Privacy Policy

Definitions

1. General

1.1 This Privacy Statement describes how Artomation B.V. ("we", "us", "our", or "Data Controller") collects, processes, and protects personal data when you use the FlowRunner Service and associated applications.

1.2 We are committed to protecting your privacy. FlowRunner is hosted on Microsoft Azure (West Europe region) and operates as a secure integration layer between your email client (Microsoft Outlook or Gmail) and Salesforce. By using the Service, you agree to the collection and processing of information in accordance with this policy.

1.3 The personal data processed by the Data Controller includes: name, email address, authentication identifiers from Microsoft or Google, Salesforce authentication tokens, and organizational metadata as detailed in Section 2 below.

2. Collection and Processing of Personal Data

2.1 The Data Controller collects personal data from a User when the User has transmitted such data to the Data Controller through:

• Installing and authenticating the FlowRunner Outlook Add-in within Microsoft Outlook.
• Installing and authenticating the FlowRunner Chrome Extension for Gmail.
• Connecting one or more Salesforce organizations to their FlowRunner account.
• Visiting the FlowRunner website and submitting contact or inquiry forms.

2.2 The Data Controller processes the following categories of personal data:

2.2.1 Account and Authentication Data

When you create a FlowRunner account, we collect and store:

Via the Outlook Add-in (Microsoft authentication):

• Full Name: Retrieved from your Microsoft 365 profile to personalize the interface.
• Email Address: Retrieved from your Microsoft 365 profile for account identification and support communications.
• Microsoft Entra ID Object ID (OID): A unique identifier for your Microsoft account, used for authentication and tenant-level access control.
• Microsoft Tenant ID: Your organization's unique Microsoft 365 identifier, used for multi-tenant data isolation.

Via the Chrome Extension (Google authentication):

• Full Name: Retrieved from your Google account profile to personalize the interface.
• Email Address: Retrieved from your Google account for account identification and support communications.
• Google User ID: A unique identifier for your Google account, used for authentication and account linking.
• Google Workspace Domain: Your organization's domain (if applicable), used for multi-tenant data isolation.

2.2.2 Email Context Data

FlowRunner processes email data from the currently active message to enable Salesforce Flow execution. The data accessed differs by platform:

Outlook Add-in — Email metadata only:

The Outlook Add-in uses Microsoft's Office.js API, which provides limited, structured access to the currently open email:

• Sender Email Address: Used to search your connected Salesforce organizations for matching Contact or Lead records.
• Recipient Email Addresses (To, Cc): Used to identify relevant Salesforce records and pre-populate Flow input variables.
• Email Subject Line: May be accessed to pre-fill Flow fields if configured by your Salesforce administrator.

Chrome Extension for Gmail — Email metadata and body content:

The Chrome Extension uses the Gmail API (gmail.readonly scope) to retrieve email data. This scope provides read-only access to the currently selected email message and includes:

• Sender Email Address and Name: Used to search your connected Salesforce organizations for matching Contact or Lead records.
• Recipient Email Addresses (To, Cc): Used to identify relevant Salesforce records and pre-populate Flow input variables.
• Email Subject Line: May be accessed to pre-fill Flow fields if configured by your Salesforce administrator.
• Email Body (text and HTML): May be accessed to pass email content as input variables to Salesforce Flows, if configured by your Salesforce administrator.
• Message ID and Thread ID: Used to uniquely identify the email conversation for Salesforce record linking.

2.2.3 Salesforce Integration Data

To enable Salesforce functionality, we store:

• Salesforce OAuth Tokens: Access and refresh tokens obtained through the Salesforce OAuth 2.0 authorization flow. These tokens are encrypted at rest and are never logged or exposed in plain text.
• Salesforce Organization ID: The unique 15-character identifier for each Salesforce org you connect, used to route API requests.
• Salesforce Instance URL: The base URL for your Salesforce organization (e.g., https://example.my.salesforce.com).
• Flow Metadata: Names, API names, descriptions, and configuration settings for Salesforce Flows that administrators have enabled for use in FlowRunner.
• User Preferences: Settings such as pinned Flows, default Salesforce organization, and UI preferences.

2.2.4 Chrome Extension Permissions

The FlowRunner Chrome Extension requests the following browser permissions, each used for a specific purpose:

• identity: To authenticate you with your Google account via Chrome's built-in OAuth flow.
• sidePanel: To display the FlowRunner interface in Chrome's side panel alongside Gmail.
• activeTab and tabs: To detect when you are viewing Gmail and enable the side panel only on Gmail tabs. Tab URLs are checked locally and are not transmitted to our servers.
• declarativeNetRequest: To modify Content Security Policy headers required for rendering Salesforce Lightning components within the extension.

