Privacy Policy

Flowmo is a business automation agency that helps small businesses streamline their manual operations. This Privacy Policy explains how we collect, use, and protect information when you use our services or visit our website.

Flowmo integrates with third-party services — including Google Workspace (Gmail, Google Sheets, Google Docs), accounting platforms (such as Xero), CRM systems, e-commerce platforms (such as Shopify), communication tools, and other business software — to provide automation services for our clients.

When connecting to these platforms via their APIs, Flowmo accesses data solely for the purpose of automating internal business and operational workflows on behalf of authorized clients.

Data accessed from integrated platforms is used exclusively for the workflow function the client has enabled, is stored securely, and is never shared with or sold to third parties.

Flowmo's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide or improve the specific user-facing workflow feature for which it was obtained, and for no other purpose.

We do not use Google user data to serve advertisements, do not allow humans to read your Google data except where you give us explicit permission or it is necessary for security purposes, and do not use or transfer Google user data for any purpose not described in this policy.

The following Google APIs are used by Flowmo, and the data accessed is described below:

Google Sheets API (scope: spreadsheets) — We access spreadsheets that you explicitly specify in your workflow configuration. We read existing row data in those spreadsheets solely to detect duplicates and avoid overwriting records. We write new rows containing the structured output of your enabled automation (for example: business data, contact records, or other structured outputs produced by your configured workflow). No spreadsheet data outside the specified range is read or stored.

Gmail API (scope: gmail.readonly) — We access the subject line, sender address, and message body of incoming emails in your connected Gmail account, solely to identify emails that match the trigger conditions of your enabled automation. Emails that do not match the trigger condition are discarded immediately and never stored.

Google Docs API (scope: documents.readonly) — We read the text content of a specific Google Doc that you provide as a template in your workflow configuration. The content is used only as input for generating automation output. No document content is stored beyond the duration of a single workflow run.

Data accessed from Google APIs is processed in-memory on secure cloud infrastructure and is not persisted to our databases, transmitted to any third party, or used for any purpose beyond the specific workflow function you have enabled.

OAuth access tokens and refresh tokens issued by Google are the only Google-related data we store persistently. These tokens are encrypted at rest using AES-256-GCM before being written to our database, and are decrypted only at the time a workflow run requires them.

Google user data accessed during a workflow run (spreadsheet contents, email bodies, document text) is processed entirely in-memory and is not written to any database or log system.

OAuth tokens are retained only for as long as you maintain the Google integration in the Flowmo portal. When you disconnect your Google integration, all stored tokens are permanently deleted from our systems.

To request deletion of your data at any time, contact us at the address listed in the Contact section. We will action all deletion requests within 30 days.

We collect information necessary to provide our automation services, which may include business data from connected integrations, contact information, and usage data.

All data is used solely for delivering and improving our services for authorized clients.

We do not sell, rent, or share your data with third parties for marketing purposes.

We implement industry-standard security measures to protect your data in compliance with the Protection of Personal Information Act (POPIA), Act 4 of 2013.

All OAuth credentials and API tokens are encrypted at rest using AES-256-GCM encryption. Access to client data is limited to authorized personnel and systems required to deliver our services, as required under POPIA's security safeguards provisions.

Data is stored securely and handled in accordance with POPIA and the Electronic Communications and Transactions Act (ECTA), Act 25 of 2002.

We retain data only for as long as necessary to provide our services or as required by South African law, including POPIA's retention limitation principles.

Integration credentials (such as OAuth tokens) are deleted immediately upon disconnection of the relevant integration. Upon termination of services, all client data will be deleted or de-identified in accordance with POPIA requirements.

You may request access to, correction of, or deletion of your data at any time by contacting us.

We will respond to such requests within a reasonable timeframe.

If you have questions about this Privacy Policy or our data practices, please contact us at info@flowmo.co.za.