Privacy Policy

Last Updated: November 3, 2025

1. Introduction

This Privacy Policy explains how Floma ("we," "us," or "our") collects, uses, and protects your information when you use our software and services.

2. Information We Collect

2.1 Information You Provide

• Email Address: When you purchase a subscription, we collect your email to send license keys and receipts
• Payment Information: Processed securely by Stripe. We never see or store your payment details
• License Key: Generated and stored to validate your subscription

2.2 Automatically Collected Information

• Machine ID: A hashed identifier to enforce one-machine license limit (cannot be reversed to identify you)
• Subscription Status: Whether your subscription is active, expired, or cancelled
• Usage Analytics: Basic anonymous statistics (e.g., number of workflows created) to improve the product

2.3 Information We DO NOT Collect

• Your files or file contents
• Workflow configurations or automation details
• Any data processed by Floma on your machine
• Browsing history or personal information

3. How We Use Your Information

We use collected information only for:

• License Delivery: Sending license keys via email
• Subscription Management: Processing payments, renewals, and cancellations
• Customer Support: Responding to your questions and issues
• Product Improvement: Anonymous analytics to improve Floma
• Legal Compliance: Meeting legal obligations and preventing fraud

4. Data Storage and Security

4.1 Local Data

All your workflows, files, and automation data are stored locally on your computer in:

• ~/.floma/ directory on macOS/Linux
• %APPDATA%\floma\ on Windows

This data never leaves your machine unless you explicitly use integrations (email, Slack, webhooks) that send data externally.

4.2 Cloud Data

We store minimal data in the cloud:

• License Keys: Stored in Cloudflare KV (encrypted at rest)
• Subscription Data: Managed by Stripe (PCI-DSS compliant)

4.3 Security Measures

• All data transmission uses HTTPS/TLS encryption
• License server runs on Cloudflare's secure infrastructure
• Payment processing through Stripe (PCI Level 1 certified)
• No plain-text storage of sensitive information

5. Third-Party Services

Floma integrates with third-party services. Your use of these services is subject to their privacy policies:

5.1 Payment Processing

• Stripe: Handles all payment processing. Stripe Privacy Policy

5.2 Email Delivery

• Mailgun: Sends license keys and receipts. Mailgun Privacy Policy

5.3 Infrastructure

• Cloudflare Workers: Hosts our license server. Cloudflare Privacy Policy

5.4 Optional Integrations

If you choose to use integrations, data may be sent to:

• Anthropic Claude: For AI processing
• Slack: For notifications (if you configure Slack integration)
• Email Services: For sending emails (if you configure SMTP)

Note: These integrations are optional and controlled by you.

6. Data Retention

• Active Subscriptions: Data retained while subscription is active
• Cancelled Subscriptions: License data retained for 90 days for reactivation, then deleted
• Email Communications: Transactional emails retained as required by law (typically 7 years)
• Local Data: Remains on your computer until you manually delete it

7. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update incorrect information
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Export your license and subscription data
• Objection: Opt-out of non-essential data collection

To exercise these rights, email support@getfloma.com

8. International Data Transfers

Floma operates globally. Your data may be processed in:

• United States (Stripe, Cloudflare)
• European Union (Cloudflare edge locations)

We ensure adequate protection through:

• Stripe's DPA and Standard Contractual Clauses
• Cloudflare's Data Processing Addendum

9. Children's Privacy

Floma is not intended for users under 18. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us immediately.

10. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (note: we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

11. European Privacy Rights (GDPR)

EU/EEA residents have rights under GDPR:

• Right to access, rectification, erasure, and data portability
• Right to restrict processing and object to processing
• Right to withdraw consent
• Right to lodge a complaint with supervisory authority

Our legal basis for processing: Contract performance and legitimate interests.

12. Cookies and Tracking

Our website uses minimal tracking:

• No advertising cookies
• No third-party analytics (no Google Analytics, Facebook Pixel, etc.)
• Session cookies only: For Stripe checkout functionality

13. Changes to This Policy

We may update this Privacy Policy. Changes will be posted on this page with an updated "Last Updated" date. Continued use after changes constitutes acceptance.

14. Contact Us

Questions about this Privacy Policy?

• Support: support@getfloma.com
• Website: getfloma.com