1. INTRODUCTION
Flowcraft AI ("Flowcraft," "we," "us," or "our") respects your privacy and is committed to protecting your personal information through compliance with this Privacy Policy.
This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you:
Visit our website at flowcraft.qa
Use our AI-powered lead reactivation and sales automation services
Communicate with us via email, phone, or other channels
Interact with our systems, platforms, and tools
By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with these terms, please do not use our services.
1.1 Our Role as Data Controller and Processor
Flowcraft AI acts in different capacities depending on the data being processed:
As a Data Controller: For information about our direct clients, website visitors, and prospects who engage with our marketing and sales processes
As a Data Processor: For end-customer data that our clients collect and manage through our automation services. In this capacity, we process data only according to our clients' instructions under a Data Processing Agreement (DPA)
2. CONTACT INFORMATION
Flowcraft AI
Based in: Doha, Qatar
Email: [email protected]
Website: https://flowcraft.qa
Privacy Compliance Officer: Willem Petrus Els
For privacy-related inquiries, data subject requests, or complaints, please contact us at the email address above.
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
We collect information that you voluntarily provide when you:
Inquire about our services: Name, email address, phone number, company name, job title, industry
Schedule discovery calls: Calendar information, time zone, contact preferences
Engage our services: Business contact details, billing information, payment details, company size, revenue data
Communicate with us: Any information included in emails, messages, support tickets, or phone calls
Subscribe to our content: Email address, communication preferences, areas of interest
3.2 Information We Collect Automatically
When you visit our website or use our services, we automatically collect:
Technical Information: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, time spent on pages
Cookies and Similar Technologies: Session identifiers, analytics cookies, preference cookies (see Section 6 for details)
Usage Data: How you interact with our platform, features used, click patterns, navigation paths
3.3 Information We Collect from Third Parties
Lead Data Sources: We obtain business contact information from publicly available sources, professional networking platforms (LinkedIn), business directories, and licensed B2B data providers
CRM and Integration Data: Information synchronized from platforms our clients integrate with our services (GoHighLevel, email service providers, calendar systems)
Verification Services: Email verification, phone validation, and data enrichment services to ensure accuracy
3.4 Information We Process on Behalf of Our Clients (Client Customer Data)
When providing our AI lead reactivation and sales automation services, we process personal data on behalf of our clients, which may include:
Contact information (names, email addresses, phone numbers) of their leads and customers
Communication history and engagement data
Purchase history, service requests, and account information
Any other data our clients choose to input into our systems
Important: For this category of data, our clients are the data controllers, and we act solely as a data processor. Our use of this data is governed by our Data Processing Agreement with each client.
4. HOW WE USE YOUR INFORMATION
4.1 Legal Bases for Processing (GDPR)
We process personal data under the following legal bases:
Consent: When you have given explicit consent for specific processing activities
Contract Performance: To fulfill our contractual obligations to provide services
Legitimate Interests: For our business operations, marketing, and service improvement, where not overridden by your rights
Legal Obligations: To comply with applicable laws and regulations
Vital Interests: In rare cases, to protect someone's life or physical safety
4.2 Purposes of Processing
We use your information for the following purposes:
Service Delivery:
Providing AI-powered lead reactivation services
Implementing sales automation systems
Conducting sales audits and assessments
Managing client relationships and accounts
Processing payments and invoicing
Providing customer support
Communication:
Responding to inquiries and support requests
Sending service updates and notifications
Scheduling and conducting discovery calls
Delivering requested information about our services
Marketing and Business Development:
Sending promotional content about our services (with consent or legitimate interest)
Creating personalized outreach campaigns
Analyzing market trends and customer needs
Developing case studies and testimonials (with explicit consent)
Analytics and Improvement:
Understanding how our services are used
Improving our AI models and automation workflows
Conducting A/B testing and performance analysis
Generating aggregated, anonymized reports
Legal and Security:
Preventing fraud and unauthorized access
Enforcing our terms of service
Complying with legal obligations
Protecting our rights and property
5. DATA SHARING AND DISCLOSURE
We do not sell your personal information. We share your information only in the following circumstances:
5.1 Service Providers and Subprocessors
We engage third-party service providers who process data on our behalf:
CRM and Automation Platforms: GoHighLevel (CRM and automation workflows)
Email Service Providers: Mailgun (transactional and marketing emails)
Communication Platforms: LinkedIn (B2B prospecting and outreach)
Payment Processors: [Your payment processor] (billing and payment processing)
Cloud Infrastructure: [Your hosting provider] (data storage and hosting)
Analytics Services: Website analytics and performance monitoring tools
AI Services: Third-party AI and machine learning APIs for automation features
All service providers are bound by contractual obligations to protect your data and use it only for specified purposes.
