Privacy Policy

    Last updated: 3 December 2024

    This Privacy Policy explains how FlowLabs ("FlowLabs," "we," "us," or "our") collects, uses, discloses and otherwise handles personal information in connection with our platform and services. FlowLabs is an Australian based business operated from New South Wales, Australia.

    This Privacy Policy applies to users of the FlowLabs platform, website, and related services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

    Nothing in this Privacy Policy is intended to limit any rights you may have under the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Australian Consumer Law, or any other applicable privacy or consumer protection legislation that cannot be excluded by agreement.

    1. About FlowLabs and the Service

    FlowLabs is a browser-based, high-quality remote viewing and collaboration platform designed for creative professionals, including colourists, editors, post-production teams, agencies, and other professional users.

    The Service enables users to:

    • Create rooms and invite participants for real-time collaboration;
    • Stream audio and video into rooms using encoders such as OBS via WHIP or WebRTC;
    • Conduct remote grading sessions, edit reviews, client approvals, and other collaborative workflows.

    The Service operates on a credit-based model:

    • Plan Credits: Included with paid subscription plans and reset each billing cycle.
    • Flow Credits: Prepaid usage credits purchased separately that do not expire, subject to our Terms of Service.

    We may use third-party infrastructure providers, including cloud hosting and real-time media infrastructure, to deliver the Service. Further details about how we handle personal information in this context are set out below.

    2. Applicable Law and Jurisdiction

    2.1 Australian Privacy Law

    FlowLabs is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy is intended to comply with those requirements.

    2.2 Overseas Users

    Some users and data subjects may be located outside Australia, including in the European Union, United Kingdom, United States, and other regions with their own privacy laws (such as the General Data Protection Regulation).

    While we do not claim full compliance with every jurisdiction's privacy laws, we endeavour to respect the spirit of overseas privacy regulations where reasonably practicable. We will consider requests from overseas users to exercise rights similar to those provided under their local laws (such as access, correction, deletion, objection, restriction, and data portability) and respond in accordance with applicable law.

    3. Types of Information We Collect

    3.1 Account Information

    When you create an account or use the Service, we may collect:

    • Name and contact details (such as email address);
    • Business or organisation name;
    • Billing and invoicing details;
    • Password or authentication identifiers (stored in hashed or encrypted form);
    • Account preferences and settings.

    3.2 Usage and Technical Data

    When you access or use the Service, we automatically collect certain technical information, including:

    • IP address;
    • Browser type and version;
    • Device information and operating system;
    • Timestamps and session duration;
    • Room IDs and session identifiers;
    • Connection quality metrics and performance data;
    • Approximate geographic location (derived from IP address);
    • Server logs and diagnostic information from our media infrastructure.

    3.3 Session and Collaboration Data

    In connection with your use of the Service, we may collect:

    • Room names and descriptions;
    • Email addresses of invited participants;
    • Session metadata, including start and end times, participant counts, and credit consumption;
    • Chat messages sent within sessions;
    • Session notes created by users.

    3.4 Payment Data

    Payments are processed through third-party payment processors. We do not store full credit card numbers or complete payment card details on our systems. We may receive and store:

    • Transaction identifiers and payment confirmation details;
    • Partial card information (such as the last four digits) for identification purposes;
    • Billing address and invoice history.

    3.5 Communications

    We collect information when you communicate with us, including:

    • Support requests and correspondence;
    • Feedback, suggestions, and bug reports;
    • Responses to surveys or questionnaires.

    3.6 Cookies and Similar Technologies

    We use cookies and similar technologies to collect information about your use of the Service. This may include:

    • Session cookies to maintain your logged-in state;
    • Functional cookies to remember your preferences;
    • Analytics cookies to understand how the Service is used.

    Further details are provided in Section 12 (Cookies and Analytics) below.

    3.7 Streaming Content

    Live video and audio streamed through the Service are transmitted through our infrastructure and, in some cases, third-party media infrastructure.

    Streaming content may be temporarily buffered or cached as part of the technical delivery process. We do not routinely record or permanently store streamed video or audio content unless:

    • A user enables a recording feature (if available); or
    • Logging is required for debugging, security, or legal purposes.

    You are responsible for ensuring you have appropriate rights and consents to stream any content through the Service.

    4. How We Collect Information

    4.1 Information Provided Directly by You

    We collect information you provide when you:

    • Create an account or update your profile;
    • Subscribe to a plan or purchase credits;
    • Create or join a session;
    • Contact us for support or with enquiries;
    • Respond to surveys or provide feedback.

