Privacy Policy

1. Introduction

FastFlowTech ("we", "us", "our") operates the fastflow.tech website and the FastFlowTech platform, including all products accessible through FlowPrime and individual subscriptions (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, organization name, and password when you create an account through ALKEYON, our identity platform.
• Billing information: Payment details are processed by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers.
• Communications: Information you provide when contacting us through our contact form, email, or support channels.
• User content: Any data, files, or content you create, upload, or store within our products as part of normal use.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken within our products, timestamps, and session duration.
• Device information: Browser type, operating system, device type, screen resolution, and language preferences.
• Log data: IP address, referring URLs, and access times.
• Performance metrics: Database usage, CPU and memory consumption, and bandwidth usage associated with your account for the purposes described in our Terms of Service.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage your subscription
• Authenticate your identity and manage access across products
• Send transactional emails (account confirmations, billing receipts, security alerts)
• Monitor and analyze usage patterns to improve our products
• Monitor resource consumption (database size, CPU, memory, bandwidth) to ensure platform stability and prevent abuse
• Detect, prevent, and address technical issues, fraud, and security threats
• Respond to your inquiries and provide customer support
• Send product updates and newsletters (only with your consent, and you can unsubscribe at any time)

4. Data Isolation and Security

Every tenant on our platform receives isolated databases. Your data is completely separate from other organizations. We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) for all communications
• Encryption at rest for stored data
• JWT-based authentication via our OIDC-compliant identity platform (ALKEYON)
• Regular security audits and monitoring
• Role-based access control within organizations

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach.

5. Third-Party Services

We use the following third-party services that may process your data:

• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• Cloudflare: Content delivery, DDoS protection, and DNS. Subject to Cloudflare's Privacy Policy.

We do not sell, trade, or rent your personal information to third parties. We may share anonymized, aggregated data that cannot be used to identify you.

6. Cookies and Tracking

We use essential cookies required for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled.

We use our own analytics platform (FF Analytics) to understand how our products are used. This data is processed on our own infrastructure and is not shared with third-party advertising networks.

We do not use third-party tracking cookies, advertising pixels, or behavioral profiling tools.

7. Data Retention

We retain your account information and user content for as long as your account is active. When you delete your account or request data deletion, we will remove your personal data within 30 days, except where we are required by law to retain it.

Billing records and transaction history may be retained for up to 7 years to comply with tax and accounting obligations.

Anonymized, aggregated usage data that cannot identify you may be retained indefinitely for product improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Our infrastructure is self-hosted in New Zealand on our own servers - not on third-party cloud providers. If you access the Service from outside New Zealand, your information may be transferred to and processed in New Zealand. By using the Service, you consent to this transfer.

New Zealand is recognized by the European Commission as providing an adequate level of data protection under GDPR.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Applicable Law

As a New Zealand company, we comply with the New Zealand Privacy Act 2020 and its Information Privacy Principles. Where applicable, we also respect the rights granted under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

We do not sell your personal information. For California residents: under the CCPA, you have the right to know what personal information is collected, request its deletion, and opt out of any sale or sharing. Since we do not sell personal information, no opt-out mechanism is required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at: