Legal · Privacy

Privacy Policy

Last updated: April 1, 2026. This policy explains what data Flow Payments, Inc. and its affiliates (collectively, “Flow”) collect, how we use it, and the rights you have over it.

1. Who we are

Flow Payments, Inc. (Delaware, USA) and its affiliated entities provide regulated stablecoin payment infrastructure. For the purposes of applicable data-protection laws (including the EU GDPR and the UK GDPR), Flow is the “data controller” for personal data processed in connection with our website, dashboard, and APIs.

2. What data we collect

  • Account data. Name, email, phone, company, role — provided when you sign up, talk to sales, or use the dashboard.
  • KYB/KYC data. For regulated products, we collect beneficial ownership, identity documents, proof of address, and source of funds as required by applicable law.
  • Transaction data. Counterparty details, amount, currency, purpose, and routing information for every transfer, payout, or mint we process on your behalf.
  • Technical data. IP address, device information, API logs, cookies, and usage analytics.

3. How we use it

We process personal data to (a) provide and improve the Flow platform, (b) comply with our legal and regulatory obligations (including AML, sanctions, and tax reporting), (c) prevent fraud and abuse, and (d) communicate with customers and prospects who have opted in.

4. Who we share it with

We share personal data with sub-processors who help us operate the platform (cloud hosting, KYC vendors, payment networks, communications), with regulators and law enforcement where legally required, and with professional advisors. We do not sell personal data, ever.

5. International transfers

Flow is global. Personal data may be transferred to and processed in the United States, the European Union, the United Kingdom, and other jurisdictions. When we transfer data out of the EU/UK, we rely on Standard Contractual Clauses and equivalent safeguards.

6. Retention

We retain personal data for as long as we have a legitimate business or legal reason to do so — typically the life of your account plus five years, which is the minimum AML record-keeping window in most jurisdictions we operate in.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or object to our processing of your personal data. Submit requests via Contact us. We respond within 30 days.

8. Security

We maintain a SOC 2 Type II–audited security program with encryption in transit and at rest, least-privilege access controls, and 24/7 monitoring. We notify affected users of any confirmed security incident involving their personal data as required by law.

9. Contact

Flow Payments, Inc., Attn: Data Protection Officer, 1 Flow Plaza, New York, NY 10013, United States. Contact us for any privacy-related inquiry.