Privacy Policy

Last updated: 19 April 2026.

1. Who we are

This Privacy Policy is issued by GEO Advisor, Inc., a Delaware corporation doing business as Flowscope (“Flowscope”, “we”, “us”, “our”). It describes how we collect, use, share, retain, and protect personal information, and what rights you have.

This Privacy Policy applies to:

  • Visitors to our website at https://tryflowscope.com and any page or subdomain that links to this Privacy Policy.
  • Employees of our customers whose business-application activity is captured by the Flowscope Chrome extension or desktop agent, where that capture has been authorised by their employer.
  • People who contact us, request a demo, or otherwise interact with us in a business context.

For data collected about website visitors and people who contact us directly, we act as a controller. For data captured from employees on behalf of their employer, we act as a processor— the employer is the controller, and the employer’s own privacy notice governs the employer-employee relationship.

2. Information we collect

2.1 Information you provide directly

  • Contact details (name, email address, company, role) when you request a demo, sign up, or contact us.
  • Account authentication data when you register for product access.
  • The contents of messages you send us.

2.2 Information captured by the Flowscope extension or desktop agent

When your employer installs the Flowscope extension or desktop agent on your device and authorises capture, we collect business workflow events generated while you use the applications your employer has approved. This can include:

  • Click, keystroke, navigation, copy, and paste events on approved applications.
  • Element context: labels (e.g. “Approve”, “Submit Invoice”), field placeholders, section headings, and page titles.
  • Field values where the employer’s configuration requires them for workflow reconstruction, subject to on-device redaction rules.
  • URLs and timestamps of activity on approved domains.
  • Session identifiers and a stable pseudonymous user identifier.
  • The work email address configured by your employer’s administrator.

We do not knowingly collect:

  • Content from websites outside the employer-configured allow-list (personal email, personal banking, health portals, and similar).
  • Password values (browser APIs prevent this).
  • Biometric or health information.
  • Information from users under 18.

Capture status is visible from the Flowscope extension icon in your browser toolbar and can be paused there at any time.

2.3 Information collected automatically on our website

Our website uses PostHog and Vercel Analyticsto measure traffic and understand how visitors use our pages. These tools may collect IP address, browser and device characteristics, referrer URL, pages visited, session duration, and interaction events. Visitors in the European Economic Area (“EEA”), the United Kingdom, and Switzerland will be shown a cookie-consent banner before non-essential analytics are set.

We may add, remove, or change analytics or website-operations tools over time. When we make such a change, we will update this Privacy Policy.

3. How we use information

We use personal information to:

  • Provide, maintain, improve, and secure the Flowscope Services.
  • Reconstruct and analyse business workflows for our enterprise customers, so they can identify inefficiencies and opportunities for improvement.
  • Respond to demo requests, customer-support enquiries, and other communications.
  • Send administrative messages (security notices, policy updates, invoicing).
  • Detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations, enforce our agreements, and defend our legal rights.
  • Operate and improve our marketing website.

Where required by law, we rely on the following legal bases: contract performance (providing the Services you or your employer have engaged us to provide), legitimate interests (product improvement, security, business administration), consent (analytics cookies and marketing communications, where consent is required), and legal obligation (tax, accounting, and responses to lawful requests).

4. Artificial intelligence

Flowscope uses OpenAIas its sole large-language-model provider. Workflow event data is sent to OpenAI’s API to generate workflow summaries, process analyses, and related outputs. We use OpenAI’s paid business API tier. Per OpenAI’s published terms, API data submitted to that tier is not used to trainOpenAI’s public models. We will update this section if our LLM provider or the applicable terms change.

5. How we share information

We share personal information only as described below:

  • Service providers (subprocessors) who operate parts of our infrastructure under written contracts that restrict their use of personal information. Current subprocessors:
SubprocessorPurpose
Vercel, Inc.Web and API hosting; web analytics
Neon, Inc.Managed Postgres database
OpenAI, L.L.C.LLM inference
Resend, Inc.Transactional email
PostHog, Inc.Product and website analytics

We will update this list if our subprocessors change. Material additions will be reflected in this Privacy Policy.

