1. INTRODUCTION

Flow Software Trading Limited (Flow, we, us, our) is committed to protecting personal information we collect and process. This policy explains how we handle personal information in compliance with the Privacy Act 2020 (New Zealand) and the Privacy Act 1988 (Australia).

Personal information means information about an identifiable individual and includes personal data, personally identifiable information, and equivalent information under applicable privacy and data protection laws.

This policy does not limit your rights under applicable privacy legislation. If you need additional information or clarification about our privacy practices, contact us at [email protected].

2. SCOPE – WHEN THIS POLICY APPLIES

This policy applies to personal information we collect through:


  • Our marketing website (flowsoftware.com)
  • Direct interactions with prospects, customers, and partners
  • Our integration platform and related services

Our different roles with your data:

When you visit our website or contact us directly, we are the data controller — we decide what information to collect and how to use it.

When customers use our integration platform, we process data flowing through those integrations as a data processor — we handle that data according to our customers' instructions under our service agreements. Our customers determine what data flows through our platform and how it's used. Their privacy policies govern their collection and use of data processed through our integrations, not this policy.

However, this policy explains our obligations and practices as a data processor, including our security measures and how we respond to data breaches.

3. INFORMATION WE COLLECT DIRECTLY FROM YOU

Contact and enquiry information: When you fill in forms on our website, call us, meet us, or otherwise contact us, we collect your name, email address, phone number, company name, and any other information you provide.


Newsletter and communications: When you subscribe to our newsletter or request other communications, we collect your name, email address, and any preferences you specify.


Customer account information: When you become a customer, we collect business contact details, billing information, and technical contacts for service delivery.


Some information is mandatory for us to provide our services — we’ll indicate what’s required when we collect it. If you choose not to provide required information, we may not be able to deliver some or all of our services.

4. INFORMATION WE COLLECT AUTOMATICALLY

When you use our website, we automatically collect:

  • Device information (IP address, operating system, browser type)
  • Usage information (pages visited, time spent on pages, links clicked)
  • Location information (inferred from IP address)

We collect this through cookies, web beacons, and similar technologies. See our Cookie Policy below for details and how to control these technologies.

5. HOW WE USE YOUR INFORMATION

We use personal information we control to:

  • Provide our website and services to you
  • Verify your identity and manage your account
  • Respond to your enquiries and support requests
  • Send you marketing communications about our products and services (you can opt out anytime)
  • Improve our website, products, and services
  • Analyse usage patterns and website performance
  • Comply with legal obligations and enforce our rights
  • Detect and prevent fraud or security issues

We only use your information for purposes you'd reasonably expect, or where we have a legal basis to do so under applicable privacy law.

Marketing communications: You can unsubscribe from marketing emails using the link in any email we send, or by contacting [email protected]. We'll action opt-out requests within 5 business days.

6. HOW WE PROCESS CUSTOMER DATA

When we act as a data processor for integration platform customers:

  • We only process data according to documented instructions in our service agreements
  • We implement appropriate security measures to protect that data
  • We assist customers with their obligations under privacy law (access requests, breach notifications, etc.)
  • We notify customers immediately if we receive any legal orders affecting their data
  • We don't use customer data for our own purposes

Our Data Processing Agreement (DPA) provides detailed contractual commitments about how we handle customer data. All customers using our integration platform receive data processing terms as part of their service agreement, including detailed commitments about how we handle customer data, security measures, breach notification procedures, and data handling obligations.

7. WHO WE SHARE YOUR INFORMATION WITH

We may disclose personal information to:

  • Flow Software group companies (including Flow Software (AU) Trading Pty Limited) for business operations
  • Service providers who support our website, platform, or services including:
    • Cloud hosting and infrastructure providers
    • Analytics and performance monitoring services
    • Marketing automation and customer communication platforms
    • Support and helpdesk tools
    • Security and monitoring services
  • Professional advisers (lawyers, accountants, auditors)
  • Law enforcement or regulatory authorities when legally required
  • Any person with your consent

Our service providers are located in New Zealand, Australia, and may include providers in other countries. We only work with service providers who commit to appropriate data protection standards.

We do not sell personal information to third parties.

8. INTERNATIONAL DATA TRANSFERS

Our infrastructure is hosted on cloud services with data stored in AWS regions in Australia and New Zealand. Our service providers are located in New Zealand, Australia, and may include providers in other countries.

When we transfer personal information internationally, we ensure appropriate safeguards are in place through:

  • Standard contractual clauses
  • Service provider commitments to appropriate data protection standards
  • Compliance with applicable cross-border data transfer requirements

9. YOUR RIGHTS

Subject to applicable law, you have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information in certain circumstances
  • Request restriction of how we process your information
  • Object to processing of your information
  • Request a copy of your information in portable format
  • Withdraw consent where we rely on consent for processing

How to exercise these rights:

Email [email protected] with:

  • Evidence of your identity
  • Details of your specific request
  • The personal information involved (if applicable)

We'll respond within the timeframes required by applicable privacy law (typically 20 working days in New Zealand, 30 days in Australia). We may charge reasonable costs for providing copies of extensive information.

