Back

Privacy Policy

Last updated: 3 June 2026

This Privacy Policy describes how Flowganise Pty Ltd (ACN 47 683 893 183) ("Flowganise", "we", "us", or "our") collects, uses, stores, and discloses personal information in connection with the Flowganise platform and services ("Service"). It applies to visitors to our website (flowganise.com), our customers ("you" or "Customer"), and the end users who visit our customers' websites ("End Users").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, do not use the Service.

1. Who We Are

Flowganise is a conversion intelligence platform that detects friction across website funnels, estimates the dollar cost of each issue, and surfaces prioritised fixes. We are incorporated in Australia and operate globally.

For the purposes of the EU General Data Protection Regulation ("GDPR") and the UK GDPR:

  • In relation to Customer personal data (e.g. your account and billing information), Flowganise is the data controller.
  • In relation to End User data collected through our tracking script on your website, Flowganise is the data processor acting on your instructions. You, the Customer, are the data controller of your End Users' data.

2. Information We Collect

2.1. Information You Provide to Us (Customer Data)

When you register for an account, subscribe to a plan, or contact us, we may collect:

  • Full name and job title
  • Email address
  • Company name and website URL
  • Billing and payment information (processed by our third-party payment provider — we do not store full credit card details)
  • Any other information you voluntarily provide through support requests or communications

2.2. Information Collected via the Tracking Script (End User Data)

When you install our tracking script on your website, the Service collects data from your End Users, including:

  • Session and behavioural data: pages visited, page sequences, scroll depth, click interactions, time on page, exit pages, and session duration
  • Traffic source data: referral URLs, UTM parameters, campaign identifiers, and acquisition channels
  • Device and browser data: browser type and version, operating system, screen resolution, and device type
  • Network data: IP addresses (which may be anonymised or truncated depending on your configuration and applicable legal requirements)
  • Funnel data: conversion events, goal completions, and page-level drop-off rates as configured by you

We do not intentionally collect names, email addresses, passwords, payment details, or any other directly identifying personal information of End Users through the tracking script. We do not use the tracking script to collect data from form fields or text inputs.

2.3. Information Collected Automatically (Website Visitors)

When you visit flowganise.com, we may collect standard web analytics data, including pages viewed, referral source, browser type, and device information.

2.4. Cookies and Similar Technologies

We use cookies and similar technologies on flowganise.com and through our tracking script. These include:

  • Strictly necessary cookies: required for the Service to function (e.g. session management, authentication).
  • Analytics cookies: used to understand how visitors interact with our website and to improve the Service.
  • Third-party cookies: we may use third-party tools for analytics or marketing on our own website. These are governed by the respective providers' privacy policies.

Our tracking script installed on your website uses a first-party cookie to identify returning sessions. This cookie does not contain personally identifiable information and is used solely for the purpose of providing accurate session and funnel analytics.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

3. How We Use Information

3.1. Customer Data

We use your personal information to:

  • Create and manage your Account
  • Provide, maintain, and improve the Service
  • Process payments and manage your Subscription
  • Communicate with you about the Service, including product updates, security alerts, and support
  • Respond to your enquiries and support requests
  • Comply with legal obligations
  • Protect against fraud, abuse, and unauthorised access

3.2. End User Data

We process End User data on your behalf to:

  • Detect friction and anomalies across your website funnel using algorithmic and statistical analysis
  • Estimate the dollar cost associated with each detected issue
  • Generate prioritised fixes and recommendations (Insights) using a combination of algorithmic detection and AI-assisted analysis
  • Provide you with accurate session, traffic, and conversion analytics

We do not use End User data collected from your website to:

  • Build profiles of individual End Users across different customers' websites
  • Sell or rent End User data to third parties
  • Serve advertising to End Users
  • Contact End Users directly

3.3. Aggregated and Anonymised Data

We may create aggregated or anonymised data from Customer Data and End User Data for the purpose of improving the Service, conducting research, and generating benchmarks. Aggregated and anonymised data cannot be used to identify any individual or Customer and is not subject to the restrictions that apply to personal data under this Privacy Policy.

