Privacy Policy

Last updated: May 2026

1. Who we are

FlowGuard (flowguard.watch) is a workflow monitoring service for n8n, operated by Asun (Individual Entrepreneur, TIN: 305853591), Bakhtrioni str. N22, apt. N75, Saburtalo, Tbilisi, Georgia.

For privacy inquiries contact us at hello@flowguard.watch.

2. What we collect

  • Email address — to authenticate you and send alert notifications.
  • n8n instance URL — to connect to your self-hosted n8n instance.
  • n8n API key — stored securely, used only to poll execution history.
  • Workflow execution metadata — last execution time, status, and error messages from your n8n instance. Error messages are truncated to 500 characters and stripped of common PII patterns (email addresses, phone numbers) before storage.
  • Billing information — handled directly by Paddle. We never see your card details.
  • Slack webhook URL (optional) — stored to deliver alert notifications to your Slack workspace.
  • Usage analytics — pages visited and navigation events on this website, collected anonymously. No personal data is attached to anonymous visitors.

3. How we use it

  • Authentication and core service — authenticate your account via magic link email and monitor your n8n workflows. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Alert notifications — send email alerts when workflows stop running. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Payment processing — manage your subscription through Paddle. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Error tracking and service reliability — detect and fix bugs via Sentry. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Bot protection — verify login requests via Cloudflare Turnstile. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Analytics — understand how visitors use the website in aggregate to improve the service. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). No personal profiles are created for anonymous visitors.

We do not sell your data. We do not use it for advertising.

4. Third-party services

  • Paddle — payment processing. When you open the checkout, the Paddle-hosted overlay runs on the paddle.com domain and may set third-party analytics and session cookies (including Hotjar, Amplitude, and Paddle's own A/B testing tools). This is governed by Paddle's privacy policy.
  • Resend — transactional email delivery.
  • Railway — cloud hosting. Data stored in their infrastructure.
  • Cloudflare Turnstile — bot protection on the login form. A privacy-preserving challenge is performed to verify you are not a bot. No cookies are set and no personal data is shared with Cloudflare beyond what is necessary to complete the challenge. Subject to Cloudflare's privacy policy.
  • Sentry — error tracking and performance monitoring. Data stored in the EU. No personally identifiable information is sent.
  • PostHog — product analytics. Collects page URLs and navigation events to help us understand how the service is used. Data stored in the EU (eu.i.posthog.com). No cookies are set — data is stored in browser localStorage only. Anonymous visitors are tracked by page URL only, without personal profiles. Authenticated users may have navigation events associated with their account to improve the service experience. Subject to PostHog's privacy policy.

Resend and Railway are based in the United States. Paddle is based in the United Kingdom. Transfers are covered by Standard Contractual Clauses approved by the European Commission.

5. Data retention

Your data is retained while your account is active. Resolved alert records are automatically deleted after 30 days. If you delete your account, all operational data (instances, workflows, alerts, notification settings) is deleted immediately. Your email address and billing identifiers are retained for 7 years to comply with applicable accounting and fiscal obligations, after which they are permanently deleted.

6. Your rights

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — delete your account and all operational data from your dashboard at any time.
  • Restriction — request that we limit how we process your data.
  • Portability — request your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest (e.g. error tracking).

To exercise any of these rights, email hello@flowguard.watch. You can also unsubscribe from alert emails via the unsubscribe link in any alert email, or from your dashboard notification settings.

You have the right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available at: edpb.europa.eu.

7. Data breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Art. 33–34.

8. Changes to this policy

We will notify you of material changes by email at least 30 days before they take effect. For changes that require your consent we will ask for it explicitly.