For data processed through our platform: If you're an end-user of a customer's integration, contact that customer directly to exercise your rights regarding data they control. We'll assist our customers in responding to such requests as required under our service agreements.

10. DATA BREACH NOTIFICATION

If we experience a data breach that is likely to result in serious harm to individuals, we will:

  • Notify the relevant privacy authority (Office of the Privacy Commissioner in New Zealand and/or Office of the Australian Information Commissioner) as required by law
  • Notify affected individuals when required by law or when we determine notification is appropriate
  • Take immediate steps to contain and remediate the breach

We will assess suspected breaches promptly and complete assessments within legally required timeframes.

For breaches involving customer data processed through our platform, we'll notify affected customers immediately so they can meet their own notification obligations.

11. DATA SECURITY

We implement appropriate technical and organisational security measures to protect personal information from loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Multi-factor authentication and strong password requirements
  • Access controls limited to personnel who need access
  • Regular security assessments and monitoring
  • Comprehensive endpoint security and malware protection on all devices
  • Incident response procedures
  • Annual disaster recovery testing
  • Staff training on data protection

You're responsible for maintaining the confidentiality of any passwords or credentials you use to access our services. Notify us immediately at [email protected] if you suspect unauthorised access to your account.

While we implement robust security measures, no internet transmission or electronic storage is completely secure. You provide information to us at your own risk.

12. DATA RETENTION

We retain personal information based on the purpose collected:

  • Marketing contact information: Until you unsubscribe or request deletion
  • Customer account information: Duration of customer relationship plus up to 7 years for financial and legal compliance requirements
  • Website analytics: Typically, 2 years
  • Support records: Typically, 3 years

Actual retention periods may vary based on legal or business requirements.

Customer data processed through our platform is retained according to customer instructions in service agreements. We delete or return this data when the service relationship ends, unless legally required to retain it.

13. CHILDREN'S PRIVACY

Our services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, contact us immediately at [email protected] and we will delete it.

14. CHANGES TO THIS POLICY

We may update this policy from time to time by posting a revised version on our website. Changes take effect from the date we post the revised policy. We'll notify customers of material changes via email or through our platform.

15. COMPLAINTS

If you're concerned about how we've handled your personal information, contact us first at [email protected]. We'll investigate and respond within a reasonable timeframe.

If you're not satisfied with our response, you can lodge a complaint with:

16. CONTACT US

For questions about this policy or our privacy practices, or to exercise your rights:

Email: [email protected]

New Zealand Office:

Flow Software Trading Limited

The B:hive, Smales Farm

72 Taharoto Road, Takapuna

Auckland 0622, New Zealand

Australian Office:

Flow Software (AU) Trading Pty Limited

Level 20, 135 King Street

Sydney NSW 2000, Australia

COOKIE POLICIES

What are cookies?

Cookies are small text files stored on your device when you visit websites. They help websites remember your preferences, understand how you use the site, and show you relevant advertising.

Cookies can be session cookies (deleted when you close your browser) or persistent cookies (remain on your device for a set period). They can be first-party cookies (set by us) or third-party cookies (set by our service providers).

Your consent to cookies

When you first visit our website, we'll ask for your consent to use non-essential cookies. You can accept or decline and change your preferences anytime through our cookie consent tool or your browser settings.

Strictly necessary cookies don't require consent and are used automatically to enable core website functionality.

Types of cookies we use

Strictly necessary cookies (no consent required)

These are essential for our website to function. They enable basic features like page navigation, security, and load balancing. Without these, core website functionality won't work.

We use security and bot management cookies to protect our website.

Performance cookies (requires consent)

These collect information about how visitors use our website - which pages are visited most, if error messages are shown, etc. All information is aggregated and anonymous.

Google Analytics:

Functionality cookies (requires consent)

These remember your choices and preferences to provide enhanced, personalised features.

We use functionality cookies to remember your preferences and improve your experience on our website.

Targeting/advertising cookies (requires consent)

These track your browsing across websites to show you relevant advertising. We use them for retargeting - showing Flow ads to people who previously visited our website.

Google Ads:

We may also use other advertising and marketing cookies to measure campaign effectiveness and deliver relevant content.

For a complete list of cookies currently in use, please see our cookie consent tool when you visit our website.

How to control cookies

Through our website:

Use our cookie consent tool to manage your preferences. You can accept all cookies, decline non-essential cookies, or customise your settings by cookie category.

Through your browser:

All browsers let you control cookies. You can block all cookies, delete existing cookies, or set preferences for different websites.

Browser guides:

Note: Blocking all cookies may prevent you from using parts of our website or affect functionality.

Opt out of interest-based advertising

You can opt out of personalised advertising from participating companies:

Opting out doesn't stop advertising - you'll still see ads, but they won't be personalised based on your browsing behaviour.

Questions about cookies?

Contact [email protected].