Privacy Policy

This policy explains how Pintor Project Co., a Delaware corporation and provider of the FlowGuard Platform, processes personal data from website visitors, authenticated Platform users, and third parties whose data is uploaded by our Customers as part of the Services. It complements — but does not replace — the Master SaaS Services Agreement (clause 6) that governs our relationship with contracting Customers.

1.1. Account and billing data: name, work email, organization, role, sign-up IP address, tax/billing information, and a record of acceptance of these terms (version + timestamp + IP).

1.2. Platform usage data: flows created, runs, screenshots generated during tests, aggregated metrics (latency, errors), and audit logs.

1.3. Customer Data: information the Customer chooses to upload to run tests, scan codebases, or generate flows. Depending on Customer use, this may include source code, screenshots of applications under test, and data visible in those applications.

1.4. Website navigation data: IP address, browser type, pages visited, and cookies that are strictly necessary or accepted via our cookie banner.

2.1. Delivering the contracted Services, including test execution, flow proposal generation, and AI-driven visual checkpoint analysis.

2.2. Secure Platform operation: monitoring, incident detection, abuse investigation.

2.3. Compliance with legal obligations (accounting records, authority requests).

2.4. Improving our AI models, only on anonymized or aggregated data, so as to not allow identification of specific natural persons. We do not use Customer Data to train third-party foundation models.

2.5. Transactional communications (email verification, payment receipts, security alerts) and, with prior consent, product updates.

With respect to Customer Data, the contracting Customer acts as Data Controller(or "business" under CCPA/CPRA) and Pintor Project acts as Data Processor(or "service provider" under CCPA/CPRA).

With respect to account and navigation data we collect directly from visitors and users, Pintor Project acts as Data Controller.

We operate the Platform with the sub-processors listed at flowguardians.com/subprocessors. The principal ones are:

• a) Microsoft Azure — hosting, databases, blob storage, Communication Services Email, and Azure AI Foundry (private deployment).
• b) Anthropic, PBC — language models (Claude API) for visual checkpoint analysis and test generation, accessed through the private Azure AI Foundry deployment.
• c) Stripe, Inc. — payment processing and subscriptions.
• d) Microsoft GitHub — optional integration for repository analysis.
• e) Atlassian and Microsoft Azure DevOps — optional ticket-tracker integrations when enabled by the Customer.

Your data may be processed in data centers in the United States (primary deployment region — Microsoft Azure West US 2, Anthropic, Stripe) and, where the Customer is contracted under an EU region, in the European Union. Transfers are covered by adequate contractual clauses (including the EU Standard Contractual Clauses where applicable) or recognized certifications.

We apply reasonable technical and organizational measures including encryption in transit and at rest, MFA for admin accounts, least-privilege access management, continuous monitoring, and incident-response procedures. However, no system is 100% secure and you acknowledge there is residual risk.

Subject to applicable data-protection law, you have the right to access, rectify, delete, and opt out of certain processing of your personal data. Under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), California residents may request to know what personal information we have collected, request deletion, correction, and opt out of any "sale" or "sharing" of personal information (Pintor Project does not sell personal information). Under GDPR, residents of the European Economic Area have equivalent rights of access, rectification, erasure, restriction, portability, and objection. To exercise these rights write to privacy@flowguardians.com. If your data was uploaded by a Customer as part of the Services, we will forward your request to that Customer (who acts as Data Controller).

We retain Customer Data while the contractual relationship is active. Upon written request we delete or return the data within a reasonable time, except for retention required by law. Run-history retention defaults depend on plan (Free: 7 days; Pro: 90 days; Business: 1 year; Enterprise: custom). Account data from inactive accounts may be deleted after 24 months of inactivity.

We use strictly necessary cookies (session, language preference) without requiring consent. For analytics or marketing cookies we request explicit consent through our cookie banner, in line with GDPR and applicable U.S. privacy regulations.

For any privacy or data-protection query, write to privacy@flowguardians.com. For general legal matters, legal@flowguardians.com.