This Privacy Policy explains how FlowEmployee ("we", "us", "our") handles personal data when you, as a business owner, sign up for our service, and when your customers interact with the AI receptionist we provide on your behalf. By using FlowEmployee you agree to this policy.
1. Account Information
When you create a FlowEmployee account we collect:
- Your full name and email address
- A securely hashed copy of your password (we never store plain-text passwords)
- If you sign in with Google, your Google profile email, display name, and profile picture URL
- Business profile details you choose to share: business name, industry, services, hours, contact email, and timezone
This information is used to create and operate your FlowEmployee account, deliver the service, and contact you about your subscription.
2. Booking Information
When a customer books with your business through FlowEmployee, we store:
- The customer's name, email, and phone number
- The service, date, and time of the appointment
- Any notes the customer provides during the conversation
- The full transcript of the AI chat conversation that led to the booking
This data is stored solely so you, the business owner, can manage appointments inside your dashboard. We do not sell or share booking data with third parties.
3. Location & Address Handling (Home / Delivery Services)
If your service is configured as a home_service or delivery_service, the AI receptionist will ask the customer for their address. The address is:
- Stored alongside the relevant booking record
- Displayed to the business owner inside the booking details view
- Included in the booking notification email sent to the business owner
- Never displayed publicly or shared with other businesses
For services that do not require a location (in-store / in-office), no address is collected.
4. Payment Handling
FlowEmployee uses Flutterwave as our payment processor for subscriptions, top-ups, and renewals. We never see or store your full card number, CVV, or bank credentials — that data is collected directly by Flutterwave on their secure hosted checkout page.
We do receive and store:
- The transaction reference, amount, currency, and status returned by Flutterwave
- The plan / top-up purchased, used to allocate credits to your account
- An auditable history of every credit grant or deduction tied to your account
Flutterwave's own privacy practices are governed by their privacy policy.
5. Email Notifications
We use Resend as our transactional email provider to send:
- Password reset links when you click "Forgot password"
- Account notifications (subscription changes, low credits)
- Booking confirmations to your customers
- New-booking notifications to you, the business owner
- Replies to messages submitted via our Contact page
Transactional emails are required to operate the service. Marketing emails (if any) will always include an unsubscribe link.
6. AI Conversations
Customer chat messages are sent to a large language model (currently OpenAI's GPT family) for response generation. The model is instructed only with your business profile + the current chat history. We do not allow third parties to train models on your customer conversations.
7. Data Retention
Account, booking, and conversation data is retained while your account is active. If you delete your account from Settings → Danger Zone → Delete Account, we permanently delete your user record, business, bookings, conversations, leads, credits, and subscription. Payment audit logs may be retained for the period required by tax and accounting law.
8. Your Data Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate information from your dashboard at any time
- Delete your account and all associated data using the self-service flow
- Export your bookings and conversations on request
- Withdraw consent by closing your account
To exercise any of these rights, email us via the Contact page.
9. Security
We use bcrypt for password hashing, HTTPS for all data in transit, JWT-based session tokens with short expiry, and signed Flutterwave webhooks. No system is perfectly secure — if you suspect a security issue please contact us immediately.
10. Changes to this Policy
We may update this policy as our service evolves. Material changes will be announced via in-app notification or email at least 14 days before they take effect.