Analytics Data Retention Policy

This document explains in detail how Flowtag collects, processes, and stores analytics data. It supplements our Privacy Policy and is intended for users who want a precise picture of our analytics practices.

Questions? hello-flowtag@qwerty.ovh

1. What counts as analytics data

Analytics data is information generated when you use Flowtag that we collect to understand how the product is being used. We split it into two categories.

Product events (event tracking)

We record specific actions taken in the app, such as:

• Starting and ending a session
• Clicking features or UI elements
• Creating, editing, or deleting objects in the app
• Saving and exporting
• Changing account settings or preferences
• Errors and exceptions encountered

Each event record contains:

What we do NOT collect in events:

• Content you create (project names, note contents, form inputs)
• Full IP address (only the first two octets, or a hashed value)
• Personal identifiers linked to events (no email, no name)

Session and usage metrics

We collect aggregated activity signals:

• Session duration and in-app active time
• Daily / weekly / monthly session counts
• Features used within a session (list only, not frequency)
• Device type and screen resolution (rounded to the nearest 100px)
• Country or region (derived from truncated IP — not precise geolocation)

2. How we pseudonymize data

We separate analytics data from personal data through pseudonymization:

User identifiers — Internal UUIDs that are not directly linked to your email or other contact details. The mapping key is stored separately with restricted access.

IP addresses — We store only the first two octets (e.g. 195.150.x.x) or a salted one-way hash. Full IP addresses are never written to the analytics database.

Session identifiers — Generated randomly at each login. They cannot be used to track a user across sessions without access to the mapping key.

Device data — Screen resolutions are rounded; browser versions are grouped (e.g. "Chrome 13x") to reduce fingerprint uniqueness.

3. Retention periods

After the retention period, raw events are permanently deleted or irreversibly anonymized (by destroying the mapping key). Aggregated data that cannot identify any individual is kept as historical product data.

4. Who can access analytics data

Access to analytics data is strictly controlled:

• Product team — access to aggregated dashboards and reports only (no raw events linked to individual users)
• Engineering team — access to raw events for debugging purposes only, with access logging
• Third-party analytics providers — process data solely on our instruction, under a signed Data Processing Agreement (DPA)

Analytics data is never:

• Sold or shared with third parties for commercial purposes
• Used to build advertising profiles
• Combined with external data sources to re-identify users

5. Analytics tools we use

Fill in this section with the actual tools used in Flowtag. Options below:

Option A — Self-hosted analytics

Flowtag runs its own analytics infrastructure hosted on [PROVIDER, LOCATION]. No data is sent to external analytics platforms. All processing happens within our controlled infrastructure.

Option B — Plausible Analytics (privacy-first, EU-hosted)

Flowtag uses Plausible Analytics — a GDPR-compliant analytics tool that uses no cookies, collects no personal data, and is hosted in the European Union. Plausible does not build user profiles or share data with advertisers.

Option C — PostHog (self-hosted or EU Cloud)

Flowtag uses PostHog in [self-hosted / EU Cloud] configuration. Event data is stored on servers in [LOCATION]. PostHog processes data solely on our instruction under a signed DPA.

6. Your choices

Opting out of analytics

You can disable analytics collection at any time:

1. Go to Settings → Privacy
2. Turn off "Share usage data to help improve Flowtag"

Once disabled, no new events will be recorded from your account. Previously collected data will be deleted on the schedule described in section 3.

Requesting deletion of your analytics data

You can ask us to delete all raw events linked to your pseudonymous identifier before the standard retention period expires. Email hello-flowtag@qwerty.ovh and we'll process the request within 30 days.

Aggregated and anonymous data (e.g. "X users used feature Y in week Z") is not subject to deletion requests, because it contains no information that could identify you as a specific individual.

Account deletion

When you delete your Flowtag account, we trigger the following sequence:

1. Immediately: the mapping key linking your email to your internal user_id is deleted
2. Within 30 days: raw events linked to that user_id are purged from the analytics database
3. Permanently retained: anonymous aggregated data may remain as non-identifiable historical records

7. Legal basis

We process analytics data on the basis of legitimate interest (GDPR Art. 6(1)(f)):

• Interest: understanding how the product is used in order to improve it, fix bugs, and make informed development decisions
• Proportionality: we collect the minimum data necessary; we pseudonymize; we do not process user-created content
• Balance: opt-out is easy and effective; data is never used for advertising or profiling

For users in jurisdictions where analytics requires explicit consent, we display a consent prompt on first launch.

8. Changes to this policy

For material changes to how we collect or process analytics data, we'll notify you at least 30 days in advance by email or in-app notification.

9. Contact

Flowtag Software
Email: hello-flowtag@qwerty.ovh