← Back to Home

Privacy Policy

Effective Date: February 5, 2026

1. Introduction

Flowstate Industrial LLC ("Company," "we," "us") operates the Flowstate Industrial IIoT monitoring platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for EU/EEA users and relevant US state privacy laws.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address (via Clerk authentication)
  • Organization name and details
  • Billing information (processed by Stripe; we do not store card numbers)

2.2 Industrial Sensor Data

When you connect devices, the Service collects:

  • Sensor readings (temperature, humidity, vibration, air quality, etc.)
  • Device metadata (device IDs, firmware versions, battery levels)
  • Network information (gateway IDs, signal strength)
  • Timestamps and ISA-95 hierarchy context (enterprise, site, area, cell)

Sensor data does not include personally identifiable information (PII). It represents machine and environmental measurements from your manufacturing facility.

2.3 Usage Data

We automatically collect:

  • Dashboard access logs
  • Feature usage patterns
  • Support chat interactions
  • Browser type and IP address

2.4 Communication Data

If you contact us or use the Downtime Calculator, we collect the information you provide (name, email, company, project requirements).

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process sensor data, generate dashboards, trigger alerts, run analytics
  • AI Features: Power support chat and recommendation engine using your operational data
  • Billing: Process payments and manage subscriptions
  • Communication: Send transactional emails (order confirmations, alerts, shipping notifications)
  • Improvement: Analyze usage patterns to improve the Service
  • Support: Respond to your inquiries and resolve issues
  • Security: Detect and prevent unauthorized access or abuse

We do not sell your data. We do not use your sensor data for advertising. We do not share your data with third parties except as described in Section 5.

4. Legal Basis for Processing (GDPR)

For EU/EEA users, we process personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you subscribed to (account management, data processing, billing)
  • Legitimate Interest: Usage analytics, security monitoring, and service improvement
  • Consent: Marketing communications (you can opt out at any time)
  • Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing and Third-Party Services

We share data with the following categories of service providers, solely to operate the Service:

ProviderPurposeData Shared
ClerkAuthenticationEmail, name
StripePaymentsBilling info, email
ConvexBackend/DatabaseAll application data
HiveMQ CloudMQTT BrokerSensor data in transit
InfluxDB CloudTime-series storageSensor data
Grafana CloudVisualizationSensor data (read-only)
ResendTransactional emailEmail addresses, email content
TwilioSMS notificationsPhone numbers, alert content
AnthropicAI support chatChat messages, operational context
VercelHostingIP addresses, request logs

We do not share data with advertisers or data brokers. We may disclose information if required by law, court order, or to protect the rights and safety of our users.

6. Data Storage and Security

6.1 Storage Location

Data is stored in the United States via our cloud service providers. For EU/EEA users, data transfers are governed by Standard Contractual Clauses (SCCs) as required by GDPR.

6.2 Security Measures

  • TLS 1.3 encryption for all data in transit (MQTT, HTTPS)
  • Encryption at rest for stored data
  • Authentication via Clerk with session management
  • Tenant isolation (all queries filtered by organization ID)
  • Rate limiting on API endpoints
  • No plain-text storage of credentials

6.3 Data Retention

  • Sensor data: Per plan (Pilot: 90 days, Production: 365 days, Enterprise: custom)
  • Account data: Retained while your account is active, deleted 30 days after cancellation
  • Support chat logs: Retained for 12 months
  • Billing records: Retained as required by tax and financial regulations

7. Your Rights

7.1 All Users

  • Access: Request a copy of data we hold about you
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Data Export: Request your data in a machine-readable format
  • Opt-out: Unsubscribe from marketing emails at any time

7.2 EU/EEA Users (GDPR)

In addition to the above, you have the right to:

  • Restrict Processing: Request we limit how we use your data
  • Data Portability: Receive your data in a structured, commonly used format
  • Object to Processing: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@flowstateindustrial.com. We will respond within 30 days (or 72 hours for GDPR access requests).

8. Cookies and Tracking

The Service uses essential cookies for authentication and session management (via Clerk). We do not use advertising cookies or third-party tracking pixels.

  • Essential cookies: Required for login, session persistence, and security. Cannot be disabled.
  • Analytics: We may use privacy-respecting analytics to understand usage patterns. No PII is collected via analytics.

9. Children's Privacy

The Service is designed for business use by manufacturing professionals. We do not knowingly collect information from children under 16. If we learn that we have collected information from a child, we will delete it promptly.

10. International Data Transfers

If you are located outside the United States, your data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EU/EEA data transfers and compliance with applicable data transfer frameworks.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The "Effective Date" at the top indicates the latest revision.

12. Contact Us

For privacy-related questions or to exercise your data rights:

Privacy inquiries: privacy@flowstateindustrial.com

General inquiries: legal@flowstateindustrial.com

Flowstate Industrial LLC
Massillon, OH 44646
United States

Terms of Service | Home