What you need to know
FlowKix is an AI-operated marketing agency. We collect minimal data from visitors to flowkix.com, and we process data on behalf of our clients to run their marketing on platforms like Instagram, Facebook, LinkedIn, and Google. We never sell personal data, we don't use it to train AI models, and you can request deletion at any time by emailing privacy@flowkix.com.
01Who we are¶
FlowKix is a brand operated by KUIK GROUP LLC, a limited liability company registered in the State of North Carolina, United States, with offices in Charlotte, NC. In this Privacy Policy, "FlowKix", "we", "us", and "our" refer to KUIK GROUP LLC d/b/a FlowKix.
FlowKix is a digital marketing agency that combines strategy, content production, paid media management, and automation to operate marketing programs end-to-end for small and mid-sized businesses. We build and run our own proprietary platforms — referred to throughout this policy as the FLOWKIX HUB (our client portal), FLOWKIX CORE (strategy), FLOWKIX STUDIO (content), and FLOWKIX AUTO (automation infrastructure).
For any privacy-related inquiry, please contact us at privacy@flowkix.com.
02Scope & our two roles¶
This policy applies to personal data we process in two distinct capacities:
2.1 FlowKix as a Data Controller
We act as a Controller when we determine why and how data is processed. This covers data we collect directly from:
- Visitors to flowkix.com and any FlowKix-operated subdomain (e.g.
hub.flowkix.com). - Prospects who book a discovery call, request a proposal, or contact us.
- Clients and their authorized users when they access the FLOWKIX HUB.
- Job applicants, vendors, and other business contacts.
2.2 FlowKix as a Data Processor
We act as a Processor (or "service provider" under CCPA/CPRA) when we operate marketing accounts and automation on behalf of our clients. In that role, our clients are the Controllers of the data, and FlowKix only processes it on their documented instructions and under the terms of our service agreement (which includes a Data Processing Addendum where applicable).
Examples of data we handle as a Processor:
- Information about a client's Instagram followers, Facebook page fans, LinkedIn connections, ad audiences, or email subscribers.
- Comments, direct messages, and engagement metrics retrieved through the Meta Graph API, LinkedIn API, or other platform APIs.
- Conversion data and audience signals collected via tracking pixels installed on a client's website.
- Customer lists a client uploads to the FLOWKIX HUB for audience building or email marketing.
If you became aware of FlowKix because you interacted with one of our clients' Instagram, Facebook, LinkedIn, TikTok, X, or email channels, the Controller of your data is the client, not FlowKix. Please consult that business's own privacy policy first. You may still contact us at privacy@flowkix.com and we will route your request to the Controller and assist them in honoring it.
03Information we collect¶
3.1 Information you provide directly
- Contact data: name, business name, email, phone number, role/title, country.
- Account data: if you become a client, account credentials for the FLOWKIX HUB (hashed passwords, MFA factors) and the team members you invite.
- Commercial data: proposals signed, invoices issued, payment status. Card numbers are processed by our PCI-DSS-compliant payment processors — we never see or store full card details.
- Communications: emails you send us, messages in the HUB, notes from discovery calls.
- Brand assets: logos, brand guidelines, photos, and other content you upload for use in your campaigns.
3.2 Information collected automatically
- Device & usage data: IP address, user-agent string, browser type, operating system, referring URL, pages viewed, timestamps, and approximate location derived from IP.
- Cookies & similar technologies: see Section 8.
- Server logs: we keep technical logs of HUB activity for security, debugging, and audit purposes.
3.3 Information collected from platforms (when operating client accounts)
When a client authorizes FlowKix to operate their social, advertising, or analytics accounts, we receive data through official platform APIs. The exact data depends on the permissions the client grants. It can include:
- Page and account identifiers, profile names, profile pictures, and account metadata.
- Posts, captions, comments, direct messages, and media assets created by or addressed to the client's account.
- Engagement and reach metrics (impressions, clicks, saves, shares, video views, watch time).
- Audience demographics in aggregate form (age range, gender, country, city) where the platform provides them.
- Ad campaign data: spend, results, audience definitions, conversion events.
3.4 Information from third-party services
- Analytics providers (e.g. Google Analytics 4, Meta Pixel, LinkedIn Insight Tag) installed by us on client sites under the client's instruction.
- Email service providers (deliverability reports, bounce data, open/click events when permitted).
