Privacy Policy
1. Introduction
FlowWrite. (“FlowWrite”, “we”, “our”) is committed for protecting your privacy when accessing, downloading or using FlowWrite your AI-powered writing assistant that helps you generate various types of written content quickly and easily and the associated website (the “Software”, “Website” and “you”, “your” or “user”, respectively). That starts with helping you understand our privacy practices. The following information describes how FlowWrite collects and processes information about you when you use our Software and access the Website.
This document (the “Privacy Policy”) aims to provide you with a clear understanding of what information we collect and why we collect it, how it is used and shared, how we secure your information and the choices available to you regarding the collection of such information.
We strongly encourage you to read this document in conjunction with our privacy overview, which summarizes the key aspects of our privacy practices.
IPPL Disclosure: The information you provide will be stored in FlowWrite’s databases and used solely as described in this Privacy Policy. We will not disclose your information to third parties except as set out in this Privacy Policy or as required to comply with applicable law. You are not legally obligated to provide Personal Data; however, if you choose not to provide certain Personal Data, we may be unable to provide certain services or respond to your inquiries. By using the Services you consent to the collection, use, disclosure, and storage of your Personal Data as described in this Privacy Policy. If you do not agree to FlowWrite’s collection, storage, use, or sharing of Personal Data relating to you as described in this Privacy Policy, please do not use or otherwise engage with the Services.
U.S. State Privacy Specifications: Please see Section 12, “Additional Notice for United States Residents,” for further information about our privacy practices and your rights under applicable U.S. state privacy laws. To the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), applies to our processing of Personal Data, the “Additional Notice for United States Residents” constitutes our Notice at Collection and Privacy Policy for purposes of the CCPA.
2. Data Controller Contact Information
FlowWrite is the “data controller” (as such term, or equivalent, is defined under applicable data protection legislations) that decides upon the purpose and means of processing Personal Data.
If you have any questions about this Privacy Policy, or if you believe that your privacy rights are compromised, please email: [email protected]
3. Data Collection and Use
Through your use and access of our Website and Software, we collect information in the following ways:
“Personal Data” means any information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to an individual, as further defined under applicable law, including equivalent terms such as “personal information” and “personally identifiable information.” Non-Personal Data that is combined with, or linked to, Personal Data will be treated as Personal Data for as long as it remains combined with, or linked to, Personal Data.
The Services are not designed to collect or process, and to the best of our knowledge do not collect or process, “Sensitive Data” as defined under applicable law, including equivalent terms such as “highly sensitive information,” “special categories of personal data,” and “sensitive personal information.” Users should therefore not submit or upload Sensitive Data through the Services. Depending on the applicable law and jurisdiction, Sensitive Data may include information concerning racial or ethnic origin, religious or philosophical beliefs, sexual orientation, health status, and certain financial information.
We may collect various categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services. Below, we describe the categories of Personal Data we process, the purposes for which we process that data, and the lawful bases on which we rely. We may also use Personal Data to detect, prevent, and address prohibited or unlawful activity, fraud, misappropriation, infringement, identity theft, and other misuse of the Services; to enforce our End User License Agreement; to protect the security and integrity of our databases and the Services; and to establish, exercise, or defend legal claims and otherwise mitigate legal risk. Where applicable, such processing is based on our legitimate interests.
The Personal Information collected by us include the following:
- Online Identifiers: such as your Internet Protocol address, Google advertising ID (GAID), etc. Where we process such Online Identifiers for operational, functional, and security purposes, we process your data based on our legitimate interest. Where we use the Online Identifiers for marketing, personalized ads, and tracking it will be based on your consent provided through the Software’s organic permissions.
- Usage Data: We further process, directly or indirectly through our third-party service providers, usage data, including information regarding your interaction with the Services, features used, time stamp and duration of use, click stream data and errors that occurred (collectively “Usage Data”). We will use Usage Data and inferred data for statistical, analytical purposes and internal development. These data sets are processed based on legitimate interest in enhancing our Services.
- Support: When you contact us for customer support, we will process your contact information, as well as any information you choose to provide as part of our communications and correspondence. We will use contact information to provide customer support and communicate with you. We will retain such communications to have records of the support that was provided, for any future needs as well as to further improve our Services and support. We process such information, for the purpose of providing the support and performing our contract with you. We will further retain our communications for record keeping and Services improvement, including training our customer support team, based on our legitimate interest.