2.2.5 Usage and Diagnostic Data

We collect limited technical data to ensure service reliability and diagnose issues:

• Authentication Events: Login timestamps and authentication method used (Microsoft SSO, Google OAuth, or fallback dialog).
• Error Logs: Application errors and stack traces (excluding any personal data or authentication tokens).
• API Request Metadata: Timestamps, HTTP status codes, and request durations for performance monitoring (URLs are sanitized to remove any query parameters containing tokens or sensitive data).

2.3 The Data Controller uses these personal data exclusively for the purposes for which the User provided them:

• To authenticate Users and maintain secure access to the Service.
• To facilitate the execution of Salesforce Flows within the email interface.
• To store User preferences and configuration settings.
• To provide technical support and respond to User inquiries.
• To improve the functionality, performance, and reliability of the Service.

2.4 We do not use your personal data for marketing purposes. We do not send promotional emails, newsletters, or advertising communications.

3. Transfer to Third Parties

3.1 The Data Controller will not disclose personal data to third parties except as described in this section.

3.2 We engage the following sub-processors to provide the Service:

3.3 The Data Controller has entered into Data Processing Agreements with Microsoft Azure that ensure compliance with the General Data Protection Regulation (GDPR) and provide adequate safeguards for data transfers.

3.4 Google processes authentication data and provides access to Gmail message content solely on your explicit instruction when you use the Chrome Extension. Gmail API data is processed in your browser and is not stored on our servers.

3.5 Salesforce processes data solely on your explicit instruction when you choose to execute a Flow. We act as a technical intermediary and do not control what data Salesforce processes or stores.

3.6 The Data Controller may disclose personal data if required by law or legal process, such as in response to a valid court order or government request.

4. International Data Transfers

4.1 All personal data stored by FlowRunner is held in Microsoft Azure's West Europe data center region, located within the European Union.

4.2 When you use the Chrome Extension, authentication data is processed by Google's global infrastructure. Google maintains compliance with GDPR through Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

4.3 When you connect a Salesforce organization, data may be transferred to Salesforce's data centers based on your Salesforce instance location. The Data Controller does not control the geographic location of your Salesforce data.

4.4 For Users located outside the European Economic Area (EEA), the Data Controller relies on Microsoft Azure's and Google's compliance with the EU-U.S. Data Privacy Framework and Standard Contractual Clauses approved by the European Commission to ensure adequate protection of personal data.

5. Cookies, Storage, and Tracking Technologies

5.1 The FlowRunner Outlook Add-in uses cookies for essential authentication purposes only:

• Session Cookies: Temporary cookies to maintain your authenticated session during the Salesforce OAuth authorization flow. These cookies are deleted when you close your browser.

5.2 The FlowRunner Chrome Extension uses Chrome's built-in storage mechanisms for essential functionality:

• Chrome Identity Token Cache: Google OAuth tokens are cached by Chrome's identity API for the duration of their validity (up to 60 minutes) to avoid repeated authentication prompts.
• Session Storage: Temporary state data (such as the currently selected Salesforce organization) is stored in browser session storage and is cleared when the browser is closed.

5.3 The FlowRunner marketing website (flow-runner.com) uses Google Analytics to understand website traffic and improve user experience. Google Analytics uses cookies to track:

• Page views and navigation patterns
• Geographic location (country/city level)
• Device and browser type
• Traffic sources (e.g., search engines, referral sites)

5.4 You can disable cookies through your browser settings. Disabling cookies may prevent the Outlook Add-in from functioning properly, as authentication requires session cookies.

5.5 We do not use cookies or browser storage for advertising, cross-site tracking, or behavioral profiling.

6. Security Measures

6.1 The Data Controller has implemented appropriate technical and organizational measures to protect personal data against loss, unauthorized access, and unlawful processing:

6.1.1 Encryption

• Encryption in Transit: All data transmitted between your device, our servers, Microsoft services, Google services, and Salesforce is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: Salesforce OAuth tokens are encrypted at rest with AES-256 encryption. The encryption keys are managed securely and rotated periodically.

6.1.2 Access Control and Authentication

• Microsoft Single Sign-On (SSO): For Outlook users, authentication is handled through Microsoft Entra ID, leveraging your organization's existing identity and access management policies.
• Google OAuth 2.0: For Gmail users, authentication is handled through Google's OAuth 2.0 via Chrome's built-in identity API. Tokens are validated server-side on every request.
• Role-Based Access Control (RBAC): Internal administrative access to production systems is restricted to authorized personnel only.
• Database Row-Level Security (RLS): PostgreSQL Row-Level Security policies enforce strict tenant isolation, ensuring that queries automatically filter data to the authenticated user's organization.

