Privacy Policy

1.1 Multi-Tenant Web Application: FlowCart operates the https://flowcart.store website and all associated subdomains, web applications, and services (collectively, the “Platform” or “Service”). The Platform is an architectural multi-tenant software-as-a-service (SaaS) and platform-as-a-service (PaaS) framework. This structural design allows independent third-party merchants (“Merchants”) to sign up, configure accounts, and deploy their own customer checkouts entirely branded under their own separate identities.

1.2 Our Dual Role Under the PDPA: Depending on how you interact with our platform, FlowCart may act as either a Data Controller or a Data Processor:

• As a Data Controller: We control and process the personal data of individuals who sign up directly with FlowCart as Merchants, partner accounts, or visitors interacting directly with our corporate web layers.
• As a Data Processor: When an end-customer (“End-Customer”) interacts with, browses, or makes a purchase from a Merchant’s branded store running on our platform, the respective Merchant acts as the primary Data Controller. FlowCart processes that data strictly on behalf of, and under the written instructions of, that Merchant to execute the transaction and run the backend engine.

1.3 Core System Infrastructure: This privacy framework governs all personal data processed across our unified infrastructure systems hosted under or natively integrated into flowcart.store, which include:

• FlowCart: Our underlying core processing layers that secure upfront commercial demand, handle intake parameters, and process transactions by sending order data packets instantly and straight to the Merchant's designated WhatsApp number.
• FlowPromo: The integrated promotional rule framework that executes targeted operational sales offers, discounts, and pre-order campaigns.
• FlowLink: Our referral link-attribution tracking framework deployed with low-friction, one-tap activation features.
• FlowLoyalty: Our custom digital loyalty stamp and retention ecosystem that updates tracking statuses and checks purchase-validated milestone criteria.
• FlowAnalytics: Our proprietary internal telemetry engine used to monitor platform conversion speeds, campaign views, active loyalty member counts, and successfully redeemed milestones.
• FlowChat: Our automated interactive messaging layer built to stimulate a chatbot FAQs..

1.4 Transaction and Financial Boundaries: FlowCart is strictly a software provider. For End-Customers making purchases on a Merchant's store, we do not collect, capture, hold, or process payments of any kind, nor do we store financial credit card assets on behalf of End-Customers. All transactional billing and fund settlements take place directly between the End-Customer and the respective Merchant. Consequently, FlowCart assumes zero financial transaction risk, processing liabilities, or payment custody functions for consumer orders. Financial transactions directly touching our corporate entities are limited exclusively to registered Merchants paying platform subscription access fees to us via Stripe.

2.1 Information Collected From Merchants: When you create an administrative account to host your brand on FlowCart, we collect identity coordinates including business legal titles, full individual names, corporate contact details, physical delivery parameters, account login identifiers, encrypted passwords, and secure transaction billing metadata managed strictly via our Stripe payment gateway connection for subscription plans.

2.2 Information Processed on Behalf of Merchants (End-Customer Data): When an End-Customer processes transactions inside a storefront running on our platform, we securely capture and structure order parameters—including buyer contact details, precise delivery drop points, telephone routing tags, and milestone actions—solely to transmit them straight to the Merchant's WhatsApp number and update internal reward criteria within FlowLoyalty.

2.3 Device & Logging Analytics: Whenever any browser reaches our web application targets, our network logs capture transmission details including remote IP routing blocks, dynamic operating parameters, browser agent details, localized time variations, and internal analytical telemetry processed under FlowAnalytics showing structural element use.

3.1 Operational & System Optimization: To provision, maintain, and secure our multi-tenant SaaS infrastructure; to process upfront orders and route checkout data details straight to Merchant WhatsApp numbers; and to manage automated retention systems, interactive conversational threads via FlowChat, customer stamp tallies, and validation checks across the platform.

3.2 Client Analytics & Profiling: To perform internal functional profiling, generate aggregated statistics, evaluate platform conversion speeds, and conduct system research via FlowAnalytics aimed at enhancing our demand-driven merchant utilities.

3.3 Compliance & Administration: To verify accounting ledgers, meet regulatory financial reporting frameworks in Singapore, manage Merchant Stripe billing profiles, prevent malicious system exploits, and pursue necessary legal remedies or overdue administrative balances.

4.1 Platform Marketing Communications: We use merchant profile parameters to distribute operational insights, feature update schedules, training invitations, or ecosystem event highlights. This requires explicit confirmation or the clear absence of opt-out objections from the respective user.

4.2 Success Stories: We may showcase storefront conversion metrics, operational optimization profiles, or platform testimonials within public marketing contexts, subject to obtaining consent from the involved merchant entity.

4.3 Absolute Opt-Out Rights: Every user retains a constant right to withdraw promotional interaction permissions. You can cease email distributions, promotional updates, or newsletter materials without charge by triggering the default unsubscribe mechanism or contacting our Data Protection Officer directly.

• Operational Sub-Processors: Contracted cloud hosting vendors, billing integrations (Stripe) for processing Merchant payments, text/messaging communication relays, and delivery pipeline tools working under strict instructions to run platform features.
• Merchant Data Controllers: For End-Customers, your profile inputs and order sequences are transmitted directly to the specific Merchant whose storefront you are buying from via direct WhatsApp routing pathways.
• Legal Mandates & Safeguards: Any administrative authority or court inside or outside Singapore where compliance with active law, accounting transparency rules, or statutory safety bounds makes disclosure necessary.
• Corporate Structural Updates: Potential investment groups, merging entities, or system purchasers in the event of an equity change or asset transition affecting the platform.

6.1 Purpose of Cookies: Our platform utilizes small digital text tags placed within your browser system. These elements identify distinct concurrent users, preserve custom merchant brand templates, maintain dashboard session verifications, and assist with optimization analysis.

6.2 Categories Utilized: We leverage critical operation tracking to manage multi-tenant account security, functional tracking to retain personalized preference selections, and analytical internal attributes to measure flow optimization.

6.3 Analytics & Internal Telemetry: We do not use third-party tracking networks like Google Analytics. Instead, we utilize our proprietary internal telemetry engine, FlowAnalytics, to monitor core activation events across the platform. This includes processing metrics for promotional campaign claims, reward redemptions, active loyalty membership tallies, and purchase-validated referral steps via FlowLink and FlowLoyalty. You may manage general tracking behaviors through local browser preference blocks. However, note that disabling essential system cookies will disrupt multi-tenant authentication states and break core order checkout pathways.

7.1 Security Protocols: All personal data points are processed on secure cloud server layers. Account holders bear full personal accountability for protecting their platform access passwords and multi-tenant keys from unauthorized disclosure.

7.2 Web Risk Acknowledgement: While we implement robust technical boundaries, no transmission over public internet lines can be completely secure. Any data transmitted to our Platform is done at your own risk. Upon receiving your data, we apply strict internal separation frameworks to protect it against unauthorized access, loss, or alteration.

• Right of Access: You have the right to request a copy of the specific personal data we hold about you and receive information regarding how it has been used or disclosed within the past calendar year.
• Right of Correction: You have the right to request that we correct any errors or omissions in your personal data as soon as reasonably practicable.
• Right to Withdraw Consent: You may withdraw your consent for the continued collection, use, or disclosure of your personal data at any time. Please note that withdrawing consent may limit our ability to provide our software services to you.

Note: In accordance with the terms of the PDPA, we reserve the right to charge a reasonable administrative fee for processing complex or historical data access requests.