- Identity providers if you sign in to the HUB via Google or another federated login (we receive only your email, name, and profile picture).
- Publicly available sources for prospecting and competitive research.
We do not knowingly collect special categories of personal data (such as health, political opinions, religious beliefs, or precise location) and we ask clients not to upload such data to the HUB.
04How we use information¶
We use personal data for the following purposes:
- Deliver the services — produce content, schedule posts, run paid campaigns, send emails, generate reports, and operate the FLOWKIX HUB.
- Authenticate users — verify identity, prevent unauthorized access, and protect accounts.
- Communicate with you — respond to inquiries, send transactional emails (invoices, system notifications), and provide support.
- Improve our platforms — debug issues, monitor performance, and develop new features.
- Marketing & outreach — send our own marketing emails to prospects and clients, with the ability to opt out at any time.
- Legal & compliance — comply with applicable laws, tax obligations, and respond to lawful requests.
- Detect fraud & abuse — maintain the security and integrity of our infrastructure.
FlowKix uses large language models and other AI systems (including services from Anthropic, OpenAI, and Google) to generate drafts, captions, ad copy, and content recommendations. We do not allow these providers to train their general-purpose models on client data, and we operate under enterprise/API contracts that prohibit such use. We do not make decisions that produce legal or similarly significant effects about individuals solely by automated means.
05Legal basis for processing (GDPR & UK GDPR)¶
If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data are:
| Basis | When we rely on it |
|---|---|
| Contract | Delivering the services to clients and providing the FLOWKIX HUB. |
| Legitimate interests | Operating, securing, and improving our platforms; B2B prospecting to relevant contacts; fraud prevention. |
| Consent | Marketing cookies, optional analytics, and any marketing emails where required by law. |
| Legal obligation | Tax, accounting, and responding to lawful requests. |
You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To exercise this right, see Section 12.
06Sharing & disclosure¶
We do not sell personal data. We do not "share" personal data for cross-context behavioral advertising as those terms are defined under California law. We disclose personal data only in the following circumstances:
6.1 Service providers (sub-processors)
We rely on a small number of carefully vetted vendors to host, store, and process data on our behalf. These include US-based cloud hosting providers, a managed database provider, an automation infrastructure provider, email delivery providers, AI model providers operating under enterprise contracts, payment processors, and analytics providers. Each sub-processor is bound by contract to confidentiality, security, and use-limitation obligations. A current list of sub-processors is available on request to privacy@flowkix.com.
6.2 Platforms acting on your authorization
When we operate your accounts on platforms such as Meta, LinkedIn, Google, X, TikTok, or Pinterest, those platforms are independent controllers of the data they hold about you and the people who interact with your content. Their own privacy policies govern their use of that data.
6.3 Legal & safety
We may disclose data when we believe in good faith that disclosure is necessary to comply with applicable law, to protect our rights or those of our clients, to enforce our agreements, or to investigate fraud or abuse.
6.4 Business transfers
If FlowKix or KUIK GROUP LLC is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users and ensure any successor continues to honor this policy.
07Platform-specific disclosures¶
Because FlowKix integrates with multiple advertising and social platforms on behalf of clients, the following disclosures describe what we access, how we use it, and how those uses comply with each platform's developer terms.
FlowKix operates an official Meta App (publicly listed as "FLOWKIX Social Publisher") registered with Meta Platforms, Inc. Clients authorize that app to access their Facebook Pages, Instagram Business / Creator accounts, and Ad Accounts via OAuth, granting only the permissions necessary for the contracted services.
Permissions we request, and why:
- pages_show_list, pages_read_engagement, pages_manage_metadata, pages_manage_posts — to list, read, and publish content on the client's Facebook Pages.
- instagram_basic, instagram_content_publish, instagram_manage_insights, instagram_manage_comments — to publish posts, reels, carousels, and stories to the client's Instagram Business / Creator account, retrieve engagement insights, and moderate comments.
- business_management — to operate within the client's Meta Business Manager.
- ads_read, ads_management — to create, manage, and report on paid campaigns in the client's Ad Account when paid-media services are contracted.
- read_insights — to compile performance reports for the client.
We use the data obtained through these permissions solely to deliver the contracted services. We do not transfer Meta Platform Data to any third party except sub-processors strictly necessary to operate the services, we do not use it to train any AI model, we do not enrich profiles of users beyond what Meta returns, and we delete it when it is no longer required (see Section 9).
