Compliance - FlowSystem AI

Our Commitment to Compliance

At FlowSystem AI LLC, doing business as FlowSystem AI, we take compliance seriously. We are committed to maintaining the highest standards of data protection, privacy, and security to earn and keep our customers' trust. Our compliance program is built on industry-leading frameworks and continuously evolving to meet new regulatory requirements.

Privacy and Data Protection

We aim to support customers' privacy and data protection obligations through our internal policies, contractual terms where appropriate, and ongoing review of applicable requirements. Depending on the services purchased and the customer relationship, we may offer or discuss:

Data Processing Agreements (DPAs) where commercially appropriate
Processes for handling access, correction, and deletion requests
Reasonable administrative, technical, and organizational safeguards
Internal review of data handling and incident response procedures

Nothing on this page is intended as a representation that every FlowSystem AI service is subject to, or fully compliant with, every privacy regime in every jurisdiction.

California Privacy Rights

If applicable law grants you specific privacy rights, including rights available to certain California residents, you may contact us to submit a request. Depending on the request and the nature of our relationship with you, these rights may include:

Requesting access to certain personal information we hold
Requesting deletion or correction where legally available
Requesting information about categories of personal information collected and disclosed
Protection from unlawful discrimination for exercising applicable privacy rights

To exercise these rights, contact us at legal@flowsystem.ai

HIPAA Considerations

FlowSystem AI is not marketed as a HIPAA-compliant service and should not be used for Protected Health Information (PHI) unless you have separately confirmed in writing that the relevant service, workflow, and contractual terms are appropriate for that use case.

Customers remain responsible for determining whether HIPAA applies to their use case
Customers should avoid submitting PHI unless and until an appropriate written arrangement is in place
Any healthcare-related use should be reviewed on a case-by-case basis

If you believe your intended use may involve PHI or other regulated health data, contact us before using the service for that purpose.

Security Program

We maintain an internal security program intended to support confidentiality, integrity, and availability of customer information. Our program is informed by commonly used security principles such as:

Security: Limiting unauthorized access
Availability: Supporting service reliability and continuity
Confidentiality: Protecting confidential information
Privacy: Handling personal information in accordance with our policies and obligations

References to security practices on this page are descriptive only and do not constitute a warranty, certification, or guarantee of any particular framework or audit result.

Telephone Consumer Protection Act (TCPA)

Our tools may support certain customer workflows related to automated calls and text messages, such as:

Consent management for automated communications
Do Not Call (DNC) list integration capabilities
Call recording disclosure and consent mechanisms
Time-of-day calling restrictions
Opt-out mechanisms for automated messages

Customers are solely responsible for obtaining any required consent and for using the service in compliance with applicable telemarketing, calling, and messaging laws.

Data Residency

FlowSystem AI uses third-party hosting and infrastructure providers, and customer data may be processed or stored in the United States or other locations used by those providers from time to time. Where relevant, we can discuss available hosting or data-handling details with prospective customers.

Infrastructure and vendors may change over time
Specific regional deployment details may depend on the service configuration
Cross-border processing may occur where permitted by law and contract

Internal Review and Vendor Management

We periodically review our operational and security practices and may evaluate third-party vendors, hosting providers, and service partners as part of that process. The scope and frequency of those reviews may change over time.

Operational review of internal processes
Assessment of material vendors and service providers
Updates to policies and procedures when needed

Industry Standards

Our practices may be informed by commonly recognized privacy and security frameworks, but references to those frameworks are for general context only and do not mean that we are certified, audited against, or fully aligned with any particular standard unless we explicitly state so in a separate written agreement.

NIST Cybersecurity Framework
ISO 27001 information security controls
CIS Critical Security Controls
OWASP security best practices for application development

Compliance Documentation

Depending on the relationship and service scope, customers may request certain documentation or information that we choose to make available:

Data Processing Agreement (DPA), where offered
Security questionnaires
General information about our privacy and security practices

Contact us at legal@flowsystem.ai to request compliance documentation.

Continuous Improvement

Compliance is an ongoing commitment. We continuously monitor regulatory changes and update our practices accordingly. Our compliance team regularly reviews:

Changes in privacy and security regulations
New industry standards and best practices
Customer feedback on compliance requirements
Incident response and lessons learned
Third-party vendor compliance posture

Contact Us

For compliance-related questions, data processing inquiries, or to request compliance documentation:

Email: legal@flowsystem.ai
Phone: +1 843-806-0554
Legal Entity: FlowSystem AI LLC

We will route privacy and compliance inquiries to the appropriate internal contact.