Legal
Privacy Policy
Last updated: June 2026
1. Who we are
FlowX ("we", "us") provides an operations management platform for teams. This policy explains what personal data we collect when you use our website and product, why we collect it, and the rights you have over it. For privacy questions, contact mali@serviceamx.com.
2. Data we collect
- Account data — name, work email, password (stored only as a salted hash), workspace name.
- Workspace content — tasks, requests, projects, comments, documents, and other records your team creates. Your organization controls this content.
- Usage data — sign-in times, IP addresses, and actions recorded in your workspace's audit trail (a core product feature).
- Communications — emails we send you (verification codes, invitations, notifications) and messages you send us.
We do not collect payment card details — payments are processed by Stripe, which handles card data under its own PCI-DSS compliance.
3. Why we process it
- To provide the service: authentication, notifications, audit trails, and workspace functionality.
- To secure the service: abuse prevention, account-lockout protection, and security logging.
- To communicate: verification codes, workspace invitations, and service notices.
- To comply with legal obligations applicable to us.
We do not sell personal data, and we do not use your workspace content for advertising.
4. Legal bases (GDPR) and PDPL alignment
Where the EU GDPR applies, we rely on contract performance (providing the service you signed up for), legitimate interests (service security and improvement), and consent where required. Where the Saudi Personal Data Protection Law (PDPL) applies, we process personal data with your knowledge for the purposes described here, and honor the rights it grants you.
5. Where your data lives
Your data is stored on managed cloud infrastructure. Each workspace's data is logically isolated from other customers (row-level tenant isolation), encrypted in transit (TLS) and at rest (AES-256). Contact us for current hosting-region details for your contract.
6. Sharing
We share personal data only with processors needed to run the service:
- Cloud hosting providers (infrastructure)
- Microsoft (transactional email delivery)
- Stripe (payments, when you purchase a paid plan)
We may disclose data when legally required by a competent authority.
7. Retention
Workspace data is retained while your workspace is active. If a workspace is closed, data is retained for a recovery window (so the closure can be reversed) and then deleted. You can export your workspace data at any time from Settings → System.
8. Your rights
Subject to applicable law (PDPL / GDPR), you may request access to, correction of, deletion of, or a copy of your personal data, and you may object to or restrict certain processing. Workspace members should direct requests to their workspace administrator first, since the customer organization controls workspace content. You can also contact us directly.
9. Cookies
The product uses strictly necessary cookies only: an authentication session cookie (httpOnly) and your interface preferences (theme, language). The marketing website does not use advertising or cross-site tracking cookies.
10. Changes
We will post any changes to this policy on this page and update the date above. Material changes will be announced to workspace administrators by email.