6.1.3 Data Isolation

• Multi-Tenant Architecture: Each organization's data is logically isolated using tenant-scoped database queries. Users can only access data belonging to their own organization, whether identified by Microsoft 365 Tenant ID or Google Workspace domain.
• Session Variables: Database session variables enforce tenant context for every database transaction, preventing cross-tenant data leakage.

6.1.4 Logging and Monitoring

• Sensitive Data Redaction: Application logs automatically redact access tokens, refresh tokens, and authentication codes before writing to log files.
• Security Monitoring: We monitor for unusual authentication patterns, failed login attempts, and potential security incidents.

6.2 While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any identified vulnerabilities.

7. Data Retention and Deletion

7.1 The Data Controller retains personal data only for as long as necessary to provide the Service and comply with legal obligations.

7.2 Upon account deletion, all personal data is immediately and permanently deleted from our systems, including:

• User account information (name, email, Microsoft or Google identifiers)
• Salesforce connection data (OAuth tokens, organization IDs)
• User preferences and configuration settings
• Flow metadata and usage history

7.3 Users can delete their account at any time through the FlowRunner Admin page at /admin. Deletion is processed immediately and cannot be undone.

7.4 Anonymized usage statistics (stripped of all personally identifiable information) may be retained for analytical purposes to improve the Service.

7.5 We do not retain backups of deleted user data beyond standard database replication lag (typically less than 24 hours).

8. Your Rights Under GDPR

8.1 If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

8.1.1 Right of Access

You have the right to request confirmation of whether we process your personal data and obtain a copy of such data.

8.1.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.1.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. You can exercise this right immediately through the FlowRunner Admin page (/admin) or by contacting our Data Protection Officer.

8.1.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON).

8.1.5 Right to Object

You have the right to object to processing of your personal data for specific purposes. Note that objecting may prevent us from providing the Service.

8.1.6 Right to Restriction of Processing

You have the right to request restriction of processing under certain circumstances.

8.2 To exercise any of these rights, please contact our Data Protection Officer:

8.3 You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection law. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9. Children's Privacy

9.1 The FlowRunner Service is intended for use by business professionals within enterprise organizations. We do not knowingly collect personal data from individuals under the age of 16.

9.2 If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that information immediately. If you believe we have collected data from a child, please contact us at hello@flow-runner.com.

10. Legal Basis for Processing (GDPR)

10.1 We process personal data on the following legal bases:

• Performance of a Contract (GDPR Article 6(1)(b)): Processing is necessary to provide the FlowRunner Service as outlined in our Terms of Service.
• Legitimate Interest (GDPR Article 6(1)(f)): We have a legitimate interest in improving the Service, preventing fraud, and ensuring security.
• Consent (GDPR Article 6(1)(a)): For optional features such as website analytics via Google Analytics, we rely on your consent, which you may withdraw at any time.

11. Google API Services User Data Policy

11.1 FlowRunner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

11.2 Specifically, FlowRunner:

• Only uses Google user data to provide and improve the core FlowRunner functionality (running Salesforce Flows in the context of email messages).
• Does not use Google user data for serving advertisements.
• Does not transfer Google user data to third parties except as necessary to provide the Service (i.e., passing email metadata to Salesforce APIs at your explicit instruction), as required by law, or with your explicit consent.
• Does not use Google user data to train machine learning or artificial intelligence models.
• Does not allow humans to read Google user data, except with your affirmative consent for specific messages, for security purposes (e.g., investigating abuse), to comply with applicable law, or when the data is aggregated and anonymized for internal operations.

11.3 You can revoke FlowRunner's access to your Google account at any time by visiting your Google Account Permissions page or by signing out within the Chrome Extension.

12. Changes to this Privacy Statement

12.1 The Data Controller reserves the right to modify this Privacy Statement at any time to reflect changes in our practices, legal requirements, or Service functionality.

12.2 Any modifications will be announced on this page. We will update the "Last Updated" date at the top of this document.

12.3 For material changes that significantly affect your rights, we will provide prominent notice within the Service or via email to your registered email address.

13. Contact Information

13.1 If you have any questions about this Privacy Statement, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact:

This Privacy Statement was last updated on March 1, 2026 and is effective immediately for all users of the FlowRunner Service and website.