Legal

Your privacy, protected.

Effective dateMarch 29, 2026
Last updatedMarch 29, 2026
Version1.0
01

Overview

FlowRouter, Inc. (“FlowRouter,” “we,” “our,” or “us”) provides a visual lead-routing platform for HubSpot teams. This Privacy Policy explains what information we collect, how we use it, when we share it, and what choices you have.

By accessing or using FlowRouter's platform, APIs, or any associated services (collectively, the “Service”), you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

The short version: We collect information necessary to operate and improve FlowRouter. We do not sell your personal data to third parties. We take security seriously and give you control over your information.

02

Information We Collect

We collect information in three ways: information you provide, information we collect automatically, and information from third parties.

Account Information
Name, email address, company name, billing address, and authentication credentials when you create an account or purchase a plan.
Usage & HubSpot Data
Routing decisions, contact/company records accessed during routing, flow configurations, API call metadata, and performance metrics.
Technical Data
IP addresses, browser type, operating system, device identifiers, and session data collected when you visit our website or use our dashboard.
Payment Information
Billing details processed securely through our payment providers. We do not store full card numbers on our servers.
03

How We Use Information

We use the information we collect for the following purposes:

  • Delivering the Service: Provisioning accounts, executing routing flows, processing HubSpot API requests, and providing core platform functionality.
  • Improving Performance: Analyzing aggregated routing metrics to optimize matching accuracy, reduce latency, and enhance reliability.
  • Billing & Payments: Processing transactions, managing subscriptions, and sending invoices and payment confirmations.
  • Customer Support: Responding to inquiries, diagnosing issues, and providing technical assistance.
  • Security & Fraud Prevention: Detecting anomalous activity, preventing unauthorized access, and protecting the integrity of our infrastructure.
  • Communications: Sending product updates, security notices, and policy changes. You may opt out of marketing communications at any time.
  • Legal Compliance: Meeting obligations under applicable law, including responding to lawful requests from governmental authorities.
04

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

  • Service Providers: Trusted third-party vendors who process data on our behalf under strict confidentiality obligations -- including cloud infrastructure, payment processors, analytics, and customer support tools.
  • Business Transfers: If FlowRouter is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • Legal Requirements: When required by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of FlowRouter, our users, or the public.
  • With Your Consent: In any other circumstances where we have obtained your explicit consent.
05

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account data is retained for the duration of your account and for up to 90 days following account deletion, after which it is purged from our systems. Routing and usage logs are retained for up to 12 months to support performance analysis, debugging, and billing reconciliation. Billing records are retained for a minimum of 7 years as required by applicable tax and financial regulations.

When you cancel your subscription, you will have a 30-day access window during which you can export your flow configurations and routing history. After 30 days, your data is permanently deleted.

06

Security

We implement industry-standard technical and organizational safeguards to protect your information, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, regular third-party penetration testing, and SOC 2 Type II compliance.

No method of transmission over the Internet is completely secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your information, we will notify you in accordance with applicable law.

To report a potential security vulnerability, contact our security team at security@flowrouter.io. We operate a responsible disclosure program and will respond within 48 hours.

07

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@flowrouter.io. We will respond within 30 days.

Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your personal data, subject to legal obligations.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing of your data for certain purposes.
Restriction
Request that we restrict processing in certain circumstances.
08

Cookies & Tracking

We use cookies and similar tracking technologies on our website and dashboard. These include:

Essential cookies that are strictly necessary for authentication, session management, and core functionality. These cannot be disabled. Analytics cookies that help us understand how visitors interact with our website, collected in an aggregated and anonymized form. Preference cookies that remember your settings and choices to personalize your experience.

You can control non-essential cookies through your browser settings. We do not use advertising cookies, tracking pixels, or third-party cookies for behavioral advertising purposes.

09

Children's Privacy

FlowRouter is designed for use by businesses. Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@flowrouter.io and we will take prompt steps to delete such information.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and a prominent notice in the application at least 30 days before the changes take effect. The “Last updated” date at the top of this policy reflects the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

11

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please reach out to us.

FlowRouter Privacy Team
FlowRouter, Inc.
privacy@flowrouter.iosecurity@flowrouter.io