    4.2 Information Collected Automatically

    We automatically collect certain information when you use the Service through:

    • Server logs and infrastructure monitoring;
    • Analytics tools and performance monitoring;
    • Cookies and similar tracking technologies;
    • Debugging and diagnostic systems.

    4.3 Information from Third Parties

    We may receive information about you from third parties, including:

    • Payment processors (transaction confirmations and fraud signals);
    • Single sign-on (SSO) or authentication providers, if you choose to authenticate using a third-party service;
    • Other users who invite you to participate in sessions.

    5. Purposes of Collection and Use

    We collect and use personal information for the following purposes:

    5.1 Providing and Maintaining the Service

    • To create and manage your account;
    • To enable you to create, join, and participate in sessions;
    • To deliver streaming and collaboration functionality;
    • To provide technical support and respond to enquiries.

    5.2 Performance Monitoring and Improvement

    • To monitor and improve stream quality, latency, and reliability;
    • To analyse usage patterns and identify areas for improvement;
    • To develop new features and enhance the Service.

    5.3 Billing and Payments

    • To process payments and manage subscriptions;
    • To track credit usage and maintain billing records;
    • To prevent and detect fraudulent transactions.

    5.4 Security and Legal Compliance

    • To protect the security and integrity of the Service;
    • To enforce our Terms of Service and protect our rights;
    • To comply with legal obligations and respond to lawful requests;
    • To investigate and prevent abuse, fraud, or illegal activity.

    5.5 Communications

    • To send service-related notifications and updates;
    • To respond to your enquiries and support requests;
    • To send marketing communications where you have consented or where otherwise permitted by law (with the ability to opt out).

    5.6 Aggregated and De-identified Analysis

    We may analyse aggregated and de-identified data for research, statistical analysis, and product improvement purposes. Such data does not identify individual users.

    6. Legal Bases and Consent

    6.1 Australian Users

    Under Australian privacy law, we collect personal information for purposes that are reasonably necessary for, or directly related to, our functions and activities. We only collect personal information by lawful and fair means, and where it is reasonably necessary for our business purposes.

    We collect information in circumstances where you would reasonably expect us to do so, given the nature of the Service and our relationship with you.

    6.2 European Union and Similar Jurisdictions

    For users in jurisdictions that require a specific legal basis for processing personal data (such as the EU under the GDPR), we rely on the following bases as applicable:

    • Performance of a contract: Processing necessary to provide the Service and fulfil our contractual obligations to you;
    • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights;
    • Consent: Where you have given specific consent, such as for marketing communications or non-essential cookies;
    • Legal obligation: Processing necessary to comply with applicable laws.

    6.3 Withdrawing Consent

    Where we rely on consent, you may withdraw that consent at any time. You can opt out of marketing communications using the unsubscribe link in our emails or by contacting us. You can manage cookie preferences through your browser settings or any cookie management tools we provide. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

    7. Disclosure of Personal Information

    We may disclose personal information to the following categories of recipients:

    7.1 Service Providers

    • Cloud hosting providers: To store data and host the Service;
    • Real-time media infrastructure providers: To deliver streaming functionality;
    • Payment processors: To process payments and manage billing;
    • Email service providers: To send transactional and marketing emails;
    • Support and helpdesk tools: To manage support requests;
    • Analytics providers: To analyse usage and improve the Service.

    7.2 Professional Advisers

    We may disclose personal information to our professional advisers, including lawyers, accountants, and auditors, where necessary for legal, accounting, or business purposes.

    7.3 Legal and Regulatory Authorities

    We may disclose personal information where required or permitted by law, including:

    • To comply with legal process, court orders, or government requests;
    • To enforce our Terms of Service or protect our rights;
    • To protect the safety, rights, or property of any person;
    • To investigate or prevent illegal activity.

    7.4 Business Transfers

    In the event of a merger, acquisition, reorganisation, sale of assets, or similar transaction, personal information may be transferred to the acquiring entity or successor. We will take reasonable steps to ensure any such recipient is bound by obligations consistent with this Privacy Policy.

    7.5 With Your Consent

    We may disclose personal information to other parties where you have provided consent.

    7.6 No Sale of Personal Information

    We do not sell personal information to third parties as a standalone product or for their independent marketing purposes.

    8. Overseas Disclosure and Cross-Border Transfers

    Your personal information may be stored or processed on servers located outside Australia, including in countries where some of our infrastructure providers operate.

    Countries where data may be transferred include, but are not limited to, the United States and countries within the European Union. Data protection laws in these countries may differ from those in Australia.

    We take reasonable steps to ensure that overseas recipients of personal information handle that information in accordance with the Australian Privacy Principles. This may include contractual arrangements, selecting reputable providers, and implementing appropriate security measures. However, by using the Service, you acknowledge that we cannot guarantee that overseas recipients will comply with Australian privacy law.

