Skip to content
English
More support Customer portal
Contact us
  • There are no suggestions because the search field is empty.

Data Security Overview

Flowella is committed to protecting your data with robust security and privacy measures. This article explains how we handle and safeguard your information on our SaaS platform, so you can be confident that your customers’ data remains safe and is only used appropriately

In summary, Flowella stores only minimal data (just what’s needed to run your WhatsApp flows, such as phone numbers for managing contacts and opt-outs), secures all data with strong encryption, and hosts everything in a trusted UK-based cloud environment. We are fully GDPR compliant, retaining data only as long as necessary and honouring all privacy requests to ensure your data stays private and protected.

Data Handling & Storage

Minimal Data Collection: Flowella practices data minimisation. We only collect and store the information necessary to provide our service, and nothing more.

  • WhatsApp Phone Numbers: We store WhatsApp phone numbers (and basic identifiers like profile names) in order to manage conversations and opt-outs. Keeping a record of phone numbers allows Flowella to recognise returning users and maintain context (for example, remembering which contacts have opted out of messaging). This minimal contact data is held securely and can be deleted or anonymised when it’s no longer needed – for instance, if you remove a contact or stop using our service, we will purge that contact from our database.

  • Message Content:  By design, Flowella aims to avoid storing WhatsApp message content unless it is genuinely necessary.

    Where the platform you are integrating with provides suitable message storage, Flowella will pass messages through and rely on that system as the source of truth.

    If the connected platform does not provide adequate message storage or logging, the fallback is to enable message storage on the Flowella platform. A common example is where you want to log WhatsApp conversations into HubSpot, but your subscription does not support custom channels in the Conversations Inbox. At the time of writing, custom channels are only available on the following HubSpot subscriptions:

    • Sales Hub: Professional, Enterprise

    • Service Hub: Professional, Enterprise

    If you are on a lower tier and still need reliable access to message history, you can choose to have Flowella store message content on your behalf. In that case, messages are encrypted, retained only for as long as needed for your operational and compliance requirements, and can be deleted on request.

Infrastructure and Data Residency

All of Flowella’s infrastructure is hosted in Microsoft Azure’s UK South region (London). This means your data stays within the United Kingdom, in a highly secure, enterprise-grade cloud environment. We maintain full control over our platform and do not use any third-party processors for messaging or infrastructure – everything runs on our own isolated environment in Azure. For example, Flowella communicates directly with WhatsApp’s official Business API and does not rely on external messaging gateways to send or receive messages. By keeping all data and operations self-contained in our Azure cloud, we reduce exposure to outside parties and ensure consistent security and compliance for your information.

Encryption and Access Controls

Encryption in Transit and At Rest: Flowella protects all data with strong encryption at every stage. All data stored in our databases is encrypted at rest using robust AES-256 encryption, and all data in transit (including WhatsApp messages, API calls, and web traffic) is secured using TLS/HTTPS. In short, whether your data is being saved in our system or transmitted between Flowella, WhatsApp, and your devices, it is always encrypted and safeguarded from unauthorised access.

Strict Access Controls: Access to your data within Flowella is tightly restricted and managed. Only a small number of authorised Flowella team members (for example, select engineers or support staff) can access production systems or databases, and even then, only for legitimate operational reasons (such as troubleshooting an issue you reported). We employ role-based access control to ensure each team member has only the minimum permissions necessary, and we require multi-factor authentication for any administrative access. All administrative access to servers and databases is logged and audited for accountability, and our staff are trained in confidentiality and data protection best practices.

Additional Security Measures: We follow industry best practices to harden our application and infrastructure. This includes keeping our software up-to-date with security patches, using firewalls and network security measures to prevent unauthorized intrusion, and continuously monitoring our systems for any signs of suspicious activity. We have an incident response plan in place should any security issue arise, and we address potential vulnerabilities promptly. These layers of defense ensure that your data remains confidential and secure on the Flowella platform.

Data Retention & Deletion

Flowella retains personal data only for as long as necessary to serve its intended purpose. We do not keep your data indefinitely. WhatsApp contact information (such as phone numbers) is stored only while it’s needed for active flows and customer interactions. This allows us to facilitate ongoing conversations and manage compliance (for example, honoring opt-outs and ensuring we don’t message users who have unsubscribed). If a contact is no longer required or if you stop using Flowella, we will delete or anonymize that contact data as part of our regular clean-ups or upon your request. And as noted above, we do not store the content of conversations beyond the moment of processing, so there is no long-term message history saved in Flowella’s systems.

We also make it straightforward to delete data when it’s no longer needed or if someone requests it. If you cancel your Flowella account, we will securely remove all personal data we hold about your account and your WhatsApp contacts from our systems (except for data we are legally required to retain, such as minimal billing records). Additionally, we honour data deletion and access requests from individuals in line with privacy laws. If one of your end-users submits a data subject access request (for example, asking for a copy of their personal data) or asks to have their information deleted, we will help you fulfil it promptly. For instance, if an end-user requests that their WhatsApp number be removed from Flowella’s records, we will delete it from our database to comply with their rights. In short, no data is kept longer than necessary, and individuals have full control over their information held by Flowella.

GDPR Compliance & User Rights

Flowella is designed and operated with strong privacy protections to fully comply with the General Data Protection Regulation (GDPR) and similar data privacy laws. We built our platform around key GDPR principles like data minimisation, purpose limitation, and transparency. We only process personal data for the specific purpose of delivering our service, and we never use your data for anything beyond that – we do not profile users, we do not use personal data for our own marketing, and we never sell or share your personal information with third parties. All usage of data is strictly tied to providing the Flowella service you signed up for, and nothing else.

As a Flowella client, you remain in control of your data, and we are here to support your compliance needs. We support all GDPR-defined rights of individuals. You (or your end-users) can request access to personal data we hold, ask for corrections, or request deletion of data, and Flowella will assist in fulfilling those requests quickly and transparently. For example, if an end-user or customer wants to know what data of theirs is stored, or wants it erased, we have processes in place to provide that information or delete the data as required. Our commitment to GDPR compliance means we handle personal data lawfully, fairly, and transparently at all times.

By adhering to these stringent security practices and privacy principles, Flowella ensures that your data remains secure, private, and is only retained as long as necessary to serve you and your customers. You can integrate WhatsApp with confidence, knowing that data security is at the core of everything we do on the Flowella platform.