Table of Contents
7.0 Account Closure and Subscription Cancellation 4
8.0 Data Held on Behalf of Customers 5
This Data Retention and Deletion Policy explains how Flowly manages the retention, deletion and disposal of data held through its website, platform and related services.
Flowly handles data connected with user accounts, workspaces, uploaded materials, payment-related records, support activity and platform operation. Where this information includes personal data, Flowly will handle it in line with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations 2003, where applicable.
The purpose of this policy is to set out Flowly’s approach to keeping data for appropriate periods and deleting it when it is no longer reasonably required.
In the event that Flowly needs to retain certain information for legal, accounting, security, fraud prevention or dispute-related reasons, data may be kept for longer than the active use of the account or service.
This policy applies to data handled by Flowly through its website, platform, user accounts, workspaces, support channels and associated services. It covers data provided directly by users, data created through use of the platform, customer content uploaded to workspaces, payment-related records, support records, technical logs and backup data.
Where Flowly processes personal data on behalf of a customer, retention and deletion may also be governed by the customer’s instructions and the applicable Data Processing Agreement. In such cases, Flowly will handle the data in accordance with the relevant contractual and data protection arrangements.
Flowly will retain data only for as long as it is reasonably needed for the purpose for which it is held. Retention periods will depend on the type of data, the reason it is used, and any legal, operational, security or contractual requirement that applies.
Personal data will be managed in line with the principles of data minimisation, storage limitation and security under the UK GDPR and Data Protection Act 2018. Flowly will avoid keeping personal data indefinitely unless there is a valid reason to do so.
Where data is no longer required, Flowly will delete, anonymise or otherwise dispose of it in an appropriate manner. Deletion may not always be immediate where data is held in backups, archived records or systems controlled by third-party providers.
Data category | Examples | Retention approach |
|---|---|---|
Account and User Data | User names, email addresses, usernames, profile details, account status and plan information | Retained while the account remains active. Limited account records may be retained after closure where needed for legal, billing, security or dispute-related purposes. |
Workspace and Studio Data | Studio name, workspace settings, team membership, roles, permissions and invitations | Retained while the workspace or subscription remains active. |
Customer Content and Uploaded Materials | Project information, uploaded files, comments, messages, thumbnails, videos and attachments | Retained for as long as the customer maintains the relevant account or workspace. |
Payment, Billing and Financial Records | Payment requests, payment status, subscription references, expenses and invoice-related records | Retained for as long as required for account administration, accounting, fraud prevention, refunds, chargebacks, disputes and legal compliance. |
Contracts and Signature Records | Contract templates, completed contracts, signed PDFs, signature images and contract status records | Retained while required for the customer’s use of the platform and for any applicable legal, dispute, audit or business record purpose. |
Support and Communication Records | Support tickets, customer messages, issue details and related correspondence | Retained for as long as needed to manage the support issue, maintain service records, resolve disputes and improve platform support. |
Technical, Security and Activity Logs | Login activity, IP address, browser information, user actions, security alerts and audit records | Retained for a reasonable period to support platform security, incident investigation, misuse prevention, troubleshooting and audit activity. |
Backup Data | Copies of platform data, uploaded materials and system records held within backup systems | Retained in line with Flowly’s backup arrangements. Data deleted from the live platform may remain in backups until the relevant backup is overwritten or reaches the end of its retention period. |
Individuals may request deletion of their personal data where they have the right to do so under applicable data protection law. Requests should be submitted to Flowly using the contact route provided in the Privacy Policy. Flowly will review each request and confirm whether the data can be deleted. Some information may need to be retained where there is a legal, accounting, security, fraud prevention or dispute-related reason to keep it.
Where personal data has been added to Flowly by a customer, Flowly may need to refer the request to that customer. In those cases, the customer is usually responsible for deciding whether the data should be deleted, and Flowly will assist where required under the applicable Data Processing Agreement.
Flowly will respond to valid deletion requests without undue delay and within one month of receiving the request. Where a request is complex, or where multiple requests have been received from the same individual, Flowly may extend the response period by up to a further two months and will notify the individual within the first month where this applies.
Where a customer closes their account or cancels their subscription, Flowly may retain account data and workspace records for a limited period where this is needed to manage the closure.
Cancellation of a subscription will usually stop future billing, but it does not automatically require immediate deletion of all data associated with the account. Some records may need to be retained after cancellation.
Where a customer requests deletion of personal data after account closure, Flowly will handle the request in accordance with Section 6.0 of this policy and any applicable Data Processing Agreement.
Data removed from active systems may remain in backups until the relevant backup is overwritten or reaches the end of its retention period. Backup data will not normally be restored unless required for disaster recovery, security investigation or another legitimate operational reason.
Where customers use Flowly to manage personal data within their own workspaces, Flowly will usually act as a processor on behalf of the customer. The customer remains responsible for deciding what personal data is added to the platform, why it is used, and how long it should be retained. Flowly will handle customer-controlled personal data in accordance with the customer’s instructions, the applicable Data Processing Agreement, and Flowly’s own security and operational controls. Customers are responsible for ensuring that personal data added to Flowly is accurate, lawful, relevant and not retained for longer than necessary.
Flowly will review this Data Retention and Deletion Policy periodically to ensure it remains up-to-date. The latest version of this policy will apply from the date it is made available, unless a later effective date is stated.
Questions about this policy or relevant services should be directed to Flowly using the contact details below:
Business name: | Flowly Now Ltd |
|---|---|
Trading name: | Flowly |
Registered office / business address: | 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ |
Support Email: | |
Website: |
*Flowly may update these contact details from time to time when its business details or communication channels change.