    9. Data Retention

    We retain personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

    9.1 Retention Periods

    • Account information: Retained while your account is active and for a reasonable period thereafter for legal, accounting, and business purposes;
    • Session and usage data: Retained for a limited period for operational, debugging, and analytical purposes;
    • Payment and billing records: Retained as required by tax and accounting laws;
    • Communications: Retained as necessary to provide support and maintain records of our interactions;
    • Logs and technical data: Retained for a limited period for security, debugging, and compliance purposes.

    9.2 After Account Closure

    After you close your account, we may retain certain information as required by law, for legitimate business purposes such as record keeping, security, fraud prevention, and enforcement of our rights.

    We may also retain de-identified or aggregated data that does not identify you for analytical and statistical purposes.

    9.3 Your Responsibility for Backups

    The Service is not intended to be the sole repository of your content. You are responsible for maintaining your own backups of any content you consider important. We do not guarantee the availability or recovery of any content after account closure or service interruptions.

    10. Security

    We implement reasonable technical and organisational measures to protect personal information from unauthorised access, use, disclosure, alteration, and destruction. These measures include:

    • Encryption of data in transit using industry-standard protocols;
    • Access controls limiting access to personal information on a need-to-know basis;
    • Secure authentication mechanisms;
    • Regular review of security practices and infrastructure.

    However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect personal information, we cannot guarantee absolute security.

    You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. Please notify us immediately if you become aware of any unauthorised access to your account.

    11. User Rights and Choices

    11.1 Australian Users

    Under the Privacy Act 1988 (Cth), you have the right to:

    • Access: Request access to the personal information we hold about you;
    • Correction: Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

    To make a request, please contact us using the details provided in Section 16. We will respond to your request within a reasonable timeframe and in accordance with the Privacy Act.

    11.2 Overseas Users (Including EU)

    If you are located in a jurisdiction that provides additional privacy rights (such as the European Union under the GDPR), you may have rights including:

    • Access: The right to obtain confirmation of whether we process your personal data and to access that data;
    • Rectification: The right to have inaccurate personal data corrected;
    • Erasure: The right to request deletion of your personal data in certain circumstances;
    • Restriction: The right to request restriction of processing in certain circumstances;
    • Objection: The right to object to processing based on legitimate interests;
    • Data portability: The right to receive your personal data in a structured, commonly used format.

    We will consider and respond to such requests in line with applicable law. Some requests may be subject to limitations or exceptions.

    11.3 Marketing Communications

    You may opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in our emails or by contacting us. Please note that you may continue to receive transactional and service-related communications even after opting out of marketing.

    12. Cookies and Analytics

    12.1 What Are Cookies

    Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to site operators.

    12.2 How We Use Cookies

    We use the following types of cookies:

    • Essential cookies: Necessary for the Service to function, such as maintaining your logged-in session;
    • Functional cookies: Used to remember your preferences and settings;
    • Analytics cookies: Used to understand how users interact with the Service, which pages are visited, and how we can improve.

    12.3 Your Choices

    Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies, though this may affect the functionality of the Service.

    Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device.

    13. Third-Party Links and Integrations

    The Service may contain links to third-party websites, services, or applications. These third parties have their own privacy policies and practices, which we do not control.

    We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

    14. Children

    The Service is designed for professional and business users and is not directed to children. In accordance with our Terms of Service, you must be at least 18 years of age to use the Service.

    We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as soon as practicable. If you believe we have collected information from a child, please contact us immediately.

    15. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

    If we make material changes, we will notify you by posting the updated Privacy Policy on the Service and updating the "Last updated" date at the top. For significant changes, we may also notify you by email or through the Service.

    Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of those changes. We encourage you to review this Privacy Policy periodically.

    16. Contact Details and Complaints

    16.1 Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

    FlowLabs

    Email: support@flowlabs.live

    Website: flowlabs.live

    We will endeavour to respond to your enquiry within a reasonable timeframe.

    16.2 Complaints

    If you believe we have breached the Australian Privacy Principles or are otherwise dissatisfied with how we have handled your personal information, please contact us first so we can try to resolve your concerns.

    If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

    Website: www.oaic.gov.au

    Phone: 1300 363 992

    Post: GPO Box 5218, Sydney NSW 2001

    17. Relationship with Terms of Service

    This Privacy Policy should be read together with our Terms of Service, which govern your use of the Service. Capitalised terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

    In the event of any conflict between this Privacy Policy and the Terms of Service regarding privacy matters, this Privacy Policy will prevail. For all other matters, the Terms of Service will prevail.

    By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our privacy practices, you should not use the Service.