FlowKix complies with the Meta Platform Terms and the Meta Developer Policies. For data deletion specific to your Instagram or Facebook data held by FlowKix, see Section 13.
With explicit authorization from the client, FlowKix uses LinkedIn's APIs to publish to personal profiles and Company Pages, retrieve engagement analytics, and manage LinkedIn Ads campaigns.
Scopes we request, and why:
- openid, profile, email — to identify the authenticating user and link the account to the client's HUB workspace.
- w_member_social — to publish posts to the authenticated member's profile.
- w_organization_social, r_organization_social, r_organization_admin — to publish and read engagement on Company Pages the client administers.
- rw_ads, r_ads_reporting — to manage and report on LinkedIn Ads campaigns when paid-media services are contracted.
FlowKix uses LinkedIn data only for the contracted services and in compliance with the LinkedIn API Terms of Use and Marketing Developer Platform program agreement. We do not aggregate LinkedIn data with other sources to build profiles of individuals, do not resell it, and do not use it to train AI models.
FlowKix's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to deliver user-facing features of the services contracted by our clients, we do not transfer it for serving advertisements, we do not allow humans to read it except as needed for security, legal, or with explicit user consent, and we do not use it to develop, improve, or train generalized AI/ML models.
Google scopes we may request, depending on the contracted services:
- openid, userinfo.email, userinfo.profile — sign-in to the HUB and identify the authorized user.
- adwords — manage Google Ads campaigns and report on results.
- analytics.readonly — pull traffic and conversion metrics from Google Analytics 4.
- webmasters.readonly — pull organic search performance from Google Search Console.
- business.manage — manage Google Business Profile listings, posts, photos, and review responses.
- youtube.upload, youtube.readonly, youtube.force-ssl — publish video content and read channel analytics. YouTube API data is also governed by the YouTube Terms of Service and the Google Privacy Policy.
- gmail.send — send transactional or scheduled emails on behalf of the client from authorized senders only.
- drive.file — read and write only files the client explicitly shares with the FlowKix app.
- calendar.events — when scheduling integrations are contracted.
You can revoke FlowKix's access to your Google data at any time by visiting myaccount.google.com/permissions.
With client authorization, FlowKix uses the TikTok Content Posting API to publish videos and the TikTok Business API to manage advertising campaigns on the client's TikTok Business / Ads accounts. We use TikTok data solely for the contracted services and in compliance with the TikTok Developer Policy and the TikTok for Business Terms.
With client authorization, FlowKix uses the X API v2 to publish posts, retrieve engagement metrics, and (where contracted) manage X Ads campaigns. We use X data solely for the contracted services and in compliance with the X Developer Agreement and Policy.
With client authorization, FlowKix uses the Pinterest API to publish Pins, manage boards, and operate Pinterest Ads. We use Pinterest data solely for the contracted services and in compliance with the Pinterest Developer Terms.
When email or SMS automation is part of the contracted services, FlowKix uses enterprise messaging providers to deliver communications on behalf of the client. The client remains the sender of record and is responsible for compliance with CAN-SPAM, the Telephone Consumer Protection Act (TCPA), CASL, and any applicable EU/UK e-Privacy regulations. FlowKix configures suppression lists, unsubscribe mechanisms, and double opt-in flows where required.
If a client engages FlowKix to operate a platform not listed above (for example Snapchat Ads, Reddit Ads, Bluesky, Threads, Microsoft Advertising, or a regional network), we will only request the minimum permissions necessary, will use the data solely for the contracted services, and will comply with that platform's developer terms. The list of platforms FlowKix is connected to for a given client is disclosed inside that client's FLOWKIX HUB workspace.
08Cookies & tracking technologies¶
We use a limited set of cookies and similar technologies (local storage, pixels, server-side identifiers) across our properties. Cookies fall into three categories:
| Category | Purpose |
|---|---|
| Strictly necessary | Authentication, session continuity, security, and CSRF protection in the FLOWKIX HUB. Cannot be turned off. |
| Preferences | Remembering your language (e.g. fk-lang) and UI preferences. |
| Analytics | Aggregate measurement of how visitors use flowkix.com so we can improve it. Loaded only with consent where required. |
We do not run third-party advertising trackers on flowkix.com. You can clear cookies via your browser settings at any time. Disabling strictly-necessary cookies will prevent the HUB from functioning.
