Privacy Policy

Last updated: February 16, 2026

1. Information We Collect

FlowAudit is operated by JLLS Holdings LLC, a Tennessee limited liability company. When you use FlowAudit, we collect the following information:

• Quiz responses — your answers to the automation readiness assessment, including industry, team size, revenue range, and operational details.
• Email address — provided voluntarily to receive your report.
• Payment information — processed securely by Stripe. We do not store credit card numbers.

2. How We Use Your Information

• Generate your free and/or Pro automation readiness report.
• Send your report via email.
• Process payments for the Pro Report.
• Send occasional automation tips and product updates (you can unsubscribe at any time).
• Store anonymized usage events — such as quiz starts, quiz completions, and page views — for service improvement and analytics. These events are not linked to your identity.

3. Third-Party Services

We use the following third-party services to operate FlowAudit:

• Supabase — database hosting (your quiz data and reports are stored securely). Supabase Privacy Policy.
• Stripe — payment processing. Stripe's privacy policy applies to payment data. Stripe Privacy Policy.
• Anthropic (Claude AI) — generates your report based on your quiz answers. Your answers are sent to the API for analysis but are not used to train AI models. Anthropic Privacy Policy.
• Resend — email delivery service. Resend Privacy Policy.
• Vercel — application hosting. Vercel Privacy Policy.

4. Data Retention

We retain your quiz data and reports indefinitely so you can access them at any time. You may request deletion of your data by contacting us at the email below.

5. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), secure database access, and server-side-only API keys. Payment data is handled entirely by Stripe and never touches our servers.

6. Your Rights

You have the right to:

• Request a copy of data we hold about you.
• Request deletion of your data.
• Unsubscribe from marketing emails at any time.

6a. GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Consent — for marketing communications and optional email capture.
• Contract — to fulfill your Pro Report purchase and deliver the service you requested.
• Legitimate interest — for service improvement, analytics, and fraud prevention.

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Portability — receive your data in a structured, machine-readable format.
• Restriction — request that we limit processing of your data.
• Object — object to processing based on legitimate interest.

We do not currently appoint a Data Protection Authority (DPA) representative, but we will respond to all requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local EU supervisory authority. To exercise any of these rights, contact us at privacy@getflowaudit.com.

6b. CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete — request deletion of your personal information.
• Right to opt-out — opt out of the sale of your personal information.
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

We do not sell personal information. To exercise your CCPA rights, email us at privacy@getflowaudit.com.

6c. Children's Privacy

FlowAudit is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at privacy@getflowaudit.com and we will promptly delete the information.

7. Cookies & Local Storage

FlowAudit does not use tracking cookies or third-party client-side analytics trackers. We use localStorage solely to store your theme preference (light/dark mode). Custom analytics events (such as quiz starts and completions) are recorded server-side and are not linked to client-side tracking mechanisms.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be noted by updating the date at the top of this page.

9. Contact

For privacy-related requests, email us at privacy@getflowaudit.com.