Logo

Privacy Policy

Privacy Policy for FlowhiveAI

Last Updated: 13.7.25

1. Introduction

Welcome to FlowhiveAI. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy outlines how Jaden Data GmbH ("FlowhiveAI", "we", "our", or "us") collects, uses, processes, and shares your personal information when you use our services. Our services include our website, applications, and all related software and functionalities (collectively, the "Services").

This Privacy Policy should be read in conjunction with our Terms of Service, which governs your use of the Services.

2. Data Controller

The entity responsible for the processing of your personal data (the "Data Controller") is:

Jaden Data GmbH Goethestr. 67a 10625 Berlin, Germany Email: info@jadendata.com

3. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and implementation to ensure compliance with GDPR requirements. Our DPO is Dr. Marcel Müller. You can contact our DPO by emailing info@jadendata.com and addressing your query to the "Data Protection Officer."

4. What Information We Collect and Why

We collect information to provide and improve our Services, to manage your account, and to communicate with you. The type of information we collect depends on how you interact with our Services.

A. Information You Provide Directly

  • Account Registration: When you create a FlowhiveAI account, we collect information such as your name, email address, and password. We use this information to create and manage your account, authenticate your access, and assign usage quotas. The legal basis for this processing is the performance of our contract with you.
  • User Content: Our Services allow you to upload, create, and process information such as text, data files, images, or other materials ("User Content"). We process this User Content to provide you with the core functionality of the Services. You are responsible for the User Content you provide, as outlined in our Terms of Service.
  • Communications and Support: If you contact us via our contact form, email, or other means, we collect your name, email address, and the content of your message. We use this information to respond to your inquiries, provide support, and for marketing purposes.
  • Payment Information: To process payments for our Services, we use a third-party payment processor, Stripe. We do not directly store your credit card information. When you make a payment, you provide your payment information directly to Stripe. We receive transactional data, such as the amount and date of payment, to manage your subscription.
  • Job Applications: If you apply for a position with us, we collect the information you provide in your application, such as your resume and cover letter. We use this information solely for the purpose of evaluating your candidacy. This data is deleted after the position has been filled.

B. Information We Collect Automatically

  • Server Log Data: When you access our Services, our servers automatically record information. These server logs may include your IP address, the date and time of your request, the referring URL, your browser type and version, and your operating system. We use this data for security purposes, to ensure the stability of our Services, and to analyze and improve performance. This data is stored for a maximum of 60 days.
  • Usage Data & Analytics: We collect information about how you use our Services. We use tools like Google Analytics (with IP anonymization), Vercel Analytics, Posthog, and various tracking pixels (LinkedIn, X, Google) to understand user behavior, diagnose technical issues, and improve our Services. This may include tracking which features you use, how you interact with our platform, and performance metrics.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to operate and personalize our Services. For more details, please see the "Cookies and Tracking Technologies" section below.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Performance of a Contract (Art. 6(1)(b) GDPR): To provide our Services to you, manage your account, and fulfill our obligations under our Terms of Service.
  • Legitimate Interests (Art. 6(1)(f) GDPR): For security purposes, to prevent fraud, to improve our Services, and for certain direct marketing communications.
  • Consent (Art. 6(1)(a) GDPR): For sending newsletters, using non-essential cookies, and other marketing activities and tracking tools where we explicitly ask for your consent. You can withdraw your consent at any time via the “Privacy Button”.
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable legal requirements, such as financial and tax regulations.

6. How We Share Your Information: Services and Partners

We do not sell your personal data. To deliver our Services, we rely on trusted third-party service providers who act as our subprocessors. We share data with these partners only as necessary to provide and improve the Services you have requested. We ensure that these partners are bound by strict data protection obligations by entering into Data Processing Agreements (DPAs) or their equivalents with them.

We are currently using the following services offered by third parties. Also we added a link to the relevant privacy policy of the provider.

Amazon Web Services- cloud data hosting; https://aws.amazon.com/de/privacy/?nc1=f_pr

Ad google, Google Ad Sense, Google AdWords, Google Remarketing- Marketing, Provider: Google LLC

https://policies.google.com/privacy?hl=de&\_gl=1\*7lyjtf\*\_ga\*NDQ3NDA0NDU2LjE3NTI0ODI3Nzc.\*\_ga\_V9K47ZG8NP\*czE3NTI0ODI3NzckbzEkZzAkdDE3NTI0ODI3ODQkajUzJGwwJGgw

Cloudflare - cloud data hosting. Anbieter: Cloudflare, https://www.cloudflare.com/de-de/privacypolicy/

DoubleClick - Marketing; Provider Google, LLC, s.o.

e-tracker - Tracking und Analyse Tool, Provider: etracker GmbH, https://www.etracker.com/datenschutzerklaerung/

Google API - Application Programming Interface, Provider: Google LLC, s.o.

Google Analytics, Provider: Google LLC, s.o.

Hubspot - CRM - System,.Provider: HubSpot, Inc, https://legal.hubspot.com/de/privacy-policy

LinkedIn - Pixel - Analytics and Tracking, Provider: LinkedIN Corporation, https://de.linkedin.com/legal/privacy-policy?

