PRV Privacy policy
This describes what information FlowCraft Web collects, how we use it, and how we protect it. We've kept it short and readable. The short version: we only collect what we need, we don't sell it, and we'll delete it on request.
Disclaimer. This policy is provided for general business use and should not be considered legal advice. Please consult a qualified attorney for legal review before relying on it in a regulated jurisdiction.
This policy covers anyone who visits flowcraftweb.com, fills out one of our forms, emails us, or becomes a client. "We," "us," and "the studio" refer to FlowCraft Web. "You" and "your" refer to you.
We only collect what we need to deliver our services and to keep the studio running. Specifically:
We do not ask for date of birth, government IDs, or payment card numbers. Payment card details are handled by our payment processor and never stored on our systems.
When you submit a form on flowcraftweb.com, we collect:
We also store anti-spam signals (a hidden honeypot field, basic device information, the page you submitted from) so we can quietly drop obvious bot submissions.
When you visit the site, we automatically receive: the page URL you arrived from, the URL you came from before that (referrer), your device and browser information (user agent string), and any UTM parameters present in the URL.
This data is used to understand how people find us, debug issues, and improve the site. It is not used to identify you personally and we don't combine it with the form information you submit beyond reasonable troubleshooting.
Our website uses minimal cookies — essentially just what's required for the site to function and to remember small preferences. For example, the "Hi 👋 Need help?" mascot bubble dismissed-state is stored in your browser's localStorage so it doesn't keep popping up.
If we add web analytics (e.g., Plausible, Fathom, Google Analytics) to understand site traffic, we will update this section to disclose it. We aim to use privacy-respecting analytics where possible.
We use the information you provide for these purposes only:
We do not use your information for targeted advertising, profile-building, or any purpose unrelated to delivering you the service you came here for.
If you submit a contact form, the submission flows through a webhook into our internal lead pipeline. From there, a human at FlowCraft Web (almost always Joey) reads it and replies — typically by email within one business day.
We treat every inbound message as a confidential business conversation, not a marketing list signup.
Email follow-up is limited to: replying to your specific inquiry, scheduling calls, sending you proposals, invoices, project updates, and (if you become a client) occasional studio news such as new packages or maintenance windows. Studio news is opt-out at any time.
We do not send cold outreach to addresses we did not collect through your direct submission.
We use AI-assisted tools internally to help with drafting reply suggestions, summarizing long messages, and routing requests to the right person. Final outbound replies are written or reviewed by a human before they go out.
The AI services we may use to draft replies are commercial AI providers with their own privacy and data-retention practices. We do not give those models permission to train on your data; we choose providers and configurations that disable training on customer inputs where possible.
To run our business, we use third-party services that may incidentally process your information:
Each of these has their own privacy practices. We choose providers who take privacy seriously and we limit what we share to what's needed.
We do not sell your personal information. Not to data brokers, not to marketers, not to anyone. We do not share it for cross-context behavioral advertising. We do not run targeted ads against it. We do not use it to train external AI models.
We keep inquiry and support data for as long as it's needed to deliver service or to comply with legal obligations — typically about 3 years from last contact for inquiries, and 7 years for client billing records to satisfy tax-record requirements.
On request, we will delete information we are not legally required to retain (see section 14).
We use industry-standard security practices: encrypted connections (HTTPS / TLS) for all data transmission, encrypted-at-rest databases provided by our infrastructure partners, role-based access controls so only authorized team members can view client data, and regular review of who has access to what.
No system is perfectly secure, and we won't pretend otherwise. If we ever experience a data breach affecting your information, we will inform you promptly and take corrective action.
You can ask us:
Email hello@flowcraftweb.com for any of these requests. We aim to respond within 5 business days.
Our services are not directed at children under 13. We do not knowingly collect information from children. If you believe a child has submitted information to us, please contact us and we will delete it.
We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be communicated to active clients in writing.
Privacy questions or concerns? Email hello@flowcraftweb.com. A real person reads every message.
FlowCraft Web · Medway, Massachusetts · Serving local businesses across MetroWest, Greater Boston & Worcester County.
Hi, I'm MiaA real person reads every message.
