Log inTell us about your workflow
GDPR Compliance

Data Protection & Privacy Rights

Flowwixa is fully committed to compliance with the General Data Protection Regulation (GDPR) and other global privacy laws. Your privacy is a fundamental right.

Our Commitment to GDPR

The General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, is the world's strongest data protection law. It strengthens privacy rights for individuals within the European Union (EU) and European Economic Area (EEA).

Flowwixa fully embraces GDPR principles and has implemented comprehensive technical and organizational measures to ensure compliance. We process personal data lawfully, transparently, and only for specified purposes.

Our Roles Under GDPR

  • Data Controller: For data we collect directly (account info, billing, usage analytics)
  • Data Processor: For data processed through your automations (customer records, CRM data, etc.)

Your Rights as a Data Subject

Under GDPR, you have comprehensive rights regarding your personal data. We make it easy to exercise these rights:

βœ… Right to Access

Request a copy of all personal data we hold about you. We provide this in a machine-readable format (JSON/CSV) within 30 days.

✏️ Right to Rectification

Correct any inaccurate or incomplete personal information. You can update most data directly in your account dashboard.

πŸ—‘οΈ Right to Erasure

Request deletion of your personal data ("Right to be Forgotten"). We delete your data within 30 days, except where legal retention is required.

πŸ“¦ Right to Data Portability

Receive your data in a structured, commonly used format (JSON/CSV) to transfer to another service provider.

β›” Right to Restriction

Request that we limit processing of your data in certain circumstances (e.g., while disputing data accuracy).

🚫 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling grounds.

πŸ”„ Right to Withdraw Consent

Withdraw consent for data processing at any time where consent was the legal basis (e.g., marketing emails).

πŸ›οΈ Right to Lodge a Complaint

File a complaint with your local Data Protection Authority if you believe we've violated your privacy rights.

How to Exercise Your Rights

To make a GDPR data subject request, contact us at:

Email: gdpr@flowwixa.com
Response Time: Within 30 days (may extend to 60 days for complex requests)
Verification: We may ask for identity verification to prevent unauthorized access

Legal Basis for Processing

We process your personal data only when we have a lawful basis:

  • Contractual Necessity: Processing required to deliver our automation services (e.g., building workflows, monitoring execution)
  • Legitimate Interests: Improving our platform, preventing fraud, conducting analytics (balanced against your rights)
  • Legal Obligation: Complying with tax laws, financial regulations, or legal requests
  • Consent: Marketing communications, optional analytics, or third-party integrations you authorize

Data Processing Addendum (DPA)

For customers who are Data Controllers processing personal data of EU residents through our automations, we offer a comprehensive Data Processing Addendum (DPA).

Our DPA Includes:

  • βœ… Standard Contractual Clauses (SCCs) for international data transfers
  • βœ… Security obligations and audit rights
  • βœ… Sub-processor list and notification procedures
  • βœ… Data breach notification protocols (within 72 hours)
  • βœ… Data deletion and return procedures upon termination
  • βœ… Assistance with Data Subject Access Requests (DSARs)

Request our DPA: Email legal@flowwixa.com or download the standard DPA template from your account settings (Enterprise plans).

International Data Transfers

Flowwixa is headquartered in the United States. When you use our services from the EU/EEA, your data may be transferred to and processed in the US. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU Commission-approved transfer mechanisms
  • Data Residency Options: EU customers can request data storage in our Frankfurt, Germany servers
  • Adequacy Decisions: Where applicable, we rely on EU Commission adequacy decisions for certain countries
  • Additional Safeguards: Encryption, access controls, and technical measures to protect transferred data

Sub-Processors

We engage trusted third-party service providers ("sub-processors") to help deliver our services. We ensure all sub-processors are bound by strict data protection obligations consistent with GDPR.

Current Sub-Processors:

Amazon Web Services (AWS)

Cloud hosting and infrastructure

πŸ‡ΊπŸ‡Έ USA / πŸ‡©πŸ‡ͺ Germany

Stripe, Inc.

Payment processing

πŸ‡ΊπŸ‡Έ USA

Make.com (Celonis)

Automation platform

πŸ‡¨πŸ‡Ώ Czech Republic

Google LLC

Email, analytics, workspace tools

πŸ‡ΊπŸ‡Έ USA

Datadog, Inc.

Security monitoring and logging

πŸ‡ΊπŸ‡Έ USA

Sub-Processor Changes: We will notify you at least 30 days before adding new sub-processors. You may object if the change substantially impacts data protection. View our complete sub-processor list in your account settings or request it via email.

Data Breach Procedures

In the unlikely event of a personal data breach, we follow strict notification procedures:

  • Internal Detection: 24/7 security monitoring alerts our incident response team
  • Assessment: Severity, scope, and affected data subjects are immediately evaluated
  • Supervisory Authority Notification: High-risk breaches reported to relevant DPA within 72 hours
  • Customer Notification: Affected customers notified within 72 hours with details of the breach and mitigation steps
  • Data Subject Notification: Individuals notified without undue delay if high risk to their rights and freedoms
  • Documentation: All breaches logged with facts, effects, and remedial actions taken

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, such as introducing new technologies or significantly changing our data processing methods. Enterprise customers may request copies of relevant DPIAs.

Contact Our Data Protection Officer

For GDPR-related inquiries, requests, or complaints, contact our Data Protection Officer:

Flowwixa Data Protection Officer

Email: dpo@flowwixa.com

Postal Address: Flowwixa Inc., Attn: DPO, 123 Automation Ave, Suite 500, San Francisco, CA 94105, USA

EU Representative: For EU-specific inquiries, contact eu-rep@flowwixa.com

Supervisory Authority: If we cannot resolve your concern, you may lodge a complaint with your local Data Protection Authority or the Irish Data Protection Commission (our lead supervisory authority in the EU).

GDPR Resources

Data Processing Addendum

Download our standard DPA with Standard Contractual Clauses.

Request DPA β†’

Privacy Policy

Read our full Privacy Policy detailing how we collect and use data.

View Policy β†’

Data Subject Requests

Exercise your GDPR rights: access, delete, or port your data.

Submit Request β†’