FlowAllWay

FlowAllWay

Privacy Policy

How we collect, use, and protect your data

Last updated: January 2025

At FlowAllWay, we are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our queue management platform.

Data We Collect

We collect only the data necessary to provide our services:

Account Information

Email address, phone number, and account type (personal or business)

Establishment Data

Business name, address, contact information, operating hours, and logo/banner images

Location Data

Address-based geolocation for establishment search (we do not track real-time GPS)

Push Notification Tokens

Device tokens for sending push notifications (if enabled)

Usage Data

Login timestamps, page views, and interaction events for service improvement

How We Use Your Data

Your data is used exclusively to:

  • Authenticate and manage your account
  • Display your establishment information to customers
  • Enable real-time queue updates
  • Send important notifications about your account
  • Provide location-based establishment search
  • Analyze usage patterns to improve our services
  • Display relevant advertisements

Third-Party Services

We use the following third-party services:

Firebase (Google Cloud)

Authentication, database, and file storage services

Google Analytics

Anonymous usage analytics to improve our services

Adsterra

Advertising network to support our free service

Email Service

For sending account notifications and password reset emails

Data Security

We implement industry-standard security measures:

  • Passwords are encrypted using PBKDF2-SHA512 with 600,000 iterations
  • Authentication uses secure JWT tokens with short expiration times
  • All data transmission uses HTTPS encryption
  • HTTP-only cookies prevent cross-site scripting attacks
  • Rate limiting protects against brute force attacks

Data Retention

We retain your data as follows:

Active Accounts

Data is retained while your account is active

Deleted Accounts

When you delete your account, your data is retained for 90 days to allow recovery. After this period, data is permanently removed.

Your Rights

Under LGPD, GDPR, and other privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your account
  • Export your data (data portability)
  • Withdraw consent for optional data processing
  • Object to data processing for marketing purposes

To exercise these rights, access your Profile settings or contact us at the email below.

Contact Us

For privacy-related questions or concerns:

le.falbobarros@gmail.com+1 6477844573
Terms of ServiceCookie PolicyBack to Home