FlowSight

Privacy Policy

How FlowSight collects, uses, and protects your data

Effective Date: November 14, 2025

Introduction

FlowSight is a SaaS platform that connects to your Salesforce organizations to analyze Flow metadata and generate AI-powered documentation. We help Salesforce administrators and developers understand their automations through secure data processing and advanced AI models.

This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your information. By using FlowSight, you agree to this Privacy Policy.

1. Data We Collect

1.1 User-Provided Data

  • Account Information: Email address, password (securely hashed), first name, last name, phone number, and company name.
  • Salesforce OAuth Credentials: Secure OAuth tokens used to connect your Salesforce organizations. These tokens are encrypted and stored securely.
  • Organization Data: Salesforce org names, org IDs, and labels you assign to your connected organizations.

1.2 System-Generated Data

  • Salesforce Flow Metadata: Flow definitions, elements, and configurations retrieved from your Salesforce orgs using read-only access.
  • AI-Generated Explanations: Narrative blueprints and documentation created by OpenAI models based on your Salesforce metadata.
  • Cached Reports: Temporarily cached results to improve speed and performance during your session.

1.3 Usage Data

  • Activity Logs: Login timestamps, blueprint generation events, export actions, and subscription updates.
  • AI Usage Metrics: Model selections, token counts, and cost tracking for performance and billing accuracy.
  • Technical Data: IP address, browser type, and device metadata used for security and debugging.

2. How We Use Your Data

FlowSight uses the data we collect to:

  • Deliver and improve the core service experience.
  • Connect securely to your Salesforce organizations and process automation data.
  • Authenticate users and prevent unauthorized access.
  • Process billing and subscription management via Stripe.
  • Monitor and optimize AI generation performance.
  • Provide customer support and respond to inquiries.
  • Comply with legal obligations and security standards.

3. How We Protect Your Data

FlowSight applies multiple layers of modern security:

  • Encryption: All sensitive data is encrypted both in transit and at rest using industry-standard encryption methods.
  • Authentication: Passwords are hashed using strong cryptographic algorithms. OAuth tokens are securely managed and never stored in plaintext.
  • Access Control: FlowSight only requests read-only access to Salesforce metadata and cannot modify your org data.
  • Infrastructure Security: All data is hosted in secure, access-controlled environments with monitoring, intrusion detection, and audit logging.
  • AI Data Handling: Personally identifiable information is sanitized before being processed by AI models.
  • Additional Protections: Rate limiting, session management, and continuous monitoring prevent abuse and ensure platform reliability.

4. Data Storage & Retention

  • Account Data: Retained for the duration of your active subscription.
  • Salesforce OAuth Tokens: Deleted immediately when you disconnect an org from your dashboard.
  • AI Explanations: Stored securely as part of your user library. Cached data is automatically cleared after a short retention period (typically 15-60 minutes depending on cache type).
  • Usage Logs: Automatically deleted after 90 days through automated cleanup.
  • Audit Logs: Retained for security purposes and compliance.

To request data deletion or account closure, contact info@flowsight.dev. We will respond to all requests within a reasonable timeframe.

5. Data Sharing & Third Parties

FlowSight does not sell or share your personal data for marketing purposes.

We share limited data with trusted vendors essential to the service:

  • OpenAI: Processes sanitized flow data for AI generation.
  • Stripe: Manages payment processing and subscription billing.
  • Salesforce: Accessed through secure OAuth for read-only metadata retrieval.
  • Email Provider: Sends transactional messages such as password resets and notifications.

All third-party services adhere to their own privacy and security standards, and FlowSight ensures that all vendors meet or exceed industry compliance frameworks (e.g., GDPR, SOC 2).

6. Your Rights

You can:

  • Update or delete your account information through your profile settings.
  • Disconnect Salesforce orgs at any time, which immediately deletes related OAuth tokens.
  • Export documentation reports in Markdown, HTML, or PDF.
  • Cancel your subscription via the Stripe Customer Portal.

For privacy inquiries or data access requests, contact info@flowsight.dev.

7. Cookies & Tracking

FlowSight uses minimal cookies to operate securely:

  • Session Cookies: Maintain your login state.
  • Preference Storage: Remember light or dark mode selections.

FlowSight does not use analytics trackers, advertising cookies, or third-party tracking scripts.

8. Policy Updates

We may update this policy periodically to reflect changes in operations or compliance requirements. Updates will be announced and posted here with a new effective date. Continued use of FlowSight after updates constitutes acceptance of the revised policy.

9. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

General Inquiries: info@flowsight.dev

10. Data Location

FlowSight's infrastructure and databases are hosted in secure, access-controlled data centers located in the United States. All processing is performed under U.S. privacy and security regulations.

We are committed to safeguarding your data and maintaining transparency in how FlowSight operates.