Flovia AI Oy · Latest update: 5 May 2026
This Privacy Policy explains how Flovia AI Oy collects, uses, stores and protects personal data when you visit our website, use our application or interact with our services.
This Privacy Policy applies to:
The Service is intended for business and professional use only.
The controller responsible for the processing of personal data described in this Privacy Policy is:
Flovia may process personal data in different roles depending on the situation.
Flovia acts as a controller when it determines the purposes and means of processing personal data, for example when we process:
Flovia may act as a processor when it processes personal data on behalf of a business Customer, for example when the Customer connects social media accounts, marketing platforms, campaign data, profile data, brand data or other Customer Data to the Service.
Where Flovia acts as a processor, the Customer is the controller and Flovia processes the data according to the Customer's instructions, applicable agreement and, where applicable, a Data Processing Agreement.
We may collect and process the following categories of personal data.
When a User creates an account or uses the Application, we may collect:
Users may delete their account and related account data through the tools provided in the Application, where available, or by contacting Flovia.
When a Customer uses Flovia, we may process information about the Customer's organisation, such as:
Users log in to the Application using email and password.
In addition, Users may connect third-party marketing and social media accounts to the Service through the relevant platform's OAuth process. This may include:
When Users connect these accounts, Flovia may process authentication-related information necessary to maintain the integration, such as access tokens, refresh tokens, account identifiers, connection status and permissions granted through the relevant platform.
Flovia does not receive or store the User's password for the connected Third-Party Platform. The connection is managed through the relevant platform's OAuth process and the permissions granted by the User or Customer.
Flovia uses this data only to provide and maintain the connected integrations and related Service functionality.
If a Customer connects third-party platforms to Flovia, we may process data from those platforms. Depending on the connected platform and enabled features, this data may include:
Flovia uses this data to provide dashboards, reporting, AI analysis, campaign insights, performance summaries and related functionality.
The Customer is responsible for ensuring that it has the necessary rights and permissions to connect third-party accounts and process the related data through Flovia.
Flovia uses OpenAI to provide certain AI features. When Users use AI features, we may process:
Flovia uses this data to provide AI-assisted analysis, reporting, chat functionality, recommendations, debugging, security and product improvement.
Flovia does not use Customer Data, prompts, reports or social media and marketing data to train general AI models, third-party AI models or Flovia-specific AI models.
Users should not submit unnecessary personal data, sensitive personal data or confidential third-party data into AI prompts unless they are authorised to do so and the data is necessary for the intended use.
AI-generated outputs are assistive and informational. They may contain errors, omissions or inaccurate interpretations. Users are responsible for reviewing and validating AI-generated outputs before relying on them.
If the Service allows file uploads or manual data input, we may process:
The Customer is responsible for ensuring that uploaded content is lawful and that it has the necessary rights to use and upload such content.
When you visit flovia.ai or use app.flovia.ai, we may automatically collect technical and usage data, such as:
This data helps us operate, secure, analyse and improve the Website and the Service.
We use cookies and similar technologies on the Website and the Application. We currently use:
These tools may collect usage data, device data, session data, page views, events, conversions and similar information.
Google Tag Manager is used to manage tags and scripts. Google Analytics 4 is used for analytics and service improvement. Meta Pixel is used for advertising measurement, conversion tracking and marketing purposes.
We use strictly necessary cookies to provide the Website and Application. These cookies do not require consent.
Analytics and marketing cookies, including cookies and similar technologies related to Google Analytics 4 and Meta Pixel, are used only where required consent has been obtained.
More information is provided in our Cookie Policy.
Flovia currently uses manual invoicing and manual customer agreements. When a Customer purchases or uses a paid service, we may process:
Flovia does not currently process payments through an online payment processor inside the Service.
When you contact us, request a demo, use support or communicate with us, we may process:
We process personal data for the following purposes:
We process personal data under the following legal bases.
We process personal data where necessary to provide the Service, manage accounts, provide trials, process subscriptions, support Customers, maintain integrations, manage invoicing and perform our contractual obligations.
We may process personal data based on our legitimate interests, including:
We process personal data based on consent where required, for example for certain cookies, marketing communications or optional tracking technologies.
Users may withdraw consent at any time.
We may process personal data where necessary to comply with legal obligations, such as accounting, tax, regulatory or legal requirements.
