GDPR Policy

Flow is committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).

This policy explains how we comply with GDPR requirements and outlines the rights available to EU/EEA data subjects.

Inference Labs Inc. acts as the data controller for personal data collected through our platform. Our registered address is 440 North Barranca Avenue, Covina, California 91723.

For inquiries regarding data processing, please contact our Data Protection Officer at team@inference.so.

Contract Performance: We process data necessary to provide our services as outlined in our Terms of Use.

Legitimate Interests: We process data for fraud prevention, security, and improving our services where our interests do not override your rights.

Consent: Where required, we obtain explicit consent before processing personal data, such as for marketing communications.

Legal Obligations: We process data as required to comply with applicable laws and regulations.

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request correction of inaccurate or incomplete personal data.

Right to Erasure: You may request deletion of your personal data under certain circumstances.

Right to Restriction: You may request that we limit the processing of your personal data.

Right to Data Portability: You may request your data in a structured, machine-readable format.

Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.

We may transfer personal data outside the EU/EEA to countries that may not provide the same level of data protection.

Such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

We ensure that any third parties receiving data outside the EU/EEA provide adequate safeguards.

We implement technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.

We maintain records of processing activities as required by Article 30 of GDPR.

We have procedures in place to detect, report, and investigate personal data breaches.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

Retention periods are documented in our data retention schedule, available upon request.

To exercise any of your GDPR rights, please contact us at team@inference.so or through your account settings.

We will respond to your request within 30 days. If we need additional time, we will inform you of the reason and extension period.

You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

Our Data Protection Officer can be contacted at team@inference.so for any questions or concerns regarding our GDPR compliance.