5.2 Business Transfers
If Flowcraft AI is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5.3 Legal Requirements
We may disclose your information when required by law or in response to:
Valid legal processes (subpoenas, court orders, regulatory requests)
Requests from law enforcement or government authorities
Protection of our rights, safety, or property
Emergency situations involving potential harm
5.4 With Your Consent
We may share your information with third parties when you have given explicit consent for such sharing.
6. COOKIES AND TRACKING TECHNOLOGIES
6.1 Types of Cookies We Use
Essential Cookies: Required for website functionality, authentication, and security
Analytics Cookies: Help us understand website usage and performance (e.g., Google Analytics)
Marketing Cookies: Track your interactions with our marketing content and campaigns
Preference Cookies: Remember your settings and preferences
6.2 Cookie Management
You can control cookie preferences through:
Your browser settings (most browsers allow you to refuse cookies)
Our cookie consent banner (where applicable)
Opt-out mechanisms provided by third-party services
Note that disabling certain cookies may limit website functionality.
6.3 Do Not Track Signals
We currently do not respond to "Do Not Track" browser signals, but you can manage tracking through cookie settings and third-party opt-out tools.
7. DATA RETENTION
7.1 Retention Periods
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Client Data: Duration of client relationship plus 7 years (for financial and legal compliance)
Marketing Contacts: Until you opt out or request deletion, or after 3 years of inactivity
Website Visitors: Analytics data retained for 26 months
Support Communications: 3 years from last interaction
Legal and Accounting Records: As required by applicable law (typically 7-10 years)
7.2 Client Customer Data (As Processor)
For data we process on behalf of clients, retention is determined by our clients' instructions and their own data retention policies. We delete or return this data upon contract termination or client request.
7.3 Automated Deletion
We implement automated processes to delete or anonymize data when retention periods expire, ensuring we do not store information longer than necessary.
8. DATA SECURITY
8.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal information:
Technical Safeguards:
Encryption of data in transit (TLS/SSL) and at rest
Secure authentication and access controls
Regular security assessments and penetration testing
Automated backup systems
Intrusion detection and prevention systems
Organizational Safeguards:
Employee training on data protection and privacy
Strict access controls based on role and necessity
Confidentiality agreements with all personnel
Incident response procedures and data breach protocols
Regular review and updating of security policies
8.2 Data Breach Notification
In the event of a data breach affecting your personal information, we will:
Notify affected individuals within 72 hours of discovery (as required by GDPR)
Notify relevant supervisory authorities as required by law
Provide information about the nature of the breach and remedial actions
Take immediate steps to contain and remediate the breach
8.3 Limitations
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee absolute security.
9. YOUR PRIVACY RIGHTS
9.1 Rights for All Users
Regardless of location, you have the right to:
Access: Request information about what personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to legal obligations)
Opt-Out: Unsubscribe from marketing communications at any time
Object: Object to certain processing activities
Complaint: Lodge a complaint with a supervisory authority
9.2 Additional Rights for EU/EEA/UK Residents (GDPR/UK GDPR)
Under GDPR and UK GDPR, you have additional rights:
Right to Restriction: Request that we restrict processing of your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object to Automated Decisions: Object to decisions based solely on automated processing, including profiling
Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)
EU Representative: [If required based on your processing activities]
9.3 California Residents (CCPA/CPRA)
California residents have the right to:
Know: What personal information we collect, use, disclose, and sell
Delete: Request deletion of personal information (subject to exceptions)
Opt-Out: Opt out of the sale or sharing of personal information (Note: We do not sell personal information)
Correct: Request correction of inaccurate personal information
Limit Use of Sensitive Personal Information: Where applicable
Non-Discrimination: Not be discriminated against for exercising privacy rights
Authorized Agents: California residents may designate an authorized agent to make requests on their behalf.