Flovia uses OpenAI to provide certain AI-assisted features in the Service. These features may include AI chat, AI summaries, AI-generated reports, recommendations, insights and other AI-assisted outputs.
When a User uses AI features, relevant data may be processed through OpenAI's services to generate the requested output. This may include prompts, selected metrics, campaign data, report context, brand knowledge and other information needed to provide the feature.
Flovia aims to limit the data sent to AI providers to what is necessary for the relevant AI functionality.
Flovia does not use Customer Data, prompts, reports or social media and marketing data to train general AI models, third-party AI models or Flovia-specific AI models.
Users should not include unnecessary personal data, sensitive personal data or confidential third-party data in prompts or uploaded materials unless they are authorised to do so.
AI-generated outputs are not guaranteed to be accurate, complete or suitable for a specific purpose.
When a Customer connects a Third-Party Platform, Flovia processes data made available by that platform's API or integration. Third-Party Platforms may include:
The availability, accuracy and scope of data depends on the third-party platform, the Customer's permissions, API limitations, access tokens, platform rules and technical availability.
The Customer remains responsible for complying with the terms and privacy requirements of the relevant Third-Party Platforms.
We may share or make personal data available to trusted service providers where necessary to provide the Service. These may include:
These providers may process personal data only for the purposes defined by Flovia or the Customer and subject to appropriate contractual safeguards.
Flovia stores its core Service data in Amazon Web Services infrastructure located in the European Union.
This includes Customer Data stored in AWS and S3, as well as related infrastructure used to provide the Service.
Some third-party service providers, such as analytics, advertising and AI service providers, may process limited personal data outside the EU or EEA depending on their own infrastructure and service configuration.
Where personal data is transferred outside the EU or EEA, Flovia uses appropriate safeguards required by applicable data protection laws, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.
Personal data may be processed in Finland, the European Union, the European Economic Area and other countries where Flovia or its service providers operate.
Where personal data is transferred outside the EU or EEA, Flovia uses appropriate safeguards required by applicable data protection laws, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical retention principles:
Users may delete their account through the tools provided in the Application, where available.
Users may also remove connected marketing and social media profile connections through the Application, where available. This may include removing Meta, Facebook, Instagram, TikTok marketing or TikTok profile connections.
When an account or integration is deleted, Flovia will delete or anonymise related personal data where appropriate and technically feasible, unless continued retention is required for legal, security, billing, backup, dispute resolution or legitimate business purposes.
Deleting an integration may stop future data collection from that platform. Historical data already processed in the Service may remain available to the Customer unless deleted separately or otherwise agreed.
Deleting an individual User account does not automatically delete all Customer organisation data, reports, historical marketing data or connected brand data where such data belongs to the Customer organisation rather than the individual User.
Customer organisation data may be deleted according to the applicable agreement, Customer administrator settings, data deletion tools or written request from an authorised Customer representative.
Flovia uses appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, misuse and destruction.
These measures may include access controls, authentication, encryption, logging, monitoring, secure infrastructure, backups, role-based permissions and internal security procedures.
No system is completely secure. Customers and Users are responsible for keeping their credentials secure and for managing their own user access and connected accounts.
Depending on applicable law and the processing context, Users may have the right to:
Requests can be sent to support@flovia.ai.
We may need to verify the identity and authority of the requester before fulfilling a request.
Where Flovia acts as a processor on behalf of a Customer, we may direct the request to the relevant Customer or support the Customer in responding to the request.
Users may object to direct marketing at any time.
If a User objects to direct marketing, we will stop processing their personal data for that purpose.
Marketing emails may include an unsubscribe link where applicable.
Users can manage cookie preferences through the cookie banner or cookie settings made available on the Website.
Non-essential cookies, including analytics and marketing cookies, are used only where required consent has been obtained.
Users may withdraw or change cookie consent at any time through the available cookie settings.
More information is provided in our Cookie Policy.
Users have the right to lodge a complaint with a data protection supervisory authority.
In Finland, the supervisory authority is:
Office of the Data Protection Ombudsman
Website: tietosuoja.fi
The Service is intended for business and professional use only. It is not intended for children or consumers.
Flovia does not knowingly collect personal data from children.
We may update this Privacy Policy from time to time.
If changes are material, we will aim to notify Customers and Users in a reasonable manner, such as through the Website, the Application or email.
The latest version will be available on flovia.ai.
For privacy-related questions or requests, please contact: