← Floow AI

Privacy Policy

Effective date: June 1, 2026

This Privacy Policy explains how Floow AI ("we", "us") collects, uses, and protects your personal data when you use our Service. We comply with the EU General Data Protection Regulation (GDPR) and the Spanish LOPDGDD.

1. Data Controller

The data controller responsible for the processing of your personal data is:

  • Entity: Floow Videos SL
  • VAT / Tax ID: B12248643
  • Registered address: Calle San pablo, Madrid
  • Email: privacy@floowvideos.com

2. Data We Collect

  • Account data: email address, name, password hash (via Supabase Auth).
  • Billing data: subscription status, payment method token (stored securely by Stripe — we never store raw card numbers).
  • Usage data: videos generated, token usage, session metadata.
  • Content you upload: product images, scripts, reference audio.
  • Technical data: IP address, browser type, referrer, error logs (Sentry).

3. How We Use Your Data

  • To provide and improve the Service.
  • To process payments and manage subscriptions.
  • To send transactional emails (video ready, billing alerts).
  • To detect and prevent fraud and abuse.
  • To comply with legal obligations.

4. Legal Basis for Processing (GDPR)

  • Contract performance: processing necessary to provide the Service.
  • Legitimate interests: fraud prevention, security, product analytics.
  • Legal obligation: tax records, law-enforcement requests.
  • Consent: marketing emails (you can withdraw at any time).

5. Data Retention

We retain your account data as long as your account is active. Generated videos are stored for 90 days after generation, after which they are automatically deleted. You may request deletion at any time (see Section 7).

6. Data Sharing

We share data only with:

  • Supabase — database, auth, and object storage (EU region).
  • Stripe — payment processing.
  • BytePlus / WaveSpeed — AI video generation (video prompts and reference images are sent to these providers).
  • ElevenLabs — text-to-speech audio generation.
  • Resend — transactional email delivery.
  • Sentry — error monitoring (no PII in error events beyond email for user identification).

We do not sell your data to third parties.

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data — export available in account settings.
  • Rectification — update your data in account settings.
  • Erasure ("right to be forgotten") — request account deletion from account settings or by emailing privacy@floowvideos.com.
  • Portability — download your data in machine-readable format from account settings.
  • Object to processing based on legitimate interests.

To exercise these rights, email privacy@floowvideos.com. We will respond within 30 days.

8. Cookies

We use essential session cookies (required for login) and optional analytics cookies. See our Cookie Policy.

9. Security

We use encryption in transit (HTTPS/TLS), at-rest encryption for stored assets, and access controls limiting data access to authorized personnel. No system is 100% secure; if you discover a vulnerability, please contact security@floowvideos.com.

10. Children

The Service is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.

11. Changes

We may update this policy and will notify you by email at least 14 days before material changes take effect.

12. Contact

Privacy enquiries: privacy@floowvideos.com.