FlowPOS
Log inSign up free

Privacy Policy

Last updated: 2026-04-16

1. Introduction

This Privacy Policy explains how FlowPOS ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our Service. FlowPOS is operated by Individual Entrepreneur Vladimir Savelev (ID 345831317), registered in Batumi, Georgia.

We are committed to protecting your privacy and handling your data responsibly. This policy is designed to comply with:

  • Georgian Personal Data Protection Law (2011)
  • EU General Data Protection Regulation (GDPR) for users in the European Economic Area
  • General international data protection standards and best practices

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Individual Entrepreneur Vladimir Savelev ID: 345831317 Address: Georgia, Batumi, Giorgi Leonidze str., 4e Email: legal@flowpos.pro

For any questions or concerns regarding your personal data, please contact us at the email address above.

3. Data We Collect

We collect and process the following categories of data:

Account Data

  • Full name
  • Email address
  • Country
  • Business name
  • Phone number (optional)

Business Data

Data you enter into the Service in the course of operating your business:

  • Menu items and pricing
  • Orders and transaction records
  • Inventory and stock records
  • Financial records and reports
  • Employee information (names, roles, schedules)
  • Customer data (if you choose to collect it through the Service)

Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Access timestamps and server logs
  • Pages visited within the Service

Payment Data

Payment processing is handled by Stripe and Paddle. We do not store your credit card numbers, CVV codes, or full payment details on our servers. We receive only transaction confirmations, subscription status, and billing identifiers from payment processors.

AI Interaction Data

When you use AI-powered features (Business Assistant, Invoice Scanning, Recipe Suggestions):

  • Queries and prompts you submit
  • Relevant business context sent to the AI provider to generate accurate responses

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract Performance — processing necessary to provide the Service you have subscribed to
  • Legitimate Interests — improving the Service, preventing fraud, ensuring security
  • Consent — where you have given explicit consent (e.g., enabling optional AI features or delivery integrations)
  • Legal Obligations — compliance with applicable tax, accounting, and regulatory requirements

For EU users, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. How We Use Your Data

We use your data for the following purposes:

  • Providing the Service — operating your POS system, processing orders, managing inventory, and delivering all Service features
  • Processing Payments — managing your Subscription billing through our payment processors
  • Service Notifications — sending essential communications about your Account, billing, security alerts, and service updates
  • Improving the Service — analyzing anonymized and aggregated usage data to improve features, performance, and user experience
  • AI Features — processing your queries through AI providers to deliver business insights, invoice scanning results, and recipe suggestions
  • Fraud Prevention — detecting and preventing unauthorized access, abuse, and fraudulent activity
  • Legal Compliance — fulfilling our obligations under applicable laws and regulations

We do not use your data for advertising purposes and we do not sell your personal data to third parties.

6. AI Features & Data Processing

The Service includes optional AI-powered features: AI Business Assistant, Invoice Scanning, and Recipe Suggestions.

When you use these features, relevant data from your Account is transmitted to third-party AI model providers to generate responses. Specifically:

  • Data is transmitted over encrypted connections (TLS 1.3)
  • Your data is not used to train AI models
  • Data is not stored by AI providers beyond the time necessary to process your request
  • AI providers are bound by data processing agreements that prohibit unauthorized use of your data

You can disable AI features at any time in your Account settings. When AI features are disabled, no data is sent to AI providers.

AI-generated content is provided for informational purposes only and should not be relied upon as professional business, financial, or legal advice.

7. Data Sharing

We share your data only with the following categories of third parties, and only to the extent necessary:

  • Payment Processors (Stripe, Paddle) — to process your Subscription payments and manage billing
  • Delivery Platforms (Wolt, Glovo, Bolt Food, Yandex Eda) — only when you actively enable these integrations, to sync orders and menus
  • AI Providers — only when you use AI features, to process your queries and generate responses
  • Hosting Provider (OVH) — our infrastructure provider where your data is stored and processed
  • Law Enforcement — only when required by a valid legal process, court order, or binding regulatory request

All third-party processors are bound by Data Processing Agreements (DPAs) that require them to protect your data and use it only for the specified purposes.

We do not sell, rent, or trade your personal data.

8. International Data Transfers

Your data is stored and processed on servers located in the European Union (Finland).

For users in the EU/EEA: your data remains within the EU. In the event that any processing requires transfer outside the EU, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

For users in Georgia: your data is processed in the EU, which provides a high level of data protection.

For users in other jurisdictions: by using the Service, you consent to the transfer of your data to EU-based servers. We ensure that all transfers comply with applicable data protection laws.

9. Data Security

We implement robust technical and organizational measures to protect your data:

  • Encryption in Transit — all connections secured with TLS 1.3
  • Password Security — passwords hashed using bcrypt with appropriate cost factors
  • Encrypted Backups — database backups encrypted at rest
  • Access Controls — strict role-based access to production systems, limited to authorized personnel
  • Regular Security Audits — periodic security reviews and vulnerability assessments
  • Rate Limiting — protection against brute-force attacks and abuse
  • Two-Factor Authentication (2FA) — available for all Accounts to provide an additional layer of security

While we take all reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Data Retention

We retain your data according to the following schedule:

  • Active Accounts — data retained for as long as your Account remains active
  • Deleted Accounts — data permanently removed within 30 days of Account deletion
  • Financial Records — retained for 7 years as required by Georgian tax law
  • Server Logs — retained for 90 days and then automatically deleted
  • AI Interaction Logs — retained for 30 days and then automatically deleted

You may request deletion of your Account and associated data at any time by contacting legal@flowpos.pro.

11. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your personal data (subject to legal retention requirements)
  • Right to Data Portability — receive your data in a structured, commonly used, machine-readable format
  • Right to Restriction — request that we limit the processing of your data under certain circumstances
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw previously given consent at any time

To exercise any of these rights, contact us at legal@flowpos.pro. We will respond to your request within 30 days. If we need additional time, we will inform you of the reason and the expected timeframe.

If you are in the EU and believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.

12. Cookies

We use only essential cookies that are strictly necessary for the operation of the Service:

  • Authentication Session — to keep you logged in during your session
  • Language Preference — to remember your selected interface language

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No consent banner is required because we use only essential cookies.

13. Children

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that data promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email at least 30 days before taking effect.

The date of the most recent revision is indicated at the top of this policy. We encourage you to review this policy periodically.

15. Contact

Data Controller: Individual Entrepreneur Vladimir Savelev ID: 345831317 Address: Georgia, Batumi, Giorgi Leonidze str., 4e Email: legal@flowpos.pro