- User Content: The Services allow you to restyle and rewrite text and other written content that you upload in a particular style (“User Content”). To provide the Services, User Content is processed by us and our LLM service provider solely for that purpose. We do not upload User Content to our servers or retain it. Once the User Content has been processed and the output generated, the output will be made available to you and retained locally on your device. To the extent you are authorized to do so, User Content may include Personal Data relating to other individuals, for example, where the content includes names or descriptions of other persons (each, a “Non-User”). If you are not authorized, or do not have the necessary consent, please do not upload any Personal Data relating to anyone other than yourself. To the extent Non-User Personal Data is processed through the Services, such processing is based on our legitimate interest in providing the Services to our users.
We may use the collected information as part of our Services and operations as follows:
- Providing the Services and Website and Software features: in order to operate our Website and Software and provide you with the Website and Software services and other features that can be accessed and used through the Website and Software, we will need to access, collect and process the Personal Information.
- Improvement and Development of Services: We analyze the collected information to improve and develop our Services. This includes reviewing and enhancing the user-friendliness of our Website and Software and ensuring it aligns with your feedback and our business goals.
- Maintaining a Safe and Secure Environment: Your information is used to enhance the safety and security of our Website and Software. This includes preventing fraud, verifying identity, and taking actions against activities that violate our terms of service or applicable law.
- Personalizing Content, Advertising, and Marketing: We leverage personal information to customize our Software’s content and marketing strategies, including delivering ads to better suit your interests and enhance your overall experience.
4. Security Measures
Our top priority is to ensure the privacy of your Personal Information that we collect and use for the purpose of providing you with our Services.
We are considering the sensitivity of data that we are storing and processing. Our security team and developers are following common security best practices integrated into each process and system, to protect them against common security threats.
Our implemented security measures combine technological, administrative, and operational security controls together to ensure optimal security of all information assets.
5. Cookies
We use “cookies” and similar tracking technologies such as software developer kits (“SDKs”) when you access or use our Services. Such tracking technologies are small text files that a website (cookie) or an application (SDK) places and stores on your device while you are viewing or using such interfaces.
Such tracking technologies are very helpful and can be used for various purposes. These purposes include: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our Services quicker and easier.
| Cookie & SDK | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics | Analytical & Measurement | www.google.com/policies/privacy/partners |
| Cloudflare | Operational & Functional | https://www.cloudflare.com/privacypolicy/ |
6. Your Data Protection Rights
The law establishes specific rights that must be granted to each data subject whose data is collected and processed by an organization. As a data controller, We are responsible for informing you your rights in accordance with applicable regulations.
- The right of access: You have the right to request from us a copy of your Personal Information that we have collected from you.
- The right to rectification: You have the right to request us to correct/update any Personal Information of you that is not correct.
- The right to erasure (‘right to be forgotten’): You have the right to request us to erase your Personal Information, under certain conditions.
- The right to restrict processing: You have the right to request us to restrict the processing of your Personal Information, under certain conditions.
- The right to data portability: You have the right to request us to transfer your data that we have collected to another entities, or directly to you.
- The right to object: You have the right to object to the processing of your Personal Information by our organization.
To exercise these rights, or for any GDPR-related inquiries, please contact us at [email protected].
7. Data Sharing and Transfers Outside the EEA
In line with our commitment to privacy and GDPR principles, we may need to share your Personal Information under certain circumstances:
- With Third Parties: To perform our contractual and legal obligations, it may be necessary to share your Personal Information with third parties. This includes affiliates, subsidiaries, or third-party service providers who assist us with services such as marketing, data management, maintenance and including advertisers to provide you with Ads.
- For Analytics: We also share information with analytics service providers for analytics services, which helps us in compiling aggregated statistics about the effectiveness of our Website and Software and Services.
These third parties may be located in countries outside of your own. In such cases, we ensure that they comply with obligations similar to those in this Privacy Policy and adhere to our data privacy and security requirements. They are permitted to use the Personal Information only for the purposes we specify. When transferring your Personal Information internationally, we use appropriate and suitable safeguards, including a variety of legal mechanisms like contracts, to ensure your rights and protections travel with your data.
- For Business Purposes: In certain scenarios, such as corporate mergers, consolidations, sales of assets, or other fundamental corporate changes, your information may be transferred.
- For Compliance: We may release information in compliance with legal obligations, such as warrants, subpoenas, or court orders, or in special cases, such as unlawful acts using our Services, security breaches, or physical threats.
