Privacy Policy

FlowState UX ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices when you visit our website, use our services, or communicate with us.

This policy applies to all information collected through flowstate-ux.com, our design services, client portals, email communications, and any related digital channels.

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Submit contact forms or project inquiry requests
• Sign service agreements or contracts
• Communicate via email, phone, video calls, or messaging platforms
• Subscribe to newsletters or updates
• Participate in user research or feedback sessions
• Provide testimonials or case study information

This information may include: full name, email address, phone number, company name and position, business address, project requirements and specifications, payment and billing information, and any other information you choose to share.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

• IP address and approximate geographic location (city/region level)
• Browser type, version, language, and settings
• Operating system and device information
• Pages viewed, time spent on pages, and navigation patterns
• Referring website and exit pages
• Date and time of visits
• Click interactions and scroll depth

2.3 Information from Third Parties

We may receive information from:

• Business partners and referral sources
• Professional networking platforms (LinkedIn)
• Analytics and marketing service providers
• Payment processors for transaction confirmations
• Public databases and business directories

3.1 Service Delivery and Operations

• Execute design projects and deliver agreed-upon services
• Communicate about project timelines, deliverables, and feedback
• Process payments and manage billing
• Provide customer support and respond to inquiries
• Collaborate through design tools, file sharing, and project management platforms
• Manage contracts, legal agreements, and business records

3.2 Business Improvement and Analytics

• Analyze website traffic and user behavior to improve user experience
• Conduct research to enhance our design methodologies
• Develop new services and optimize existing offerings
• Understand client needs and market trends
• Test and improve website performance and functionality

3.3 Marketing and Communications

• Send newsletters, case studies, and design insights (with consent)
• Inform you about new services, updates, and special offerings
• Request feedback, testimonials, and case study participation
• Maintain professional relationships with clients and prospects
• Display portfolio work and client success stories (with permission)

3.4 Legal and Compliance

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other agreements
• Respond to legal requests, subpoenas, or court orders
• Protect our rights, property, and safety
• Prevent fraud, security threats, and illegal activity

4.1 Service Providers and Business Partners

We share information with trusted third-party vendors who assist in business operations:

• Cloud Infrastructure: AWS, Google Cloud, or similar hosting providers
• Payment Processing: Stripe, PayPal, or other secure payment gateways
• Communication Tools: Email platforms (Google Workspace), video conferencing (Zoom)
• Analytics Services: Google Analytics, Hotjar, or similar analytics tools
• Design and Collaboration: Figma, Adobe Creative Cloud, Notion, Asana
• Marketing Platforms: Email marketing services (if applicable)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal and Regulatory Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our agreements and policies
• Protect the rights, property, or safety of FlowState UX, our clients, or others
• Prevent fraud, security breaches, or illegal activity
• Respond to valid legal investigations

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you via email and/or website notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given explicit consent, such as featuring your project in our portfolio or sharing case study information publicly.

We implement comprehensive technical and organizational security measures to protect your personal information:

• Encryption: SSL/TLS encryption for data transmission; AES encryption for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and regular security audits
• Secure Storage: Encrypted databases and secure cloud infrastructure
• Employee Training: Regular security awareness training for all team members
• Incident Response: Established procedures for security breach detection and response
• Regular Backups: Encrypted backups with disaster recovery protocols

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:

• Active Projects: Duration of project plus 3 years for reference and support
• Financial Records: 7 years from end of fiscal year (tax and accounting requirements)
• Contracts and Legal Documents: Duration of agreement plus 7 years
• Marketing Communications: Until you unsubscribe or request deletion, up to 2 years of inactivity
• Website Analytics: 26 months (Google Analytics standard retention)
• Support Inquiries: 3 years from last contact

When information is no longer needed, we securely delete or anonymize it to prevent unauthorized access or use.

7.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our services. We use both session cookies (expire when you close browser) and persistent cookies (remain until deleted or expired).

7.2 Types of Cookies We Use

• Essential Cookies: Required for website functionality, security, and navigation
• Analytics Cookies: Help understand how visitors use our website (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track visits across websites for relevant advertising (with consent)

7.3 Cookie Management

You can control cookies through your browser settings:

• Block all cookies or accept only first-party cookies
• Receive notifications when cookies are set
• Delete existing cookies
• Use browser plugins for advanced cookie management

Note: Blocking or deleting essential cookies may impact website functionality and your user experience.

7.4 Other Tracking Technologies

We may also use web beacons, pixel tags, and similar technologies to track email opens, measure campaign effectiveness, and analyze user behavior on our website.

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

8.1 Right to Access and Portability

• Request a copy of personal information we hold about you
• Receive your data in a structured, machine-readable format
• Transfer your data to another service provider (data portability)

8.2 Right to Correction

• Request correction of inaccurate or incomplete personal information
• Update your contact information and preferences at any time

8.3 Right to Deletion (Right to be Forgotten)

• Request deletion of your personal information (subject to legal retention requirements)
• We will comply unless we have legitimate grounds to retain the information

8.4 Right to Restriction and Objection

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Opt-out of marketing communications at any time

8.5 Right to Withdraw Consent

• Withdraw consent for data processing where consent was the legal basis
• Withdrawal does not affect lawfulness of processing before withdrawal

8.6 Exercising Your Rights

To exercise any of these rights, contact us using the information below. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

FlowState UX is based in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the United States and other jurisdictions.

When we transfer data internationally, we ensure appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with international service providers
• Compliance with EU-US and Swiss-US Privacy Shield frameworks (where applicable)
• Ensuring recipients are certified under recognized data protection schemes

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. When we make changes:

• We will update the "Last Updated" date at the top
• Material changes will be communicated via email to active clients
• Continued use of services after changes constitutes acceptance
• We encourage periodic review of this policy