Legal
Privacy Policy
Last updated: 13 June 2026
This policy explains how Streamflow Solutions ("we", "us", "our") collects, uses, and protects personal data when you visit our website, contact us, or use our services. We are committed to processing personal data lawfully, fairly, and transparently under the EU General Data Protection Regulation (GDPR) and applicable national law.
1. Who we are (data controller)
Streamflow Solutions — AI automation agency.
Registered as a private limited company (SIA) in Latvia. Company registration and registered office details are being finalised and will be published here once the entity is registered; in the interim the founders are jointly the controllers.
Privacy contact: [email protected]
For the personal data we process on behalf of our clients (for example, guest data inside a client's review or messaging automations), the client is the controller and Streamflow Solutions acts as a processor under a separate Data Processing Agreement. This policy covers data for which we are the controller.
2. What data we collect
| Category | Examples | Source |
|---|---|---|
| Contact & enquiry data | Name, email, phone, company, message content | You, via forms or email |
| Booking data | Call scheduling details via our booking tool | You |
| Usage & analytics data | Pages viewed, approximate region, device/browser type | Automatically, via privacy-friendly analytics |
| Communications | Emails and messages you exchange with us | You |
We do not seek to collect special-category data and ask that you do not send it to us through our forms.
3. Why we use it and our lawful basis
- To respond to enquiries and provide quotes — lawful basis: steps taken at your request prior to entering a contract (Art. 6(1)(b)).
- To deliver and administer our services — lawful basis: contract (Art. 6(1)(b)).
- To send relevant follow-ups about your enquiry — lawful basis: legitimate interests (Art. 6(1)(f)) in growing our business, balanced against your rights.
- To understand and improve our website — lawful basis: legitimate interests in maintaining a working, secure site; analytics are aggregated and privacy-friendly.
- To meet legal and accounting obligations — lawful basis: legal obligation (Art. 6(1)(c)).
Where we rely on legitimate interests, you may object at any time (see Section 7).
4. Who we share it with
We use a small set of trusted processors to run our business, each bound by data-processing terms and appropriate safeguards:
- Hosting & infrastructure — website hosting and our self-hosted automation server.
- Email delivery — to send transactional and follow-up emails.
- Scheduling — to let you book a call.
- Analytics — privacy-friendly, aggregated website analytics.
- Payments & e-signature — for clients who contract with us.
We do not sell personal data. Where a processor is located outside the EEA, transfers are protected by an adequacy decision or Standard Contractual Clauses.
5. How long we keep it
| Data | Retention |
|---|---|
| Enquiries that do not become clients | Up to 24 months from last contact, then deleted |
| Client records & contracts | Duration of the engagement plus the statutory period required by Latvian tax/accounting law |
| Accounting & invoices | As required by law (typically 5–10 years) |
| Website analytics | Aggregated; retained no longer than necessary |
6. How we protect it
We apply appropriate technical and organisational measures: encryption in transit (HTTPS), access controls and least-privilege on our systems, secret management for API credentials, and regular review of the processors we use. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you and the relevant authority of any breach where the law requires.
7. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten"), subject to legal retention;
- Restrict or object to processing, including processing based on legitimate interests and any direct marketing;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time, where processing is based on consent.
To exercise any right, email [email protected]. We respond within one month. You also have the right to lodge a complaint with your supervisory authority — in Latvia, the Data State Inspectorate (Datu valsts inspekcija).
8. Cookies & analytics
We keep cookies to a minimum. We do not use advertising or cross-site tracking cookies.
- Strictly necessary — required for the site to function and to keep it secure. These do not require consent.
- Analytics — we use privacy-friendly, aggregated analytics that avoid storing personal identifiers wherever possible. Where a jurisdiction requires consent for analytics, we ask for it before loading them.
You can block or delete cookies in your browser settings; strictly necessary cookies cannot be switched off without affecting the site.
9. Children
Our website and services are intended for businesses and are not directed at children. We do not knowingly collect data from anyone under 16.
10. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the current version. Material changes will be highlighted on this page.
Contact
Questions about this policy or your data? Email [email protected] and we'll help.