Privacy Policy

Last updated: 8 December 2025

At Flow Grid, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our festival scheduling platform.

Information We Collect

Account Information

  • Name and email address when you create an account
  • Profile information you choose to provide
  • Authentication data (encrypted passwords or OAuth tokens)
  • Team member invitations and collaboration preferences

Festival Data

  • Festival details (names, descriptions, dates, locations)
  • Session information (schedules, teacher details, descriptions)
  • Photos and images you upload for teachers and festivals
  • Custom branding and styling preferences
  • Team member roles and access permissions

Usage Information

  • How you interact with our platform
  • Device and browser information
  • IP addresses and general location data
  • Performance and error logs

How We Use Your Information

  • Provide Services: Enable you to create and manage festival schedules
  • Account Management: Authenticate users and maintain accounts
  • Team Collaboration: Facilitate team member invitations and role-based access control
  • Communication: Send important updates, team invitations, and notifications about your account or festivals
  • Improvement: Analyze usage to improve our platform
  • Support: Provide customer support and troubleshooting
  • Security: Protect against fraud and unauthorized access

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in these specific circumstances:

  • Public Festival Pages: Information you choose to make public on festival schedules
  • Service Providers: Trusted third-party services that help us operate (hosting, analytics, email)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In the event of a merger or acquisition

Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted data transmission (HTTPS/SSL)
  • Secure password hashing
  • Regular security audits and updates
  • Access controls and authentication
  • Secure cloud infrastructure

Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Portability: Export your festival data
  • Objection: Opt out of certain data processing

Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. Here's a complete breakdown of the cookies we use:

Essential Cookies (Always Active)

These cookies are necessary for the platform to function and cannot be disabled.

  • Session Cookies (NextAuth.js) - Keep you logged in securely
  • Duration: Session-based (expires when you close your browser)
  • Purpose: Authentication and security

Analytics Cookies (Optional)

These cookies help us understand how you use our platform so we can improve it.

  • device_id - Anonymous device identifier for analytics
  • Duration: 1 year
  • Purpose: Track anonymous usage patterns (view modes, calendar exports, share clicks)
  • Third-party: No - this is a first-party cookie
  • Personal data: None - this cookie doesn't identify you personally

What We DON'T Use:

  • No advertising cookies
  • No cross-site tracking
  • No data sold to third parties
  • No social media tracking pixels

Managing Cookies:

  • You can change your cookie preferences at any time using our cookie banner
  • Clear your browser cookies to reset your choice
  • Most browsers allow you to block cookies entirely (this may affect functionality)

If you reject analytics cookies, we'll only use essential cookies required for the platform to function.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we remove your personal data within 30 days, except where we're required to retain certain information for legal or security purposes.

Children's Privacy

Flow Grid is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately. Parents or guardians concerned about their child's personal data should contact us via the Contact page.

International Users

Flow Grid is operated from Sliema, Malta. If you're accessing our services from outside Malta, your information may be transferred to and processed in Malta, which may have different privacy laws than your country. If you are located in the European Economic Area (EEA), you have the rights described above under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, and port your personal data, and the right to lodge a complaint with a supervisory authority.

How We Lawfully Process Data (GDPR)

Where GDPR applies, we process personal data on one or more lawful bases, including to perform the contract with you (providing the platform), to comply with legal obligations, based on your consent (for optional marketing communications), and for our legitimate interests (analytics, fraud prevention). You can exercise your rights or withdraw consent by contacting us via the Contact page.

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes by email or through our platform. Your continued use of Flow Grid after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out via our Contact page.

Address: Flow Grid Inc., Sliema, Malta (CET)