8. Data Retention
We retain Personal Information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law, including to comply with legal, regulatory, tax, or accounting obligations; to maintain an accurate record of your dealings with us in the event of any complaint or dispute; or where we reasonably believe that litigation relating to your Personal Data may arise.
Please note that, except as required by applicable law or our specific agreements with you, we are not obligated to retain your Personal Data for any specific period and may securely delete it or restrict access to it at any time, with or without notice. We do not retain or store any User Content.
9. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable regulations. We encourage you to review this Policy periodically. The updated Policy will be effective upon posting on our website.
10. Eligibility and Children’s Privacy
The Services are not intended for use by children under the age of 13, and we do not knowingly collect or process Personal Data from children. If we become aware that a child has provided us with any information, we will delete such information as soon as reasonably practicable. If you believe that a child has shared information with us, please contact us promptly.
11. Ways to Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by email to: [email protected]
12. Additional Notice for United States Residents
The information below supplements this Privacy Policy and applies to residents of certain U.S. states. These additional disclosures are intended to provide further information about how we process Personal Data relating to such residents and the rights that may be available to them under applicable law.
Residents of certain U.S. states may have additional rights under applicable privacy laws, depending on the relevant state law and provided they are acting solely in an individual or household context, and not in a commercial or employment context, as a job applicant, as a beneficiary of a person acting in an employment context, or as a representative of a business.
- “Personal Data” under applicable U.S. privacy laws generally means information that is linked or reasonably linkable to an identified or identifiable individual. It generally does not include publicly available information lawfully made available from government records or otherwise made publicly available by the individual, de-identified or aggregated information, or information otherwise excluded from the scope of the applicable state law.
- “Sensitive Data” includes Personal Data revealing racial, ethnic, or national origin; religious beliefs; information concerning an individual’s medical history or mental or physical health condition, diagnosis, or treatment; neural data; transgender or non-binary status; sex life or sexual orientation; status as a victim of a crime; citizenship or immigration status; genetic or biometric data; Personal Data collected from a known child; and precise geolocation data.
We are required to provide a clear and accessible privacy notice describing the categories of Personal Data we process, the purposes of processing, the categories of Personal Data we share with third parties, the categories of third parties with whom such data is shared, the categories of Personal Data that are sold or used for targeted advertising, if any, the categories of third parties to whom such data is sold, if any, a description of your privacy rights, instructions for exercising and appealing decisions relating to those rights, and our contact information. This information is set out in this Privacy Policy and supplemented below.
Categories of Personal Data:
Under Section 3 of the Privacy Policy, “Data Collection and Use”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored, or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent, unless we are otherwise entitled, required, or permitted under applicable laws.
“Sale” of Personal Data:
Under U.S. privacy laws, in principle, the term “sale” refers to disclosing or making available Personal Data to a third party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as this term is commonly understood, meaning we do not, and will not, disclose Personal Data relating to you in direct exchange for money or some other form of payment. However, subject to the definition of the term “sale” under applicable U.S. privacy laws, our practice of using cookies or other third-party advertising services and sharing Personal Data for such purposes with third-party (e.g., providers of analytic tools) is considered a “sale.” Such practice includes the following Personal Data categories shared with these third parties: Unique Identifiers (device ID, IP), Internet and electronic network activity information (engagement with our Services), and Geolocation data derived from IP.
Consumer Rights Related to Their Personal Data:
Section 6 under this Privacy Policy “Your Data Protection Rights” provides additional information regarding your principal rights. Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.
- List of Third Parties – the right to receive a list of the specific third parties to which we have disclosed either Personal Data relating to you or any Personal Data.
- Delete – the right to request us to delete their Personal Data provided to or obtained by us.
- Correct – the right to request us to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.
- Opt-Out – the right to opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for profiling in furtherance of making decisions that produce legal or similarly significant effects. However we do not engage in profiling in furtherance of legal or similarly significant decisions.
- Appeal – the right to appeal if we decline to take action in response to your exercise of a privacy right.
- Non-Discrimination – the right not to be discriminated against for exercising your privacy rights.
For more information about rights for U.S. residents, please see: https://oag.ca.gov/privacy/ccpa.
Exercising Consumer Privacy Rights: You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by contacting us: [email protected].
Authorized agents may initiate a request on behalf of another individual, provided that they provide proof of their authorization, and we may also require that the individual directly verify his/her identity and the authority of the authorized agent.
We will respond to your request within the timeframe required under applicable law, and we reserve the right to extend the response time subject to applicable law requirements. If we refuse to take action on a request, we will notify you, and our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law upon our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction.