1. What We Collect
Flowdesk collects information necessary to communicate with you, process invoices, and perform custom workflow automation development. We collect the following categories of information:
- Contact Details: Your name, business email address, phone number, and company name when you fill out contact forms, book discovery calls, or engage our services.
- Billing Details: Physical billing addresses and administrative contact information used strictly for invoicing.
- System & Workflow Parameters: Operational information regarding your existing agency processes, database schemas, and application integrations provided during scoping or development sprints.
- Usage Data: Basic transaction volumes, log execution counts, and API response errors generated by custom automations we deploy to monitor stability.
- Communications: The contents of emails, support tickets, chat logs, or SOW reviews exchanged between you and Flowdesk.
2. How We Use It
Flowdesk uses collected data strictly for operational, support, and legal purposes, including:
- Providing, configuring, maintaining, and troubleshooting custom n8n automations, AI agents, and custom backend SaaS environments.
- Communicating with you regarding system scoping, SOW updates, support tickets, and direct inquiries.
- Issuing project invoices and monitoring invoice payment schedules.
- Analyzing system execution logs to improve script stability and debug configuration faults.
- Complying with relevant tax, audit, and legal reporting obligations under New Zealand law.
3. Credentials & Access
Developing custom business automations requires access to your third-party API keys, environment credentials, database instances, or software portals. We treat this technical access with strict diligence:
- Your credentials are used solely to configure and test the automations defined in your SOW.
- During the active development phase, credentials and keys are stored securely using local encrypted password managers (such as 1Password) and are deployed directly into your hosting environments (such as isolated n8n variable environments or secure Supabase configurations).
- We do not cache, copy, or route your production API keys or workflow data through external or unencrypted Flowdesk servers. Your operational data resides within the hosting accounts you license and control.
4. Third-Party Integrations
Flowdesk designs automations that connect client infrastructure to third-party services. During development and operation, data may flow to external third-party services that you authorize, including:
- n8n: Used as the logic and workflow orchestration layer.
- Supabase: Used as the backend database, data storage, and authentication engine.
- Anthropic / OpenAI: Used as the Large Language Model (LLM) cognitive backend to process inputs and prompt executions.
Each of these services maintains its own distinct privacy policies and security frameworks. Flowdesk is not responsible for the data security, custody, or operational practices of these third-party platforms. Flowdesk does not sell, lease, or trade your personal or operational data to third-party data brokers or marketing firms.
5. Legal Compliance
Our primary legal framework for data custody is the New Zealand Privacy Act 2020. Flowdesk operates in accordance with the Information Privacy Principles (IPPs) set out in the Act, ensuring you have the right to request access to and correction of any personal information we hold about you.
Where your business, clients, or data are subject to the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), Flowdesk will follow these data privacy principles as applicable to our scope of work. Flowdesk does not claim direct GDPR or CCPA corporate compliance certifications, nor do we act as a formal data processor under those jurisdictions beyond performing best-effort technical configurations on your behalf.
6. Retention & Deletion
Flowdesk retains your contact, system metadata, and billing information only as long as necessary to deliver services, execute projects, or fulfill legal tax reporting duties. Upon the formal conclusion or termination of our services:
- All technical credentials, passwords, and API keys shared during the project are deleted from our local development environments and password managers.
- You may submit a written deletion request at any time to hello@flowdesk.systems to request the removal of all project correspondence, scoping documentation, and contact records. Flowdesk will comply with such requests within 30 days, subject to preserving necessary financial invoicing records required by New Zealand tax authorities.