GDPR Compliant • Last updated: January 20, 2026

Privacy Policy

How Flowen collects, uses, and protects your data

1. Introduction

Industrinät AB (org.nr: 556886-5835) ("we", "us", "our") operates Flowen, a business management platform. We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Swedish data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Flowen.

2. Data Controller

Company: Industrinät AB

Organization number: 556886-5835

Address: Gothenburg, Sweden

Contact: privacy@flowen.eu

DPO: Daniel Olsson (daniel@flowen.eu)

3. Information We Collect

3.1 Account Information

  • Email address (required for account creation)
  • Name and contact information
  • Company/organization details
  • Password (stored as encrypted hash)

3.2 Business Data

  • CRM data (contacts, companies, relationships)
  • Quotes, orders, invoices, and project information
  • Files and documents you upload
  • Email communications (when using email integration)
  • Calendar events (when using calendar integration)
  • Task and project management data

3.3 Technical Data

  • IP address and browser information
  • Device type and operating system
  • Login timestamps and activity logs
  • Cookies and session data (see Cookie Policy below)

3.4 Usage Analytics

  • Feature usage statistics (aggregated)
  • Performance metrics
  • Error logs for debugging

4. Legal Basis for Processing

4.1 Contract Performance: We process your data to provide the Flowen service as per our Terms of Service.

4.2 Consent: For marketing communications, we rely on your explicit consent which you can withdraw at any time.

4.3 Legitimate Interests: We process data to improve our service, prevent fraud, and maintain security.

4.4 Legal Obligations: We retain certain data to comply with accounting, tax, and other legal requirements.

5. How We Use Your Data

  • Service Delivery: To provide access to Flowen and its features
  • Communication: To respond to support requests and send service notifications
  • Billing: To process payments and send invoices
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Improvements: To analyze usage patterns and improve our platform
  • Marketing: To send product updates and tips (only with your consent)
  • Legal Compliance: To comply with applicable laws and regulations

6. Data Storage and Security

Security Measures

  • Encryption: All files encrypted with AES-256-GCM at rest
  • Transport Security: SSL/TLS encryption for all data in transit
  • Database Security: PostgreSQL with encrypted connections and regular backups
  • Access Control: Role-based access control and multi-factor authentication
  • Server Security: Regular security updates and monitoring
  • Backups: Daily automated backups stored securely

6.1 Data Location: All data is stored on EU servers (OVH, Sweden/France). Your data never leaves the European Union.

6.2 Server Infrastructure: OVH data centers in Sweden and France, ISO 27001 certified facilities.

6.3 Data Retention: See section 9 below.

7. Third-Party Services and Data Processors

We use the following third-party services as data processors. All processors are GDPR-compliant and have signed Data Processing Agreements (DPAs):

Hosting & Infrastructure

OVH (France/Sweden): Server hosting, database storage

Data location: EU only

AI Services

Mistral AI (France): AI chat support and document processing

Data location: EU only, GDPR compliant

Vector Database

Qdrant (self-hosted): Document search and AI knowledge base

Hosted on our own EU servers

Email Services

Microsoft Graph API: Email integration (when enabled by user)

Microsoft 365 Business Standard, EU data residency

Accounting Integration

Fortnox AB (Sweden): Accounting synchronization (when enabled)

Swedish company, GDPR compliant

Real-time Communication

Soketi (self-hosted): WebSocket server for real-time chat

Hosted on our own EU servers

Video Conferencing (Optional)

Jitsi (planned): Video calls (when enabled)

Self-hosted on EU servers

Analytics

Google Tag Manager: Website analytics (anonymized)

IP anonymization enabled, cookieless tracking

Important: We never share your data with third parties for marketing purposes. All third-party services are strictly used to provide and improve our service.

8. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal data. We only share data in these limited circumstances:

  • With Your Consent: When you explicitly authorize data sharing (e.g., Fortnox integration)
  • Service Providers: With data processors listed above, under strict DPAs
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or asset sale (with notice to you)
  • Protection of Rights: To protect our rights, safety, or property, or that of our users

9. Data Retention

9.1 Active Accounts: We retain your data as long as your account is active or as needed to provide services.

9.2 Deleted Accounts: After account deletion, your data becomes read-only for 90 days (to allow recovery), then permanently deleted.

9.3 Legal Requirements: Some data (invoices, accounting records) must be retained for 7 years per Swedish law (Bokföringslagen).

9.4 Backups: Deleted data is purged from backups within 30 days.

9.5 Marketing Data: If you opt out of marketing, your email is removed from marketing lists within 48 hours.

10. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements).

Right to Data Portability

Receive your data in a machine-readable format (JSON, CSV, Excel).

Right to Restriction

Limit how we process your data in certain circumstances.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent for marketing or optional data processing at any time.

Right to Lodge a Complaint

File a complaint with your local data protection authority (in Sweden: Integritetsskyddsmyndigheten).

To exercise your rights: Email us at privacy@flowen.eu. We will respond within 30 days as required by GDPR.

11. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for login, session management, and security
  • Analytics Cookies: Google Tag Manager for anonymized usage statistics (you can opt out)
  • Preference Cookies: Remember your language, theme, and settings

You can manage cookie preferences through your browser settings. Blocking essential cookies may prevent you from using Flowen.

12. International Data Transfers

Your data stays in the EU. All data processing occurs within the European Union on servers located in Sweden and France. We do not transfer data outside the EU/EEA. If future services require transfers, we will implement Standard Contractual Clauses (SCCs) and notify you in advance.

13. Children's Privacy

Flowen is a business platform intended for users aged 18 and older. We do not knowingly collect data from children under 18. If we become aware of such data, we will delete it immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email at least 30 days before taking effect. The "Last Updated" date at the top will reflect the latest version. Continued use of Flowen after changes constitutes acceptance.

15. Contact Us

For privacy questions, data requests, or to exercise your GDPR rights:

Privacy Email: privacy@flowen.eu

General Contact: info@flowen.eu

Phone: +46 31 788 45 12

Data Protection Officer: Daniel Olsson (daniel@flowen.eu)

Response Time: Within 30 days as required by GDPR

Swedish Data Protection Authority

If you are not satisfied with our response, you have the right to lodge a complaint with:

Integritetsskyddsmyndigheten (IMY)

Box 8114, 104 20 Stockholm, Sweden

Website: www.imy.se

Email: imy@imy.se

Also see our Terms of Service

Questions? Contact us at privacy@flowen.eu