Data of Your Loyalty Program Participants

If you use Flowcot to run your own loyalty program, you transfer to us the personal data of your end customers (program participants). In this case, you are the independent data controller, and Flowcot acts as a data processor, processing data solely on your behalf and within the scope of providing the Service. You are responsible for having a lawful basis for such transfer.

3. Purpose and Legal Basis for Processing

3.1. Purpose of Processing

providing access to the Flowcot platform and fulfilling the contract;
processing demo requests and technical support;
invoicing and payment accounting;
sending service notifications (tariff changes, maintenance, updates);
marketing communications — with separate consent;
analyzing and improving the Service;
complying with applicable legal requirements.

3.2. Legal Basis

Contract performance — processing is necessary to provide the Service in accordance with the Terms of Use.
Consent — for marketing communications and optional cookies.
Legitimate interest — for security analysis, fraud prevention, and Service improvement.
Legal obligation — in cases required by applicable law.

4. Data Retention

Account data — retained for the full duration of the subscription and for 30 (thirty) calendar days after its termination. After this period, data is permanently deleted.
Request and correspondence data — 3 (three) years from the date of last contact.
Analytics data (GA4) — in accordance with Google Analytics settings (default — 14 months).
Payment documents — 5 (five) years in accordance with applicable tax law requirements.
Cookies — as specified in Section 7.

5. Data Sharing with Third Parties

We do not sell or share your personal data with third parties for their marketing purposes. Data may be shared only in the following cases:

5.1. Service Partners (Data Processors)

To operate the Service, we use trusted providers who process data on our behalf:

Google Analytics 4 — web analytics (USA; Standard Contractual Clauses).
Google Workspace — corporate email and documents.
Payment providers — transaction processing (specific provider listed in the account).

All partners are required to comply with confidentiality requirements and process data solely according to our instructions.

5.2. Legal Requirements

We may disclose data at the request of a court, law enforcement, or other government agencies where required by applicable law.

5.3. International Transfers

Some of our partners (including Google) may process data outside the country. In such cases, we ensure an adequate level of data protection through Standard Contractual Clauses or equivalent mechanisms.

6. Your Rights

You have the following rights regarding your personal data:

Know about the existence of personal data, its composition, and purpose of processing.
Access your personal data that we process.
Rectification — request correction of inaccurate or outdated data.
Erasure ("right to be forgotten") — in cases provided by law.
Object to processing based on legitimate interest or for direct marketing purposes.
Withdraw consent — for data processed based on your consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
Data portability — receive a copy of your data in machine-readable format.
Lodge a complaint with the relevant supervisory authority.

To exercise any of these rights, send a request to info@flowcot.com. We will respond within 30 (thirty) calendar days.

7. Cookies

7.1. What Are Cookies

Cookies are small text files stored in your browser when you visit a website. We use the following categories of cookies:

7.2. Essential Cookies

Required for the Service to function: session storage, authentication, basic security. They do not require your consent and cannot be disabled.

7.3. Analytics Cookies

Google Analytics 4 — helps us understand how visitors use the site. Collects anonymized statistics. You can opt out via browser settings or the Google Analytics Opt-out extension.

7.4. Cookie Management

You can manage cookies via your browser settings or opt out of non-essential cookies. Note that disabling some cookies may affect the functionality of the Service.

8. Data Security

We take technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:

data transmission is secured with TLS/HTTPS;
access to personal data is restricted to authorized personnel only;
databases are protected with passwords and two-factor authentication;
regular data backups are performed.

In the event of a personal data breach, we will notify you and the relevant authorities within the timeframes required by law.

9. Children's Data

The Service is intended exclusively for persons who have reached 18 (eighteen) years of age. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with their data, please notify us at info@flowcot.com — we will delete such data immediately.

10. Changes to the Policy

We may update this Policy in connection with changes in law or Service functionality. We will notify you of significant changes on the website or by email at least 14 (fourteen) days before the changes take effect. The current version is always available on this page.

11. Contact Information

For questions regarding the processing of personal data, the exercise of your rights, or any other matters related to this Policy, please contact us:

Email: info@flowcot.com
Website: flowcot.com