Back to Home

Privacy Policy

Effective Date: February 18, 2026
Last Updated: February 18, 2026

This Privacy Policy describes how Otoverse Enterprise ("FlowSynk," "we," "our," "us") collects, uses, discloses, and protects personal data when you use FlowSynk websites, applications, APIs, and related services (collectively, the "Services").

1. Scope

This Privacy Policy applies to personal data we process as a controller in connection with the Services, including account administration, support, analytics, security, marketing, and product improvement.

It does not govern personal data processed solely by your connected third-party platforms or by payment providers acting as independent controllers.

2. Data Controller

Controller: Otoverse Enterprise
Address: AX21 KPAKPO WULU ST, Accra, Ghana
Support: support@flowsynk.com
Privacy contact: support@flowsynk.com
DPO (if appointed): Not appointed; contact support@flowsynk.com

3. Categories of Personal Data We Collect

3.1 Data you provide directly

  1. Account and profile data (name, email, organization, role, credentials).
  2. Workspace and team data (memberships, permissions, preferences).
  3. Content and instructions you submit (prompts, media, campaign settings, automation rules).
  4. Communications (support tickets, meeting requests, feedback).

3.2 Data collected automatically

  1. Device and usage data (IP address, browser, OS, identifiers, interaction events).
  2. Log and diagnostics data (timestamps, errors, latency, event metadata).
  3. Cookie and tracking data (strictly necessary and optional categories based on consent where required).

3.3 Data from third parties

  1. Authentication providers (identity and session metadata).
  2. Social and messaging platforms you connect.
  3. Scheduling providers (for demo booking).
  4. Billing/payment providers (transaction state, invoices, subscription status).

4. How We Use Personal Data

We use personal data to:

  1. Provide, operate, secure, and improve the Services.
  2. Authenticate users and manage workspace permissions.
  3. Execute automations and connected-platform actions.
  4. Process subscription lifecycle events and billing status.
  5. Communicate product updates, support responses, and service notices.
  6. Detect, prevent, and investigate abuse, fraud, and security incidents.
  7. Comply with legal obligations and enforce agreements.
  8. Perform analytics and product performance measurement.

5. Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data under one or more bases:

  1. Contract necessity (account setup, service delivery, billing state).
  2. Legitimate interests (security, abuse prevention, service improvement, support).
  3. Consent (non-essential cookies, certain marketing and analytics contexts).
  4. Legal obligation (tax, accounting, legal process, compliance).

6. AI Processing

FlowSynk uses AI providers to generate or transform content according to your inputs.

  1. Inputs and related context may be sent to AI service providers to provide requested features.
  2. AI outputs can be inaccurate or unsuitable and require human review.
  3. We apply technical and contractual controls appropriate to the sensitivity of data.
  4. We do not intentionally use customer prompts/content to train external foundation models unless explicitly stated and enabled under provider controls.

7. How We Share Personal Data

We may disclose personal data:

  1. To subprocessors and vendors that help us provide the Services.
  2. To connected third-party platforms, based on your configuration and authorization.
  3. To payment providers and merchant-of-record providers for transactions and compliance.
  4. To advisors, auditors, and insurers under confidentiality obligations.
  5. In corporate transactions (merger, financing, acquisition, asset transfer).
  6. For legal and safety reasons (court order, lawful request, rights protection).

We do not sell personal data for money. We disclose certain data for operational analytics and service delivery as described here.

8. Payments and Merchant of Record

For paid subscriptions sold through Polar:

  1. Polar may act as merchant of record and independent controller for payment transactions.
  2. Polar may collect payment details, tax-relevant billing information, and transaction records.
  3. FlowSynk receives limited billing and subscription metadata necessary for entitlement, invoicing reference, support, and accounting.

Please review Polar's privacy terms for payment-specific processing.

9. International Data Transfers

We may transfer personal data across jurisdictions where we and our service providers operate. Where required, we use appropriate safeguards such as:

  1. Standard Contractual Clauses.
  2. UK International Data Transfer Addendum or equivalent safeguards.
  3. Additional contractual and technical protections.

10. Data Retention

We retain personal data for as long as needed to provide Services and for legitimate business/legal purposes, including security, dispute resolution, accounting, and compliance.

Retention summary: Account and workspace data is retained while your subscription is active and generally up to 30 days after verified deletion requests; security logs are typically retained up to 180 days; billing and tax records may be retained up to 7 years to satisfy legal obligations; backup snapshots are rotated on a rolling 35-day window..

When data is no longer required, we delete or anonymize it, subject to legal exceptions and backup cycles.

11. Security

We implement reasonable technical and organizational safeguards appropriate to risk, including access controls, encryption in transit, audit logging, and incident response procedures.

No method of transmission or storage is completely secure; therefore absolute security cannot be guaranteed.

12. Your Rights

Depending on location, you may have rights to:

  1. Access your personal data.
  2. Correct inaccurate personal data.
  3. Delete personal data.
  4. Restrict or object to certain processing.
  5. Data portability.
  6. Withdraw consent where processing is based on consent.
  7. Appeal or complain to a supervisory authority.

To exercise rights, contact support@flowsynk.com. We may verify identity before processing requests.

13. US State Privacy Disclosures

Where applicable state privacy laws apply (for example California, Colorado, Virginia, Connecticut, and others), you may have additional rights regarding access, deletion, correction, portability, and opt-out.

FlowSynk does not knowingly process sensitive personal data for purposes requiring opt-in consent except where expressly requested by you and legally permitted.

If you use an authorized agent, we may request proof of authorization and identity verification.

14. Cookies and Similar Technologies

We use cookies and similar technologies for:

  1. Strictly necessary functionality (authentication, security, preferences).
  2. Analytics and performance measurement (where enabled).
  3. Marketing and attribution (where enabled and legally permitted).

For details, see the Cookie Policy. You can control non-essential cookies through the consent manager where available.

15. Children's Data

The Services are not directed to children under 13 (or older age where local law requires). We do not knowingly collect personal data from children without legal authorization.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version with updated dates and provide additional notice where legally required.

17. Contact

Privacy requests and questions: support@flowsynk.com
General support: support@flowsynk.com
Address: AX21 KPAKPO WULU ST, Accra, Ghana