  • Your employer, when we are acting as their processor and delivering analytics, reports, or other outputs derived from workforce-captured data.
  • Law enforcement, regulators, and other authorities, when we believe in good faith that disclosure is required by law, court order, or similar legal process.
  • Successors, in connection with a merger, acquisition, financing, reorganisation, or sale of all or substantially all of our assets. If your personal information is affected, we will take reasonable steps to ensure it remains subject to protections substantially similar to this Privacy Policy.

We do not sell or rent personal information. We do not share personal information for third-party cross-context behavioural advertising. We have not done so in the preceding twelve months and have no current plan to do so.

6. How long we keep information

We retain personal information for as long as we have a business need, as required to provide the Services, or as required by law.

  • Workforce-captured data (data we process on behalf of an employer): retained for the duration of our contract with the employer. On contract termination or on documented request from the customer or a data subject, we delete or return the data.
  • Website-visitor and demo-request data: retained until you request deletion, or until we no longer have a legitimate business need, whichever is earlier.
  • Account-level and billing information: retained for the life of the account plus any period required by law (generally up to seven years for tax and accounting records).
  • Backups: expire on a standard rolling cycle dictated by our infrastructure providers.

You can request deletion of your personal information at any time — see Section 9.

7. Security

We apply reasonable administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit (TLS 1.3 on all public endpoints) and, where provided by our infrastructure, encryption at rest.
  • Access controls and least-privilege principles for internal access.
  • Authentication controls on data-ingestion endpoints.
  • Logging and monitoring designed to detect anomalous activity.

No security programme is perfect. In the event of a personal-data breach affecting your information, we will notify affected customers — and, where required, regulators — within 72 hours of becoming aware of the breach, in line with the standard set by Article 33 of the General Data Protection Regulation.

8. International transfers

Our infrastructure and the infrastructure of our subprocessors is located in the United States. If you access our Services from outside the United States, your personal information will be transferred to, stored in, and processed in the United States.

We do not currently offer the Flowscope Services to residents of the European Economic Area, the United Kingdom, or Switzerland. EEA, UK, and Swiss residents who visit our marketing website may still exercise the rights described in Section 9; we will respond to lawful requests received at founders@geoadvisor.io.

9. Your privacy rights

Depending on where you live, you may have some or all of the following rights:

  • Access — ask what personal information we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — ask us to delete your personal information.
  • Portability — receive a copy of your information in a structured, commonly used, machine-readable format.
  • Restriction or objection — ask us to stop or limit certain uses of your personal information.
  • Withdrawal of consent — where processing is based on consent, withdraw it at any time.
  • Non-discrimination — exercise these rights without being penalised for doing so.

To exercise any of these rights, email founders@geoadvisor.io. We will verify your identity and respond within the time required by applicable law (generally 30 to 45 days). If your data was captured by the Flowscope extension or agent, we will coordinate with your employer, who is the controller of that data.

California residents. Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the rights listed above, plus the right to know the specific categories of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we have shared it. The categories we collect are: identifiers (name, email, IP address, online identifiers); internet or other electronic network activity information (captured workflow events on employer-approved applications; website traffic); professional or employment-related information (company, role, work email); and inferencesdrawn from the above (derived workflow models). We do not sell or share personal information for cross-context behavioural advertising, so no “Do Not Sell or Share My Personal Information” link is required.

10. Cookies and tracking technologies

We use cookies and similar technologies for authentication, security, site functionality, and analytics. Analytics cookies are currently set via PostHog and Vercel Analytics. Most browsers allow you to block or delete cookies; doing so may affect site functionality.

EEA, UK, and Swiss visitors will see a cookie-consent banner on their first visit and may change their preferences at any time through that banner.

We do not respond to “Do Not Track” browser signals because there is no industry-standard interpretation of them.

11. Children

The Services are intended for users who are at least 18 years oldand who are using the Services in a business, employment, or similar professional context. We do not knowingly collect personal information from anyone under 18. If you become aware that a child’s personal information has been collected, please contact us and we will delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes, we will provide reasonable notice through the website or by direct communication where appropriate. Your continued use of the Services after the effective date of a change constitutes acceptance.

13. Contact us

GEO Advisor, Inc. (d/b/a Flowscope)
c/o Legalinc Corporate Services Inc.
131 Continental Drive, Suite 305
Newark, DE 19713
United States

Email: founders@geoadvisor.io

Our registered agent is authorised to accept service of process on our behalf.