Legal

Privacy Policy

Last updated: May 12, 2026

1. Information We Collect

We collect information necessary to provide AI consulting, implementation, workflow automation, and AI system services:

  • Business information (name, address, phone, email, services offered)
  • Call recordings and transcripts from AI-handled calls
  • Lead contact information (name, phone, email) captured during calls
  • Appointment and scheduling data
  • SMS message content
  • Website analytics (via Plausible, cookieless and GDPR-compliant)
  • Marketing attribution cookies on flowchainlabs.com (ad-platform pixel cookies used to measure which ad campaigns drive assessment bookings; hashed email and phone are forwarded to the ad platform server-side to deduplicate browser events). You can disable these by enabling tracking-protection in your browser or installing a privacy extension.

2. How We Use Your Data

  • Provide and improve AI implementation, workflow automation, and AI system services
  • Schedule appointments and manage leads on your behalf
  • Send transactional SMS and email communications
  • Generate analytics and reports for your dashboard
  • Comply with legal obligations (TCPA, CAN-SPAM)

3. Data Storage & Security

Your data is stored on SOC 2 Type II certified infrastructure with row-level security ensuring clients can only access their own data. All data is encrypted in transit (TLS) and at rest. Payments are processed through a PCI-DSS Level 1 certified payment processor. We never store credit card numbers.

4. Data Sharing

We do not sell your data. We share data only with sub-processors necessary to deliver our services. By category:

  • Voice AI infrastructure provider: speech-to-text, text-to-speech, and call handling
  • Telecommunications provider: SMS delivery and phone routing
  • Calendar and scheduling provider: appointment coordination
  • Payment processor: PCI-DSS Level 1 certified, payment authorization only
  • Transactional email provider: receipts and notifications
  • Database and authentication provider: SOC 2 Type II certified, US-region hosting
  • Marketing analytics and ad-attribution provider: campaign attribution and audience matching for marketing on flowchainlabs.com (data is hashed before forwarding)

Our current sub-processor list (with vendor names, locations, and the data each handles) is available on request to privacy@flowchainlabs.com. We notify customers of material sub-processor changes before they take effect.

5. TCPA Compliance

We comply with the Telephone Consumer Protection Act. SMS communications honor opt-out requests immediately (reply STOP). We do not send messages during quiet hours (9 PM to 8 AM local time). Consumers can opt out at any time.

6. Your Rights

You may request access to, correction of, or deletion of your data at any time by contacting us. Upon service cancellation, your data is retained for 90 days then permanently deleted.

7. Contact

For privacy inquiries, contact us at hello@flowchainlabs.com.