Privacy Policy
Effective date: 2 April 2026 · FlowStudio
This Privacy Policy describes how FlowStudio (“we”, “us”) handles information when you use the FlowStudio web application (the “Service”). It should be read together with our Terms and Conditions.
1. Data controller / contact
The Service is operated in connection with Syncster. For privacy requests or questions, contact admin@syncster.dev.
2. Information we process
Depending on how you use the Service, we may process:
- Account and profile data — When you sign in with Google via Firebase, we may receive and store identifiers such as your Firebase user ID, email address, and display name as provided by Google, to create and maintain your account in our backend database.
- Workspace data — Projects, folders, worksheet names, types, and the inputs and outputs you save (typically stored as structured JSON) when you use the hosted API while signed in.
- Feedback and support messages — If you use the in-app feedback feature while signed in, we store the category, subject, message, optional technical context (such as active worksheet metadata), and timestamps to respond and improve the Service.
- Technical data — Server logs, IP addresses, timestamps, and similar data may be created automatically when you or your browser contact our API or infrastructure providers. This helps us operate, secure, and debug the Service.
3. Local storage in your browser
The app may store a session token (JWT) and related flags in your browser’s
localStorage so you stay signed in between visits. Work done without signing in
may be kept only on your device (for example, local project data), depending on product behaviour. Clearing
site data or using a private window may remove these items.
4. Cookie preferences banner
When you first open FlowStudio (or when you click Cookies in the footer), you may see a
storage and cookies notice. That choice is saved in localStorage as
fs_cookie_consent_v1 and records whether you allow optional processing (for
example analytics if we add them later). Essential use of storage needed to run the app
(sign-in, projects, UI state) is described above and is not turned off by choosing “Essential only”.
You can change your mind anytime via Cookies in the app footer, on the sign-in page, or on the admin screen (if you use it).
5. How we use information
We use the information above to:
- provide, maintain, and improve the Service;
- authenticate you and associate your projects and worksheets with your account;
- respond to feedback and support requests;
- protect security, prevent abuse, and meet legal obligations.
We do not sell your personal information.
6. Legal bases (EEA / UK users)
Where the GDPR or UK GDPR applies, we rely on bases such as: performance of a contract (providing the Service you request); legitimate interests (security, product improvement, support), balanced against your rights; and legal obligation where required. Where consent is required (for example, optional analytics), we use the in-app cookie preferences choice where applicable.
7. Sharing and processors
We use service providers to run the Service, including authentication and cloud infrastructure (for example, Google Firebase / Google Cloud and hosting for the API and database). They process data on our instructions and under their own terms and privacy policies. We may disclose information if required by law or to protect rights and safety.
8. Retention
We keep account and workspace data while your account is active and for a reasonable period afterward for backup, legal, or dispute purposes, unless a shorter period is required by law. Feedback records are kept as needed for support and quality. Technical logs are retained for a limited time typical for security and operations.
9. Security
We implement reasonable technical and organizational measures to protect data. No method of transmission or storage is completely secure; you use the Service at your own risk as described in the Terms.
10. International transfers
Providers may process data in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) offered by our providers.
11. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, or to data portability, and to lodge a complaint with a supervisory authority. To exercise rights, contact admin@syncster.dev. We may need to verify your identity before fulfilling requests.
12. Children
The Service is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.
13. Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top will change; continued use of the Service after updates constitutes acceptance where permitted by law.