Skip to content
Flowgento

Legal

Privacy Policy

Last Updated: 26 May 2026

How Flowgento collects, uses, and protects your information.

Effective date: 26 May 2026

Flowgento is a service operated by eMarinersApp (GSTIN: 21CIJPP8904K1ZY), referred to in this Policy as "we", "us", or "Flowgento". We are based in India. This Policy describes how we collect, use, disclose, store, and protect personal information when you visit our website or use our services.

1. Who we are

Flowgento is operated by eMarinersApp DBA Flowgento. References to "Flowgento" in this Policy mean eMarinersApp, acting under its Flowgento brand.

2. Information we collect

  • Account data: name, email, phone number, organisation name, role.
  • Business data: contacts you import, messages sent and received via WhatsApp, media files you upload, templates, tags, broadcast logs.
  • Billing data: billing address, GSTIN (where applicable), and payment receipts. Card and bank details are handled by our payment processor — we do not store them.
  • Technical data: IP address, browser type, device, timestamps, audit log entries for administrative actions.

3. How we use information

  • To provide and improve the service.
  • To send transactional emails (account, billing, security).
  • To enforce our Terms and prevent abuse.
  • To comply with Indian and international legal obligations.
  • To send product updates and marketing emails (opt-out any time).

4. Subprocessors

We use the following subprocessors to operate the service:

  • Meta Platforms, Inc. — WhatsApp Business Cloud API delivery.
  • Cloudflare R2 — primary media storage.
  • iDrive e2 (Tokyo region) — secondary / backup media storage.
  • Razorpay — payment processing (integrated).
  • ZeptoMail (by Zoho) — transactional email.

A current subprocessor list is available on request from privacy@flowgento.com.

4a. WhatsApp and Meta Integration

Flowgento uses the WhatsApp Cloud API provided by Meta Platforms, Inc. (Meta) to enable WhatsApp messaging features for our users.

  • Role of Meta: Meta acts as an independent data controller for messages transmitted through WhatsApp infrastructure.
  • Role of Flowgento: Flowgento acts as a data processor on behalf of our customers. We do not own or claim ownership of message content.
  • Message storage: Messages are transmitted via Meta's WhatsApp infrastructure. Flowgento stores message metadata and content required for our customers to manage their business communications, with full deletion rights granted to users (see our Data Deletion page).
  • No data outside user control: We do not share, sell, or use message content for purposes outside the user's explicit business needs.

By using Flowgento's WhatsApp features, you also agree to:

4b. Data residency

For Indian users, data is hosted in the India region where applicable (Mumbai region via Cloudflare R2 and iDrive e2). For users outside India, data may be hosted in the nearest available region of our providers. Backups are encrypted at rest and stored in geographically separated regions.

5. Data retention

Customer business data is retained for as long as your account is active and for a grace period after cancellation (configurable per plan). Audit logs are retained for at least one year for compliance. On verified deletion request, we delete personal data within 30 days, except where retention is required by law.

6. Your rights

Depending on your jurisdiction (India DPDP Act 2023, EU GDPR, others), you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • request deletion ("right to be forgotten");
  • port your data to another service;
  • object to or restrict certain processing;
  • withdraw consent at any time;
  • complain to a supervisory authority.

Email privacy@flowgento.com to exercise any of these rights.

7. DPDP Act 2023 + GDPR

We process personal data in accordance with the Digital Personal Data Protection Act, 2023 (India) and, where applicable, the EU/UK General Data Protection Regulation. Our lawful basis for processing customer business data is the performance of a contract (your subscription); for marketing emails it is your consent.

8. Cookies and Local Storage

Flowgento uses a minimal set of cookies and browser storage:

  • Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional storage: Stores user preferences (UI language, layout choices) locally in your browser. Does not leave your device.
  • Analytics: We use privacy-respecting analytics (Sentry for error tracking only — no behavioral tracking). We do not use Google Analytics, Facebook Pixel, or third-party advertising trackers.

9. Security

Flowgento applies industry-standard encryption (TLS 1.3 in transit, AES-256 at rest) and access controls including role-based authentication, audit logs, and least-privilege access for our team.

  • TLS 1.3 encryption for data in transit.
  • AES-256 encryption at rest for backups and provider credentials.
  • Argon2id password hashing.
  • Role-based access control + audit logging for admin actions.
  • Regular dependency updates and least-privilege infrastructure.

10. International transfers

Some subprocessors (Meta, Cloudflare R2, iDrive e2) operate globally. By using Flowgento you consent to data being transferred outside India where necessary to deliver the service. We rely on Standard Contractual Clauses or equivalent safeguards where required by law.

11. Children's privacy

Flowgento is a business product and is not directed at individuals under 18. We do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced in-app and by email at least 14 days before they take effect.

13. Contact

Privacy questions: privacy@flowgento.com
Legal notices: legal@flowgento.com