Posthog - Analytics and Tracking, Anbieter: PostHog, inc

https://posthog.com/privacy

Smartlead Search - Marketing, Provider: 521 Products Pty Ltd; https://www.smartlead.ai/new-privacy-policy

Tradedoubler - Marketing, Provider: Tradedoubler GmbH, https://www.tradedoubler.com/privacy-policy

TradeTracker - Marketing, Provider: TradeTracker Deutschland; https://tradetracker.com/de/privacy-policy/

Tolt.io - Marketing, Provider: Tolt, Inc, https://tolt.io/privacy-policy

Vercel - Analytics and Tracking, Provider: Vercel Inc

https://vercel.com/legal/privacy-policy

X-Pixel: Analytics and Tracking: Provider: X-Corp, https://x.com/de/privacy

AI-Tools:

Anthropic - Provider: Anthropic PBC

https://www.anthropic.com/legal/privacy

Deep Infra:

https://deepinfra.com/privacy

Microsoft Azure - Provider: Microsoft, https://www.microsoft.com/de-de/privacy/privacystatement

Mistral AI - Provider: Mistral AI/France

https://mistral.ai/terms\#privacy-policy

OpenAI - Provider: Open AI Ireland Limited, https://openai.com/de-DE/policies/privacy-policy/

Perpleixty - Provider

https://www.perplexity.ai/de/hub/legal/privacy-policy

Payment Processing:

Klarna - Provider: Klarna Bank AB, https://www.klarna.com/de/datenschutz/

PayPal - Provider: PayPal S.a.r.l. https://www.paypal.com/de/legalhub/paypal/privacy-full

Stripe - Provider: Stripe, Inc: https://stripe.com/de/privacy

Our core platform infrastructure and your data are hosted on secure, industry-leading cloud services, including Amazon Web Services (AWS), with whom our data processing relationship is governed by the AWS Data Processing Addendum, Microsoft Azure, under the terms of the Microsoft Products and Services Data Protection Addendum (DPA), and Vercel, as detailed in their Data Processing Addendum. For users in the EU, we prioritize hosting data in data centers located within the European Union.

The central function of our Service is processing your User Content through various advanced AI models. This requires us to share your content with our AI model providers. These include OpenAI, whose data processing practices are outlined in their Data Processing Addendum, and Anthropic, who operate under their Data Processing Addendum. We also utilize models from Microsoft Azure, which are covered under their comprehensive DPA. For other providers, our use of Replicate is governed by the Replicate Data Processing Addendum, Deep Infra at https://deepinfra.com/terms while for Mistral AI, Perplexity AI (https://www.perplexity.ai/de/hub/legal/dpa), and Deep Infra, their data protection commitments are described in their respective legal terms and privacy policies, which can be found on their websites (Mistral Privacy Policy, Perplexity Privacy Policy, Deep Infra Privacy Policy). We ensure that legally binding data protection terms are in place with each provider to safeguard your data.

To manage user authentication securely, we use Auth0 (by Okta), and our agreement with them includes the commitments outlined in the Okta Trust & Compliance documentation. All payment transactions are handled by Stripe, and our relationship is governed by the Stripe Data Processing Agreement.

For analytics, customer relationship management, and marketing, we use tools such as Google Analytics, which operates under the Google Ads Data Processing Terms. We also use Posthog (https://posthog.com/dpa

filled with FlowhiveAI information can also be inquired directly from us), Hubspot (​​https://legal.hubspot.com/dpa), Smartlead (https://www.smartlead.ai/dpa), Apollo (https://www.apollo.io/dpa), and JIRA (by Atlassian), whose data protection standards are detailed in their respective DPAs, such as the Atlassian Data Processing Addendum.

To improve website performance and user experience, we use Content Delivery Networks (CDNs) like Cloudflare and font services like Google Fonts. Our use of these services is governed by their respective data processing terms, such as the Cloudflare Data Processing Addendum.

Finally, our website includes simple links to our social media pages (e.g., Facebook, Twitter/X, LinkedIn). No data is transferred to these platforms until you actively click on a link.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

  • Account Information: Retained for as long as your account is active. Inactive accounts are automatically deleted after 2 years.
  • Server Logs: Retained for a maximum of 60 days.
  • User Content: Retained as long as your account is active, or until you delete it. You can delete your account and associated posts yourself.
  • Backup Data: Data in backups is kept in line with our backup cycles and is securely deleted according to our schedule.

8. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that would produce a legal effect or otherwise similarly significantly affect you. Our AI models process User Content based on your direct instructions to provide the Services, but this does not constitute automated decision-making in the sense of Article 22 of the GDPR.

9. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to certain legal limitations.
  • Right to Restrict Processing: You can request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to our processing of your data based on our legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations. This complaint can be filed with the supervisory authority in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement. For matters concerning our company, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), whom you can reach at: https://www.datenschutz-berlin.de/.

To exercise any of these rights, please contact us at info@jadendata.com.

10. International Data Transfers

Our Services are global, which means your data may be transferred to and processed in countries other than your own, including the United States. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision, which are incorporated into the Data Processing Agreements linked in Section 6.

11. Security

We take the security of your data seriously. We implement appropriate technical and organizational measures, including SSL encryption across our website, to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

12. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

13. Cookies and Tracking Technologies

We use cookies, which are small text files stored on your device, to operate and improve our Services. Upon your first visit, you will be presented with a cookie consent banner that allows you to manage your preferences.

  • Strictly Necessary Cookies: These are essential for the core functionality of our Services, such as authentication and security. They do not require your consent and are loaded automatically.
  • Performance and Analytics Cookies: These help us understand how you use our Services so we can improve them (e.g., Google Analytics). These are only set if you provide your consent via our cookie management tool.
  • Marketing Cookies: These are used to deliver relevant advertising and track the effectiveness of our campaigns (e.g., Google, LinkedIn, and X pixels). These are also only set if you provide your consent.

You can change your cookie preferences at any time through our consent management tool. Additionally, you can control and manage cookies through your web browser settings.

You can find more information and details to cookies in our Cookie Policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. For significant changes, such as those affecting the purposes of data processing, the introduction of new subprocessors, or modifications to your rights, we will provide you with a prominent notice. This notification will be delivered via email to your registered account address and/or through a clear notice on our website before the changes take effect. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: info@jadendata.com