Back

Privacy Policy

Last updated: June 8, 2026

Overview

Flowver ("we", "us", "our") provides a GitHub App that detects changes in BPMN process model files within pull requests and displays a visual diff review interface. This policy explains what data we collect, why we collect it, and how it is used.

By installing the Flowver GitHub App or using our service, you agree to this policy. If you have questions, contact us at info@flowver.dev.

Data We Collect

GitHub account information

When you sign in with GitHub we request basic profile information: your username, display name, avatar, and primary email address (if set on your GitHub account). This is used to identify your account and associate it with a license.

GitHub App installation data

When the Flowver GitHub App is installed on an account or organisation, GitHub sends us an installation identifier. We store this to associate the installation with a license and to make authenticated API calls on behalf of the installation.

Pull request content

To compute BPMN diffs, the app reads the contents of .bpmn files changed in a pull request, and the review comments associated with those files. This content is processed transiently to generate the diff and is not written to permanent storage.

Session data

We use a server-side session stored in our database and referenced by a first-party session cookie to keep you signed in. We also store your GitHub OAuth access token for the duration of your session to make authenticated GitHub API calls on your behalf. Sessions expire after a period of inactivity and automatically extend while you are actively using the service. The access token and session record are deleted when the session expires.

License and billing data

Payment is processed by our payment provider. We do not store credit card numbers or payment details. We store the fact that a valid license exists for a given installation, along with the associated email address used at checkout.

Server logs

Our hosting infrastructure automatically records IP addresses in access and error logs for operational and security purposes. These logs are retained for a limited period and are not used for tracking or profiling.

How We Use Your Data

  • Authenticate you and maintain your session
  • Verify that a valid license exists for the GitHub App installation
  • Render the BPMN visual diff interface for your pull requests
  • Send transactional emails (license keys, one-time verification codes)
  • Receive and process GitHub webhook events (pull request changes, comment updates)

We do not sell your data, use it for advertising, or share it with third parties beyond the service providers listed below.

Third-Party Services

GitHub Source of user identity, repository data, pull request content, and webhook events. Privacy ↗
Stripe Payment processing for licenses. Stripe handles all payment card data. Privacy ↗

GitHub App Permissions

The Flowver GitHub App requests only the permissions necessary to provide the diff review feature. The full list of permissions is shown by GitHub during installation and on the app's GitHub page.

Data Retention

Account and license records are retained for as long as your installation is active. If you uninstall the Flowver GitHub App, you may request deletion of your account data by emailing info@flowver.dev. Session records are automatically purged on expiry.

Cookies

We use a single first-party session cookie to maintain your authenticated session. No third-party tracking or advertising cookies are used.

Contact

For privacy-related questions or data deletion requests, contact us at info@flowver.dev.