Last updated: March 2, 2026 · Effective: March 2, 2026
FlowOps Inc. ("FlowOps", "we", "us", or "our") is committed to protecting the personal information of our customers and their users. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64), and other applicable Canadian privacy laws.
By using the FlowOps platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the service.
We collect personal information that is necessary to provide the FlowOps service. This includes:
Account information: Name, email address, phone number, and job title of users registered by your organization.
Company information: Organization name, billing address, industry type, and company logo.
Work order data: Issue descriptions, location details, photos, attachments, voice notes, and comments entered by your team.
Vendor contact information: Names, email addresses, and phone numbers of external vendors your organization works with.
Usage data: Log data, IP addresses, browser type, pages visited, and session activity collected automatically when you use the service.
Payment information: Billing name, address, and payment method (processed directly by Stripe — FlowOps does not store card numbers).
We collect only the minimum information required to deliver and support the service. We do not collect sensitive personal information (health records, financial account numbers, government ID numbers) unless explicitly required for a specific feature you have enabled.
We use the personal information we collect to:
Provide, operate, and improve the FlowOps platform and its features.
Send work order notifications, assignments, and alerts to your team and vendors via email, SMS, and push notifications.
Authenticate users and enforce role-based access controls within your organization.
Process payments and manage subscriptions.
Provide customer support and respond to inquiries.
Generate analytics and reports within your account (e.g. maintenance performance, vendor response times).
Comply with legal obligations and enforce our Terms of Service.
Detect, investigate, and prevent security incidents or fraudulent activity.
We do not sell personal information. We do not use your data for advertising purposes, and we do not share it with third parties except as described in this policy.
To deliver the FlowOps service, we share limited personal information with trusted third-party service providers who process data on our behalf. Each subprocessor is bound by contractual data protection obligations.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database & authentication | All account and work order data | United States (AWS us-east-1) |
| Stripe | Payment processing | Billing name, address, payment method | United States |
| SendGrid (Twilio) | Transactional email delivery | Email addresses, notification content | United States |
| Twilio / MessageBird | SMS notifications | Phone numbers, SMS message content | United States / Netherlands |
| OpenAI | AI features (voice transcription, automation) | Voice note audio, work order text (anonymized) | United States |
| Vercel | Application hosting & CDN | Web traffic, log data, IP addresses | United States / Global CDN |
FlowOps currently stores data on infrastructure located in the United States (AWS us-east-1 via Supabase). By using the service, your organization consents to the transfer and processing of data outside Canada.
Organizations subject to data residency requirements (Canadian federal or provincial government, healthcare, or regulated industries) should contact us at privacy@flowops.com to discuss options. Canadian data residency is available on our Enterprise plan.
We retain personal information for as long as your account is active or as needed to provide the service. Specific retention periods:
Audit logs: 30 days (Basic), 1 year (Professional), unlimited (Enterprise).
Work order data, assets, and attachments: Retained for the duration of your subscription. On cancellation, data is available for export for 30 days, then deleted.
Voice note audio: Deleted after transcription is complete. Transcripts are retained as work order data.
Billing records: Retained for 7 years to comply with Canadian tax law.
Server and access logs: Retained for 90 days for security purposes.
As an individual whose personal information we hold, you have the right to:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Withdrawal of consent: Withdraw consent to certain processing activities where consent is the legal basis. Note that withdrawing consent may affect your ability to use parts of the service.
Deletion: Request deletion of your personal information, subject to legal retention obligations.
Portability: Request your account data in a machine-readable format (CSV export available directly in the platform).
To exercise any of these rights, contact us at privacy@flowops.com. We will respond within 30 days. We may require identity verification before processing certain requests.
If you are a resident of Quebec, you have additional rights under Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), including:
Right to de-indexing: The right to request that we stop disseminating your personal information or de-index it from any technology allowing it to be associated with your name (Article 28).
Right to withdraw consent: The right to withdraw consent at any time, with effect for the future (Article 11).
Automated decision-making: FlowOps uses AI to suggest vendor assignments and work order prioritization. These are recommendations only — all final decisions are made by your team. You can request information about the logic used by contacting us.
For Quebec-specific privacy inquiries, please contact our Privacy Officer at privacy@flowops.com.
We implement appropriate technical and organizational safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include TLS 1.2+ encryption in transit, AES-256 encryption at rest, row-level database security, role-based access controls, and audit logging. See our Security page for details.
Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of data transmitted to or from the service.
In the event of a security breach involving personal information that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) as required by PIPEDA. We aim to notify within 72 hours of becoming aware of a qualifying breach.
We maintain a record of all security breaches, regardless of whether notification is required, as mandated by PIPEDA.
FlowOps uses essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. We may use privacy-respecting analytics to understand aggregate usage patterns and improve the service. No personal information is shared with analytics providers.
The FlowOps service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us at privacy@flowops.com.
We may update this Privacy Policy from time to time. We will notify existing customers of material changes by email at least 30 days before the change takes effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.
For privacy questions, requests, or complaints, contact our Privacy Officer:
Email: privacy@flowops.com
Subject line: Privacy Request — [your name]
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca, or with the Commission d'accès à l'information (CAI) for Quebec matters.