4. Legal Basis for Processing (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): providing the Service, managing your Account, processing End User data on your behalf as processor, and sending essential service communications.
  • Consent (Article 6(1)(a)): sending marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Article 6(1)(f)): improving and securing the Service, conducting analytics, and protecting against fraud and abuse.
  • Legal obligation (Article 6(1)(c)): complying with applicable laws and regulations.

5. How We Share Information

We do not sell personal information. We may share information in the following circumstances:

5.1. Sub-Processors and Service Providers

We use third-party service providers (sub-processors) to help operate the Service. These include providers of hosting and infrastructure, payment processing, email delivery, and AI-assisted analysis. Each sub-processor is bound by data processing agreements and is only permitted to process personal data as necessary to provide their services to us.

A current list of our sub-processors is available at flowganise.com/sub-processors.

5.2. Legal Requirements

We may disclose personal information if required to do so by law, regulation, legal process, or enforceable governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3. Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, personal information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

5.4. With Your Consent

We may share your information in other circumstances where you have given us explicit consent to do so.

6. Data Storage and Security

6.1. Where We Store Data

  • EEA and UK Customer Data: End User data originating from the European Economic Area (EEA) or the United Kingdom is stored and processed within the EEA, in Germany.
  • Other Customer Data: Data from customers outside the EEA may be stored in other regions, as described in our sub-processor list.

6.2. International Transfers

Where personal data originating from the EEA or the United Kingdom is processed outside the EEA — including by sub-processors — we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or other legally recognised transfer mechanisms under Chapter V of the GDPR.

6.3. Security Measures

We implement commercially reasonable technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, regular security reviews, and incident response procedures.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

7.1. Customer Data

We retain your Account information and billing data for the duration of your Subscription and for a reasonable period thereafter to comply with legal, accounting, and reporting obligations.

7.2. End User Data

We retain End User data for the duration of your Subscription. Upon termination, we retain your data for 30 days to allow you to request an export. After this period, we will delete or anonymise End User data in accordance with our data retention schedule.

7.3. Other Data

Aggregated and anonymised data may be retained indefinitely as it cannot be used to identify any individual.

We may retain certain information for longer periods where required by law (e.g. tax or accounting records) or where necessary to establish, exercise, or defend legal claims.

8. Your Rights

8.1. All Customers

Regardless of your location, you may:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your Account and associated data (subject to legal retention requirements)
  • Opt out of marketing communications at any time

8.2. Rights Under the GDPR (EEA and UK)

If you are located in the EEA or the United Kingdom, you have the following additional rights:

  • Access: the right to request a copy of the personal data we hold about you.
  • Rectification: the right to request correction of inaccurate or incomplete personal data.
  • Erasure: the right to request deletion of your personal data, subject to legal retention requirements.
  • Restriction: the right to request that we restrict the processing of your personal data in certain circumstances.
  • Portability: the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Objection: the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Automated decision-making: you have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.

To exercise any of these rights, contact us at hello@flowganise.com. We will respond within 30 days (or within the timeframe required by applicable law).

8.3. Rights Under the Australian Privacy Act

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the right to access and correct your personal information. If you believe we have breached the APPs, you may lodge a complaint with us at hello@flowganise.com or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

8.4. End User Rights

If you are an End User visiting one of our customers' websites and wish to exercise your data protection rights in relation to data collected through the Flowganise tracking script, please contact the website operator directly. As the data controller of your data, they are responsible for responding to your request. We will assist our customers in fulfilling such requests in accordance with our Terms and Conditions and applicable law.

9. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16 through the Service. If you are a Customer, you are responsible for ensuring that your website does not use the Service to collect data from children without verified parental consent where required by law.

If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data promptly.

10. Third-Party Links and Services

Our website and the Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with.

11. Marketing Communications

We may send you marketing communications about our products and services where you have given consent or where we have a legitimate interest in doing so (e.g. if you are an existing customer). You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at hello@flowganise.com.

Opting out of marketing communications will not affect essential service communications related to your Account or Subscription.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically for the latest information on our data practices.

13. Supervisory Authority

If you are located in the EEA or the United Kingdom and believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you are located in Australia, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We ask that you contact us first at hello@flowganise.com so that we have the opportunity to address your concern directly.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Flowganise Pty Ltd ACN 47 683 893 183 Email: hello@flowganise.com