FlautoPsyAI Workflow Drift Monitoring

Privacy Policy

Last updated: May 24, 2026

About Us

This Privacy Policy applies to FlautoPsy, operated by Stralocroft Technologies (registered in [TODO: jurisdiction]). If you have questions about this policy, contact privacy@stralocroft.com.

Information We Collect

FlautoPsy collects the following information:

  • Account Information: Email address, workspace name, and account settings
  • Workflow Traces: Prompts, LLM outputs, latency, token costs, and model names. Prompts and outputs are truncated to 10,000 characters and hashed for drift detection
  • Usage Data: Number of traces submitted, workflows created, alerts triggered, API calls made
  • Device & Browser Info: IP address, user agent, browser type, and country (for analytics and security)
  • Stripe Payment Info: Billing information is handled by Stripe and we do not store full credit card details

How We Use Your Information

We use your data for:

  • Providing and maintaining the FlautoPsy service
  • Detecting and alerting you to workflow drift
  • Communicating service updates and account notifications
  • Improving our product and algorithms
  • Preventing fraud and maintaining security
  • Complying with legal obligations

Data Retention

Traces are retained based on your subscription plan:

  • Free tier: 90 days
  • Pro tier: 1 year
  • Agency tier: Unlimited

You can delete traces manually from your dashboard or request permanent deletion of all data by contacting support@stralocroft.com.

Data Sharing & Third-Party Processors

We do not sell your data. We share data only with third-party service providers who process it on our behalf:

  • Supabase: Database hosting (acts as a data processor under GDPR)
  • Vercel: Application hosting and CDN (SOC 2 Type II)
  • Stripe: Payment processing (PCI DSS compliant)
  • Slack: Optional integration for alerts (only if you enable it)
  • Sentry: Error tracking and monitoring

All processors are contractually obligated to protect your data and use it only to provide services to us.

Data Security

Your data is protected by:

  • In Transit: TLS 1.3 encryption for all data between your browser/API and our servers
  • At Rest: AES-256 encryption for all data in our PostgreSQL database
  • API Keys: Hashed with SHA-256 and never stored in plaintext
  • Access Controls: Row-level security ensures users can only access their own workspace data

While we implement strong security measures, no system is completely risk-free. We maintain error monitoring via Sentry and perform regular security audits.

Your Privacy Rights

For EU Residents (GDPR): You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Port your data to another service
  • Restrict or withdraw consent to processing
  • Lodge a complaint with your local data protection authority

For California Residents (CCPA): You have the right to:

  • Know what data is collected
  • Delete your data
  • Opt-out of data selling (we don't sell data)
  • Non-discrimination for exercising your rights

To exercise any of these rights, email privacy@stralocroft.com with "Data Request" in the subject line. We'll respond within 30 days.

International Data Transfers

FlautoPsy is hosted in the United States (AWS us-east-1). If you are accessing FlautoPsy from the EU or other jurisdiction, you acknowledge that your data will be transferred to the United States. We rely on Standard Contractual Clauses for GDPR-compliant data transfers.

Cookies

We use only essential cookies for:

  • Session management (keeping you logged in)
  • CSRF protection (preventing cross-site attacks)
  • Workspace selection (remembering your active workspace)

We do not use analytics, tracking, or advertising cookies. See our Cookie Policy for details.

Children's Privacy

FlautoPsy is not intended for users under 18 years of age. We do not knowingly collect data from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

Policy Changes

We may update this Privacy Policy from time to time. If we make material changes that reduce your privacy rights, we will provide at least 30 days' notice by email or prominent notice on our website. Your continued use of FlautoPsy after changes indicates acceptance of the new policy.

Contact Us

For privacy questions or data requests:

We will respond to requests within 30 days.