Privacy Policy

Last updated: 1 January 2026

1. Data controller

FlowAudit is operated by Poplab OÜ (registry code 14772137), Sepapaja 6, Tallinn 15551, Estonia. We are the data controller responsible for the personal data processed through the Service. This policy explains how we handle your data in accordance with the EU General Data Protection Regulation (GDPR) and Estonian law.

2. What data we collect

  • Account data — your email address and authentication details.
  • Audit data — the page URLs, goals, and any descriptions you submit for an audit, and the resulting audit outputs.
  • Usage data — basic technical and product usage information such as feature use, credit consumption, and log data needed to run and secure the Service.
  • Billing data — subscription and credit records (payment card details are handled by our payment processor, not stored by us).

3. Why we collect it and legal basis

We process your data to:

  • deliver the Service and generate audits (performance of a contract);
  • manage your account and billing (performance of a contract);
  • improve and secure the product (our legitimate interests);
  • comply with legal and accounting obligations (legal obligation).

4. Data processors and sub-processors

We share data only with trusted processors that help us operate the Service, under appropriate data processing agreements:

  • Supabase — authentication and database hosting.
  • OpenAI and Anthropic — AI processing of the flow details you submit to generate audit results.

Some processors may transfer data outside the EU/EEA; where they do, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

5. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate data;
  • request erasure ("right to be forgotten");
  • receive your data in a portable, machine-readable format;
  • restrict or object to certain processing;
  • lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

To exercise any of these rights, contact us at flowaudit@poplab.io.

6. Data retention

We retain your account and audit history for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must keep certain records to comply with legal or accounting obligations.

7. Cookies

We use essential cookies to operate the Service and optional analytics cookies that require your consent. For details, see our Cookie Policy.

8. Contact

For privacy questions or data requests, contact us at flowaudit@poplab.io.

Poplab OÜ, Sepapaja 6, Tallinn 15551, Estonia · VAT: EE102178351