Get Started
Legal

Privacy Policy

Last updated: December 2024

1. Introduction

We take the protection of your personal data very seriously. This Privacy Policy explains how Flowguard collects, uses, and protects your personal data when you use our website and services.

Personal data comprises all data that can be used to personally identify you. This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Controller Information

The controller responsible for data processing on this website (referred to as the "controller" in the GDPR) is:

Flowguard
Email: support@flowguardwp.io
Website: https://flowguardwp.io

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

3. Data We Collect

We collect data in the following ways:

3.1 Data You Provide to Us

  • Account information: When you create an account, we collect your name, email address, and payment information.
  • Contact information: When you contact us via email or contact forms, we collect the information you provide.
  • Purchase information: When you purchase a license, we collect billing details necessary to process your payment.

3.2 Data Collected Automatically

  • Log data: Our servers automatically record information including your IP address, browser type, referring URL, and date/time of access.
  • Device information: We collect information about the device you use to access our website.
  • Usage data: We collect information about how you use our website and services.

3.3 Data Processed by the Plugin

When you use the Flowguard plugin:

  • License verification: Your license key and site URL are transmitted to verify your license.
  • Test execution: When using remote test execution, HTTP requests are made to your website. Test results are processed on our servers and transmitted back to your WordPress installation.
  • Monitoring data: Uptime monitoring data (response times, status codes) is collected and stored.

Important: We do not collect or store your WordPress admin credentials, database content, or any sensitive user data from your website.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your personal data for specific purposes.
  • Contract performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract with you (e.g., providing the Flowguard service).
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation (e.g., tax records).
  • Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests (e.g., fraud prevention, service improvement).

5. How We Use Your Data

We use the collected data for the following purposes:

  • To provide and maintain our services
  • To process your purchases and manage your account
  • To verify and manage software licenses
  • To provide customer support
  • To send important service notifications
  • To improve our website and services
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
  • Purchase records: Retained for the period required by tax and accounting laws (typically 7-10 years).
  • Monitoring data: Retained according to your settings (configurable retention period) or for 30 days after subscription ends.
  • Support communications: Retained for up to 3 years to provide context for ongoing support.
  • Server logs: Automatically deleted after 90 days.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

7.1 Service Providers

  • SureCart: Payment processing. Privacy Policy
  • Hosting providers: Server infrastructure for our website and API services.
  • Email services: For transactional emails (order confirmations, support responses).

7.2 Legal Requirements

We may disclose your data if required by law, court order, or government request, or to protect our rights, property, or safety.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Your explicit consent (Art. 49(1)(a) GDPR)

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process your personal data and to access that data.
  • Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data under certain circumstances ("right to be forgotten").
  • Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us at support@flowguardwp.io.

10. Right to Object

You have the right to object to the processing of your personal data based on grounds arising from your unique situation when data is processed on the basis of Art. 6(1)(e) or (f) GDPR (public interest or legitimate interests).

If you log an objection, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time. If you object, your data will no longer be processed for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

11. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so with the supervisory authority in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

12. Cookies

Our website uses cookies. Cookies are small text files stored on your device that help us provide and improve our services.

12.1 Essential Cookies

These cookies are necessary for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting privacy preferences, logging in, or filling in forms.

12.2 Analytics Cookies

With your consent, we may use analytics cookies to understand how visitors interact with our website. This helps us improve our services.

12.3 Managing Cookies

You can set your browser to block or alert you about cookies. However, some parts of the website may not function properly if you block essential cookies.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • All data transmissions are encrypted using SSL/TLS (HTTPS)
  • Access to personal data is restricted to authorized personnel only
  • Regular security assessments and updates
  • Secure data storage with appropriate access controls

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

14. Plugin-Specific Privacy Information

The Flowguard WordPress plugin processes data as follows:

14.1 What the Plugin Does NOT Collect

  • WordPress admin passwords or credentials
  • Database contents or user data from your website
  • Personal data of your website visitors
  • Content of emails sent through your website

14.2 What the Plugin DOES Process

  • License key and site URL for license verification
  • Test flow configurations (stored locally in your WordPress database)
  • Test results and monitoring data
  • HTTP responses from your website during test execution

14.3 Test Mode Privacy

When Test Mode is enabled, the plugin prevents real actions (emails, orders, user registrations) from occurring during tests. This ensures that test data does not mix with real user data on your website.

15. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@flowguardwp.io
Website: https://flowguardwp.io

For data protection inquiries, you can also contact our data protection officer at the above email address with the subject line "Data Protection Inquiry".