Legal
Version 2026-07-11. This notice is maintained by the operator of Executive Flow and explains how personal data is handled under the UK GDPR and the EU GDPR. It is app-owner editable content — not an independent certification.
The operator of this Executive Flow instance is the data controller for personal data you enter into the product. The controller is TBC (to be confirmed before going live). Contact for privacy matters: Amiehg@hotmail.com. Where the UK GDPR requires an EU/UK representative, that representative will be named here.
Meetings, tasks, drafts and other in-product content are stored in your browser's local storage on this device in this build. Nothing you type is stored on our servers unless and until you explicitly enable a cloud sync feature. Clearing the browser storage deletes that data. See the Privacy Centre to export or erase it.
AI features are optional and off by default. When enabled, the prompt (which may include content you have entered such as meeting attendees or draft context) is transmitted to our AI processor, Lovable AI Gateway, which routes it to Google Gemini for generation. Neither Lovable nor Google uses this content to train their models. We keep a local record of every AI call (purpose, model, timestamp) which you can review or clear in the Privacy Centre.
We use a small set of processors to deliver the service. The current list is on the DPA & subprocessors page. All processors are bound by data processing agreements meeting UK/EU GDPR Art. 28 requirements.
Some processors (for example, our AI gateway) are located outside the UK/EEA. Where this is the case, transfers rely on the UK International Data Transfer Addendum or EU Standard Contractual Clauses (2021/914), together with a transfer risk assessment.
You control retention. In the Privacy Centre you can set an automatic purge window (default: 365 days) for historical items and trigger an immediate purge. AI audit records are capped at 500 entries locally and can be cleared at any time. Account records are retained for the life of your account plus the period needed to meet legal obligations.
Under UK/EU GDPR you have the right to:
AI features generate drafts for your review — they never take automated decisions with legal or similarly significant effects on anyone. You approve every email and document before it leaves the app.
Traffic is transported over TLS. Authenticated routes require a signed session. Local data is stored in your browser's storage — please keep the device itself secure. Report suspected incidents to the privacy contact above; we aim to notify affected users and the relevant supervisory authority within 72 hours of becoming aware of a personal data breach that meets the reporting threshold.
Material changes will be communicated in-app and will prompt for consent again where required. The current version identifier is shown at the top of this page.
Your privacy, your choice
Executive Flow keeps your data in your own browser by default. Nothing leaves this device unless you use an AI feature — those requests are processed by our AI provider (Lovable AI Gateway / Google Gemini) to generate the response, and are not used to train their models. Privacy notice · Cookies