9.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: [Your Contact Email]
Subject Line: "Data Subject Request - [Your Request Type]"
We will respond to verified requests within:
30 days for GDPR requests
45 days for CCPA requests (with possible 45-day extension)
We may require additional information to verify your identity before processing your request.
10. INTERNATIONAL DATA TRANSFERS
10.1 Data Transfer Mechanisms
Flowcraft AI is based in Qatar. If you are located in the EU/EEA, UK, or other jurisdictions with data transfer restrictions, your personal information may be transferred to and processed in Qatar or other countries that may not provide the same level of data protection as your home jurisdiction.
We implement appropriate safeguards for international transfers:
Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for transfers from the EU/EEA
UK Addendum: For transfers from the UK
Supplementary Measures: Additional technical and organizational measures where required
Adequacy Decisions: Reliance on adequacy decisions where available
10.2 Client Data Transfers
For data we process on behalf of clients, international transfers are covered by our Data Processing Agreement and appropriate transfer mechanisms.
11. CHILDREN'S PRIVACY
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a child, we will delete it immediately. If you believe we have collected information from a child, please contact us.
12. THIRD-PARTY LINKS AND SERVICES
Our website and services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.
13. AI AND AUTOMATED DECISION-MAKING
13.1 AI Processing Disclosure
Our services use artificial intelligence and machine learning technologies to:
Analyze lead data and engagement patterns
Generate personalized outreach messages
Score and prioritize leads
Automate follow-up sequences
Predict conversion likelihood
13.2 Human Oversight
While our AI systems assist in decision-making, significant decisions that affect individuals (such as whether to engage with a lead) are made by our clients or their teams, not solely by automated systems. You have the right to request human review of automated decisions that significantly affect you.
13.3 Transparency and Fairness
We are committed to ensuring our AI systems:
Are trained on representative, non-biased datasets where possible
Undergo regular testing for bias and accuracy
Are used in compliance with applicable AI regulations and ethical standards
Include appropriate human oversight mechanisms
14. MARKETING COMMUNICATIONS
14.1 Consent and Opt-In
We send marketing communications only to:
Individuals who have provided explicit consent
Existing clients (soft opt-in for similar services)
Business contacts where we have a legitimate interest (B2B marketing in compliance with applicable laws)
14.2 Unsubscribe and Opt-Out
Every marketing email includes an unsubscribe link. You may also opt out by:
Clicking the unsubscribe link in any marketing email
Contacting us directly at [Your Contact Email]
Adjusting your communication preferences in your account settings
We will process opt-out requests within 10 business days.
15. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you via email (for clients and active users)
Post a notice on our website
Obtain new consent where required by law
We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.
16. DATA PROTECTION OFFICER
For organizations processing large volumes of EU/EEA personal data, a Data Protection Officer (DPO) may be required.
Data Protection Officer: [Name, if appointed]
DPO Contact: [DPO Email, if applicable]
17. SUPERVISORY AUTHORITIES
If you are located in the EU/EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:
EU/EEA: Find your data protection authority at https://edpb.europa.eu/about-edpb/board/members_en
UK: Information Commissioner's Office (ICO) - https://ico.org.uk
California: California Attorney General's Office - https://oag.ca.gov/privacy
18. SPECIFIC JURISDICTIONAL PROVISIONS
18.1 Qatar Data Protection Law
As a Qatar-based entity, we comply with Qatar's data protection regulations and the Qatar Financial Centre Data Protection Regulations where applicable.
18.2 Australian Privacy Act
For Australian residents, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988.
18.3 Canadian PIPEDA
For Canadian residents, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
19. CONSENT
By using our services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. Where required by law, we will obtain your explicit, informed consent before processing your personal data for specific purposes.
You may withdraw your consent at any time by contacting us, though this will not affect the lawfulness of processing based on consent before its withdrawal.
20. DEFINITIONS
Personal Information/Personal Data: Information that identifies, relates to, or could reasonably be linked with a particular individual or household.
Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: An entity that processes personal data on behalf of a data controller.
Data Subject: An identifiable individual whose personal data is being processed.
21. ACKNOWLEDGMENT
By accessing or using Flowcraft AI's services, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at [Your Contact Email].
Flowcraft AI
Doha, Qatar
https://flowcraft.qa
Last Updated: April 20, 2026
This Privacy Policy is effective as of the date stated above and applies to all information collected by Flowcraft AI.