Last updated: 12 May 2026

Privacy Policy

This Privacy Policy describes how FlowLab Solutions Pty Ltd (“FlowLab”, “we”, “us”, or “our”) handles personal information collected through our platform and website. FlowLab is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. Who this policy applies to

This policy applies to two groups of people:

  • Operators — trades and service businesses that subscribe to and use FlowLab to run their operations.
  • End customers — individuals whose information operators enter into FlowLab (for example, a homeowner who receives a quote). If you are an end customer, please also refer to the privacy notice on the page where you submitted your information, which identifies the business that engaged you.

2. What information we collect

From operators

  • Account details: name, email address, mobile number, business name, ABN, and billing address
  • Payment information: processed by Stripe. We do not store raw card numbers.
  • Business configuration: service areas, pricing rates, branding preferences, and scheduling preferences
  • Usage data: pages visited, features used, errors logged, and automation events

From end customers (entered by operators)

  • Contact details: name, email address, mobile number, and suburb
  • Property information: address, notes, and job history
  • Communications: enquiries, quotes, invoices, and messages exchanged through the platform
  • Signatures: collected electronically for agreements via DocuSeal

Automatically collected data

  • Device and browser information
  • IP addresses and approximate location
  • Log files and error reports (via Sentry)

3. How we use your information

We use personal information to:

  • Provide, operate, and improve the FlowLab platform
  • Process subscription payments and send billing-related communications
  • Enable operators to send quotes, invoices, reminders, and agreements to their customers
  • Deliver transactional SMS and email messages on behalf of operators (via Brevo)
  • Optimise job routes and estimate drive times (via Google Maps)
  • Provide AI-assisted features such as quote drafting and scheduling (via Anthropic Claude)
  • Detect and prevent fraud, abuse, and security incidents
  • Meet legal and regulatory obligations

We do not sell personal information to third parties. We do not use end customer data for our own marketing.

4. Third-party services we use

FlowLab integrates with the following sub-processors. Each has its own privacy policy governing their use of data.

  • Supabase — database and authentication (data hosted in AWS ap-southeast-2, Sydney)
  • Vercel — application hosting
  • Stripe — payment processing
  • Brevo — transactional email and SMS delivery
  • Xero — accounting and invoicing integration (when connected by an operator)
  • DocuSeal — electronic agreement and signature collection
  • Google Maps — address geocoding, route optimisation, and satellite imagery
  • Anthropic (Claude) — AI-assisted quoting, scheduling, and communications drafting
  • Sentry — error monitoring and performance observability

5. Data storage and security

All data is stored in Australia (AWS ap-southeast-2, Sydney) via Supabase. Data in transit is encrypted using TLS. Sensitive credentials (API keys, OAuth tokens) are encrypted at rest using AES-256 before database storage.

We apply role-based access controls, and tenant data is strictly isolated — no operator can access another operator's data.

6. Data retention

We retain your data for as long as your account is active. If you close your account, we will delete or anonymise your data within 90 days unless we are required to retain it by law (for example, for tax or accounting purposes). Automated audit logs may be retained for up to 7 years for compliance purposes.

7. Your rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or outdated information
  • Request deletion of your information (subject to legal obligations)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at privacy@flowlabsolutions.au. We will respond within 30 days.

8. Cookies and tracking

We use essential session cookies to keep you logged in. We do not use advertising cookies or third-party tracking pixels. Error monitoring (Sentry) may set performance-related identifiers.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, notify operators by email at least 14 days before the change takes effect.

10. Contact us

For privacy-related questions or requests:

FlowLab Solutions Pty Ltd
Email: privacy@flowlabsolutions.au
Website: flowlabsolutions.au

← Back to homeTerms of Service →