Legal
How we collect, use and look after your information.
Last updated: May 2026
Plain-language summary
Flowtrail collects what it needs to run your account and deliver the service. The data you upload about your customers — names, contact details, job records — belongs to you. We do not sell your data or use it for advertising.
Flowtrail is operated by [Flowtrail Ltd], a company registered in England and Wales (Company No. [XXXXXXXX]), with a registered address at [Registered Address].
For personal data that relates to your own account, Flowtrail acts as a data controller under the UK GDPR. For personal data that you upload about your own customers and contacts, Flowtrail acts as a data processor on your behalf — you remain the data controller for that information.
Questions about this policy can be directed to support@flowtrail.co.uk.
Account and profile information
When you sign up, we collect your email address, name, and business name. You may also provide a phone number, logo and accent colour for your workspace. This information is used to set up and identify your account.
Billing information
Subscription payments are processed by Stripe. We do not store card numbers or payment details directly. Stripe provides us with a customer identifier and subscription status, which we use to manage your plan.
Operational and usage data
We maintain server logs and may collect operational data such as timestamps, IP addresses, and error records. This is used to maintain service reliability and diagnose issues. We may also record counts of certain usage events (such as automated actions) for plan limit tracking.
Cookies and session data
Flowtrail uses cookies to keep you signed in and maintain your session. See our Cookie Policy for details.
We use the information we hold to:
We do not use your data for advertising, profiling or sale to third parties.
Our legal basis for processing your account information is performance of a contract. For operational logging and service security, we rely on our legitimate interests. Where we send optional communications, we will rely on consent or legitimate interests as appropriate.
Flowtrail allows you to store information about your own customers — names, addresses, phone numbers, email addresses, job details, notes and financial records. You control what you enter and you remain responsible for this data under applicable data protection law.
As a data processor, we store and process this information only on your instructions (that is, to provide the Flowtrail service to you). We do not use your customer data for any purpose of our own, and we do not share it with third parties except as necessary to operate the service (for example, cloud infrastructure hosting).
You should ensure you have an appropriate basis for storing your customers' personal information within Flowtrail, and that your own privacy notice covers how you use it.
Stripe
Payment processing is handled by Stripe. When you subscribe, you interact with Stripe's checkout and payment infrastructure. Stripe is an independent data controller for the payment data you provide them. See Stripe's privacy policy.
Supabase
Authentication and database infrastructure is provided by Supabase, Inc. Your account credentials and the data stored in Flowtrail reside on Supabase-managed infrastructure. Data is stored in EU-region infrastructure where available.
Transactional email
When Flowtrail sends emails on your behalf (quote confirmations, invoices, payment reminders), those emails may be relayed through a third-party email delivery service. These services process email addresses solely to deliver the message.
Analytics
We may use basic analytics tooling to understand how the product is used and to identify areas for improvement. Any analytics we use are configured to minimise personal data collection.
We retain your account data for as long as your account is active and for a reasonable period after account closure or cancellation, to allow for billing disputes and compliance purposes.
Operational logs are retained for a limited period to assist with debugging and security review.
You can request deletion of your account and associated data by contacting support@flowtrail.co.uk. Some data may be retained for legal or billing record purposes even after deletion.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us at support@flowtrail.co.uk. We will respond within 30 days.
Flowtrail is built on cloud infrastructure with encryption in transit and at rest. Access to production systems is restricted. Authentication is handled through Supabase with secure session management.
We take reasonable technical and organisational measures to protect your data, but no online service can guarantee absolute security. You should keep your login credentials safe and contact us immediately if you suspect unauthorised access to your account.
For any questions about this policy or how we handle your data, contact us at support@flowtrail.co.uk.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
We will update this policy when our practices change. If material changes are made, we will make those changes visible within the product.