1.1 Purpose of this Privacy Policy

This privacy policy provides information on how Flumes AI collects and processes your personal data through our website and services, including any data you may provide through interacting with our platform (e.g., connecting your email account, using AI-generated replies, or configuring follow-ups).

1.2 Data Controller

Flumes AI is currently operated by an individual founder based in France. Under applicable EU data protection laws (e.g., GDPR), we act as the data controller of your personal information when you interact with our platform.Where you submit personal data (e.g., email content) through our system, we may act as a data processor on your behalf in limited circumstances.

1.3 Contact Details

For any privacy-related questions or requests, please contact:
‍Email: alex@flumes.ai
Jurisdiction: France (EU GDPR)

We would appreciate the opportunity to resolve any concerns before you contact the CNIL (Commission Nationale de l’Informatique et des Libertés), the French supervisory authority for data protection (https://www.cnil.fr/).

We may collect and process the following types of data:
‍
‍Identity & Contact Data: Name, email address, Google account profile information.
‍Email Metadata & Content: Sender/recipient addresses, subject lines, message content, thread info.
‍Technical Data: Device/browser type, IP address, cookies, API call logs.
‍Usage Data: Interaction logs (e.g., reply generation, follow-up triggers).
‍Preferences: Signature, tone settings, and other configuration choices.
‍Diagnostic Logs: Debugging or error-tracing metadata to improve the app.

We do not store credentials, attachments, or calendar data.

We collect data via:
‍
‍Direct interactions: When you sign in with Google, use our tools, or email us.
‍Automated interactions: Logs from usage, metadata, and diagnostics.
‍Third-party services: Google APIs (OAuth2), Supabase, OpenAI/DeepSeek API.

We use Google APIs only for core service functionality and do not share data beyond what’s required.

We use your personal data to:
‍
Provide and improve the Flumes AI service
Generate email replies and follow-ups
Classify and label your email threads
Save your settings and preferences
Handle authentication (via Google OAuth)
Debug and improve reliability

We do not sell, share, or use your data for profiling or advertising.

We use third-party AI services (e.g., OpenAI) to process certain data for reply generation, email classification, and follow-up drafting.

5.1 What Is Shared

Only the minimum data necessary is shared with AI models, such as:
Email content (subject lines, body, participants)
Signature or tone context (for reply matching)
No attachments or sensitive data are intentionally sent.

All processing is ephemeral unless explicitly saved by you.

5.2 Data Retention & Consent

We require AI service providers to adhere to Zero Data Retention policies and prevent model training on your data. User data is sent via encrypted API and discarded after processing.

We will obtain your explicit consent for AI processing on first use or when material changes occur.

User data (drafts, preferences) is stored in Supabase, using Row-Level Security (RLS) tied to your user ID.

AI requests are processed without storing full message history unless necessary for function.

All traffic is encrypted using HTTPS.

Access is limited by secure API keys, scoped access, and environment variables.

Some of our service providers are located outside the European Economic Area (EEA), such as in the United States.

When we transfer data internationally, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Providers’ participation in the EU-U.S. Data Privacy Framework (if applicable)

We only retain your data as long as necessary to provide our service, fulfill legal obligations, or support debugging.

You can request deletion at any time.

In some cases, we may anonymize data for internal analytics or improvement purposes.

Under GDPR, you have the right to:

Access your personal data

Correct inaccurate or outdated information

Request deletion (“right to be forgotten”)

Object to certain types of processing

Restrict how we use your data

Request data portability

To exercise these rights, email alex@flumes.ai.

We may ask for verification before responding.

We may revise this policy to reflect legal, operational, or service updates. We will notify users when changes are material and seek renewed consent where required.

📧 Email: alex@flumes.ai
‍📍 Based in: France (EU)
Supervisory Authority: CNIL – www.cnil.fr‍

We use cookies and similar technologies to understand how visitors use our website and to improve user experience.

12.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and understand user behavior.

12.2 What We Use Cookies For

Basic site functionality and navigation (Webflow cookies)

Analytics to understand user traffic and improve the product (e.g., Google Analytics, if enabled)

Security and fraud prevention

We do not use cookies for advertising or user profiling.

12.3 Your Choices

When you first visit our site, you will be prompted to accept or decline non-essential cookies. You can also configure your browser to reject all cookies or alert you when cookies are being set.

12.4 Third-Party Cookies

Some cookies may be set by third-party services we use (e.g., Webflow hosting, Google Analytics). These services may collect data per their own privacy policies.For more detailed control over your cookie settings, refer to your browser’s privacy controls or contact us at alex@flumes.ai.