Legal · India
DPDP Act compliance
How FlowBase AI complies with India's Digital Personal Data Protection Act, 2023. Last updated 27 May 2026.
Data fiduciary
BUILTFORBUSINESS LLP — operating FlowBase AI — is the data fiduciary for personal data collected through the platform.
What we collect
Account information (email, name, avatar), payment metadata, and content you upload as a creator. We never collect Aadhaar or biometric data — DigiLocker e-KYC happens entirely on Aadhaar Gov servers.
Lawful basis
We rely on consent (cookies, marketing emails) and contract (account, purchases, payouts) under Section 7 of the DPDP Act, 2023.
Rights of data principals
Under Section 11–13, you can request access, correction, erasure, grievance redressal, and nomination. Email privacy@flowbase.cc — we respond within 30 days.
Data Protection Officer
Our DPO can be reached at dpo@flowbase.cc. Postal: BUILTFORBUSINESS LLP (FlowBase AI), Sector 62, Noida, Uttar Pradesh 201309.
Grievance redressal
If a complaint is unresolved within 30 days, you may escalate to the Data Protection Board of India.
Cross-border transfers
Data is processed by Supabase (US, EU), Razorpay (India), Resend (US), and Vercel (global edge). DPAs and SCC-equivalent terms are signed with each.
Breach notification
We notify affected users and the Data Protection Board within 72 hours of any reportable breach.
Children's data
The platform is not intended for users under 18. We do not knowingly process children's data.
Questions? dpo@flowbase.cc