GDPR Commitment

Our Commitment to GDPR Compliance

At FlowMind (Hatamori, Inc.), we are fully committed to protecting the privacy and personal data of our users in the European Economic Area (EEA) and worldwide. We comply with the General Data Protection Regulation (GDPR) and maintain the highest standards of data protection.

Key GDPR Principles We Follow

1. Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. Our legal bases for processing include:

• Legitimate Interests: To provide and improve our services
• Contract Performance: To fulfill our service agreement with you
• Consent: For optional features and marketing communications
• Legal Obligations: To comply with applicable laws

2. Purpose Limitation

We collect personal data only for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.

3. Data Minimization

We only collect and process personal data that is adequate, relevant, and limited to what is necessary for providing our services.

4. Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Users can update their information through their account settings.

5. Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

6. Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

You can exercise your GDPR rights through:

• Dashboard Settings: Access and update your data directly
• Data Export: Download your data from the privacy settings
• Data Deletion: Request account deletion in privacy settings
• Contact Us: Email privacy@flowmind.io for any requests

We will respond to your request within one month, as required by GDPR.

Data Protection Measures

We implement comprehensive security measures including:

• End-to-end encryption for data in transit
• Encryption at rest for stored data
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Data breach notification procedures
• Privacy by design in all new features

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where available
• Additional security measures as required

Data Processing Agreement (DPA)

We offer a Data Processing Agreement that includes:

• Clear definitions of data processing activities
• Security obligations and measures
• Sub-processor management
• Audit rights and compliance verification
• Data breach notification procedures

View our full Data Processing Agreement.

Privacy by Design

We integrate data protection into our development process:

• Privacy impact assessments for new features
• Data minimization in system design
• Default privacy settings that protect users
• Regular privacy reviews and updates

Data Breach Response

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours
• Inform relevant supervisory authorities
• Provide clear information about the breach and its impact
• Take immediate steps to mitigate harm
• Implement measures to prevent future incidents

Contact Us

For any GDPR-related inquiries or to exercise your rights, please contact us at:

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.