Privacy Policy

Effective date: May 8, 2026

This Privacy Policy describes how FlowPOS (“Flow,” “we,” “our,” or “us”) collects, uses, and handles information when you use the Flow mobile application, website at https://stripeflow.app, contact form, and related support services (collectively, the “Service”). For privacy questions, contact us at info@stripeflow.app.

1. Information We Collect

We collect information you provide directly to us, as well as information generated through your use of the Service.

Information You Provide

  • Account information: When you connect your Stripe account, we receive information from Stripe necessary to display your account data within the app, such as your name, email address, and business name.
  • Contact and support information: If you contact us for support, we may collect your name, email address, and any information you include in your message.
  • Device permissions: If you enable Tap to Pay or reader features, the app may request access to NFC, Bluetooth, nearby device, or location permissions needed by the native Stripe SDK.

Information Generated Through Use

  • Usage data: We may collect information about how you use the app, including features accessed, screens viewed, and actions performed.
  • Device information: We may collect device identifiers, operating system version, app version, and diagnostic information to improve reliability and fix bugs.
  • Log data: Our servers may automatically record information such as your IP address, device type, and timestamps when you use the Service.

2. Stripe Account Connection

Flow connects to your Stripe account using Stripe’s official OAuth authorization flow. When you connect your Stripe account:

  • You authorize Flow to access your Stripe account data on your behalf.
  • Flow reads payment data, hosted invoice/link details, balance, payout, and related customer email/name fields from your Stripe account to display within the app.
  • Flow may create charges, payment links, invoices, and other Stripe objects on your behalf based on your actions in the app.
  • You can disconnect your Stripe account from Flow at any time from within the app or from your Stripe account settings.

Your Stripe account credentials (username and password) are never stored by Flow. Authentication is handled entirely through Stripe’s secure OAuth process.

3. Payment Data Handling

Flow does not store, process, or transmit raw credit or debit card numbers. All payment processing is handled directly by Stripe, which is PCI-DSS Level 1 compliant.

When you accept a payment through Flow:

  • Card data entered via Tap to Pay is processed directly by Stripe Terminal / Stripe’s NFC infrastructure.
  • Manually entered card numbers are tokenized by Stripe’s secure SDKs before any network transmission.
  • Flow receives only a tokenized reference to the payment method, not the underlying card data.

For full details on how Stripe handles payment data, please review Stripe’s Privacy Policy.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Flow app and Service.
  • Display your Stripe account data, transactions, and business insights within the app.
  • Diagnose technical problems and ensure app stability.
  • Respond to your support inquiries.
  • Send you important service-related communications (not marketing, unless you opt in).
  • Comply with legal obligations.

5. Analytics and Usage Data

We use operational logs, app diagnostics, and Stripe-provided account and payment events to operate the Service, troubleshoot issues, and understand which product areas need improvement. We do not sell analytics data or use it for third-party advertising. If we add a third-party analytics or crash-reporting provider that processes personal information, we will update this policy before using it for that purpose.

6. Information Sharing

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We may share information in the following limited circumstances:

  • With Stripe: Flow shares information with Stripe to facilitate payment processing and account management as described above.
  • Service providers: We may share information with trusted vendors who assist us in operating the Service, including hosting, mail delivery, diagnostics, and customer support tools, under confidentiality obligations.
  • Legal requirements: We may disclose information if required by law or to protect the rights, property, or safety of Flow, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction.

7. Data Retention

We retain information for as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required by law. Payment transaction data is primarily stored and retained by Stripe according to Stripe’s own data retention policies. You may request deletion of your Flow account data by contacting us at the address below.

8. Third-Party Services

The Service integrates with and relies on the following third-party services:

  • Stripe, Inc. - Payment processing, account management, and financial infrastructure. Stripe Privacy Policy
  • Flow mail delivery service - Delivery of website contact and support messages to the Flow support inbox.

Flow is not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

9. Your Choices and Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data (subject to legal obligations).
  • Disconnect your Stripe account from Flow at any time.
  • Opt out of non-essential communications.

To exercise these rights, please contact us at info@stripeflow.app.

10. Children’s Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. Security

We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse. However, no method of transmission over the internet or electronic storage is 100% secure. For payment data security, we rely on Stripe’s industry-leading PCI-DSS Level 1 compliance.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “effective date” at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

FlowPOS
Website: https://stripeflow.app
Email: info@stripeflow.app