FLOWAVE Back to Home

Privacy Policy

Last updated: August 10, 2025

1. Data Controller Information

This Privacy Policy explains how FLOWAVE ("we," "our," "us," or "the Company") collects, uses, processes, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller Details:

  • • Company: FLOWAVE
  • • Email: info@flo-wave.com

Our Privacy Commitment: We practice data minimization and privacy-by-design. All audio processing occurs locally in your browser, and we collect only the minimum data necessary to provide our services.

2. Personal Data We Process and Legal Basis

2.1 Categories of Personal Data (Article 6 GDPR)

Account Data (Legal Basis: Contract Performance - Art. 6(1)(b) GDPR)

  • • Email address (for account creation and service communications)
  • • Encrypted password hash
  • • Account creation and last login timestamps
  • • Subscription status and tier

Payment Data (Legal Basis: Contract Performance - Art. 6(1)(b) GDPR)

  • • Payment method metadata (via Stripe - we don't store card details)
  • • Transaction IDs and payment status
  • • Billing country for tax purposes

Technical Data (Legal Basis: Legitimate Interest - Art. 6(1)(f) GDPR)

  • • Error logs (anonymized, no personal identifiers)
  • • Usage time tracking (for subscription limits)
  • • Browser type and version (for compatibility)

Communication Data (Legal Basis: Consent - Art. 6(1)(a) GDPR)

  • • Support ticket content and correspondence
  • • Marketing communication preferences (opt-in only)

2.2 Data We Explicitly Do NOT Collect

  • • Audio content or processed audio data
  • • Listening habits, preferences, or behavior patterns
  • • Browser history or website visits
  • • Location data or IP addresses (beyond country for tax purposes)
  • • Biometric or health data
  • • Social media profiles or third-party account data

3. Purposes of Processing and Retention

3.1 Processing Purposes

Service Provision (Contract Performance)

  • • Account creation and authentication
  • • Subscription management and access control
  • • Usage limit enforcement
  • • Technical support and troubleshooting

Legal Compliance

  • • Tax calculation and reporting
  • • Financial record keeping
  • • Consumer protection compliance

3.2 Data Retention Periods

  • Account Data: Until account deletion + 30 days
  • Payment Records: 7 years (legal requirement)
  • Support Communications: 3 years after resolution
  • Technical Logs: 90 days maximum
  • Marketing Consent: Until withdrawn or 3 years of inactivity

Privacy by Design: All audio processing occurs locally using Web Audio API. We have no technical capability to access, store, or process your audio content.

4. Chrome Extension Privacy

4.1 Permissions

Our Chrome extension requests the following permissions:

  • Active Tab: To access audio on the current webpage
  • Audio Processing: To convert audio frequencies in real-time
  • Storage: To save your preferences locally (not synced)

4.2 Local Processing

All audio frequency conversion happens within your browser using:

  • • Web Audio API for real-time processing
  • • Local storage for user preferences
  • • No server communication for audio data
  • • No cloud processing or external API calls

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except:

  • Payment Processing: Stripe processes payments (they have their own privacy policy)
  • Legal Requirements: If required by law or to protect our rights
  • Service Providers: Essential service providers under strict confidentiality agreements

6. Data Security

We implement appropriate security measures to protect your information:

  • • SSL/TLS encryption for data transmission
  • • Encrypted storage of account information
  • • Regular security audits and updates
  • • Minimal data collection reduces attack surface
  • • Local processing eliminates server-side data risks

7. Your Data Protection Rights

You have the right to:

  • • Access your personal data and receive a copy
  • • Correct inaccurate or incomplete data
  • • Request deletion of your data
  • • Object to processing based on legitimate interests
  • • Receive your data in a structured, machine-readable format

How to Exercise Your Rights

  • Email: info@flo-wave.com
  • Response Time: Within 30 days
  • No Cost: Exercising your rights is free

8. Cookies and ePrivacy Directive Compliance

8.1 Cookie Usage

Strictly Necessary Cookies (No consent required)

  • • Session authentication tokens
  • • Security and fraud prevention
  • • Load balancing and service functionality

Local Storage (Browser-based, not transmitted)

  • • User preferences and extension settings
  • • Usage time tracking (local only)
  • • Audio processing configuration

8.2 What We Don't Use

  • • Third-party analytics cookies (Google Analytics, etc.)
  • • Advertising or marketing cookies
  • • Social media tracking pixels
  • • Cross-site tracking technologies
  • • Performance or functionality cookies requiring consent

8.3 Cookie Management

You can manage cookies through your browser settings. Disabling necessary cookies may affect service functionality. We respect Do Not Track signals and browser privacy settings.

9. Third-Party Services

We integrate with these third-party services:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Chrome Web Store: Extension distribution (subject to Google's privacy policy)

These services have their own privacy policies, and we encourage you to review them.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware of such collection, we will delete the data immediately.

For users between 13-17 years, parents/guardians can exercise data protection rights on their behalf by contacting us at info@flo-wave.com.

11. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through appropriate safeguards and Standard Contractual Clauses.

  • • Payment Processing (Stripe): EU-based processing with appropriate safeguards
  • • Cloud Infrastructure: EU-based servers with data residency controls
  • • Support Systems: Data processed within the EEA when possible

12. Data Retention

We retain personal information only as long as necessary to:

  • • Provide the Service
  • • Comply with legal obligations
  • • Resolve disputes
  • • Enforce agreements

Account information is retained until you request deletion or close your account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • • Posting the new Privacy Policy on this page
  • • Updating the "Last updated" date
  • • Sending email notification for material changes

Your continued use of the Service after any changes indicates your acceptance of the new Privacy Policy.

14. Contact Information