When FlowKix installs analytics or conversion pixels on a client's website (such as the Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, or Google tags), that processing is governed by the client's own privacy policy and cookie banner — the client is the Controller in that scenario.
09Data retention¶
We keep personal data only as long as it is needed for the purposes described in this policy or as required by law. Indicative retention periods:
| Type of data | Retention |
|---|---|
| Marketing-site analytics | 14 months, then aggregated. |
| Lead and prospect records | Up to 24 months from last interaction, then deleted unless converted to a client. |
| Client account & HUB data | For the duration of the engagement, plus 90 days after termination for export, then permanently deleted unless retention is required by law (e.g. tax records, retained 7 years). |
| Platform tokens (Meta, LinkedIn, Google, etc.) | Encrypted at rest; revoked immediately upon disconnection or service termination. |
| Backups | Encrypted; rolling window of up to 30 days, then overwritten. |
| Security & audit logs | Up to 24 months. |
10Data security¶
FlowKix implements administrative, technical, and physical safeguards designed to protect personal data, including:
- TLS 1.2+ encryption in transit for all FlowKix endpoints.
- Encryption at rest for databases, file storage, and backups.
- Row-level security (RLS) in our multi-tenant database so each client's data is isolated from every other client's.
- Principle-of-least-privilege access controls, audit logging, and mandatory MFA for all FlowKix personnel.
- Secrets stored in a dedicated secret manager — never in source code or shared documents.
- Regular dependency and infrastructure security advisor checks.
No system is perfectly secure. If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the appropriate authorities in accordance with applicable law.
11International data transfers¶
FlowKix is based in the United States and primarily processes data on infrastructure located in the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S. and other countries where our sub-processors operate.
For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable), and we implement supplementary measures such as encryption and access controls as required by the relevant authorities.
12Your privacy rights¶
Depending on where you live, you may have the following rights regarding your personal data. To exercise any of them, contact us at privacy@flowkix.com.
12.1 EEA, UK & Switzerland (GDPR / UK GDPR)
- Access a copy of the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure ("right to be forgotten") in defined circumstances.
- Restriction of processing.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Object to processing based on legitimate interests, including direct marketing.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local data protection authority.
12.2 California (CCPA / CPRA)
California residents have the right to know what categories of personal information we collect, the purposes for collection, the categories of third parties we disclose to, and the categories of personal information we sold or shared (we do not sell or share personal information). California residents also have the right to delete, to correct, to limit the use of sensitive personal information, and to non-discrimination for exercising these rights. You may also designate an authorized agent to act on your behalf.
12.3 Brazil (LGPD), Canada (PIPEDA), and other jurisdictions
If you reside in a jurisdiction with similar data-protection legislation (Brazil, Canada, Colombia, Argentina, Australia, Japan, South Korea, and others), we will honor equivalent rights to the extent they apply.
12.4 Verifying your request
To protect your data, we will verify your identity before responding to a request. For account holders, we use the authenticated session in the FLOWKIX HUB. For all other requests, we may ask you to confirm information we already hold (such as a transaction or registered email). We will respond within the timeframes required by applicable law (typically 30 days under GDPR; 45 days under CCPA).
13Data deletion requests¶
To request deletion of personal data held by FlowKix — including any data we obtained about you through the Meta Graph API (Facebook & Instagram), the LinkedIn API, the Google APIs, or any of the other platforms listed in Section 7 — please follow the instructions below.
How to request deletion
- Send an email to privacy@flowkix.com from the email address associated with your account (or the platform handle whose data you want deleted).
- In the subject line, write:
Data Deletion Request. -
In the body, include:
- Your full name.
- The platform(s) the data was obtained from (e.g. Instagram
@yourhandle, Facebook page name, LinkedIn URL, Google account email, etc.). - The client or business account whose channel you interacted with, if known.
- Whether you want us to delete only data we hold as a Controller, only data we hold as a Processor on behalf of a client, or both.
- You will receive a confirmation within 5 business days and a final completion notice within 30 days.
You can also revoke FlowKix's access to your data directly inside the platform's settings:
- Facebook / Instagram: Settings → Business Integrations — locate "FLOWKIX Social Publisher" and click "Remove".
- LinkedIn: Settings → Data privacy → Permitted services.
- Google: myaccount.google.com/permissions.
- TikTok: Settings → Security & permissions → Manage connected apps.
- X / Pinterest: Settings → Apps & sessions / Connected apps.
This page (https://flowkix.com/privacy#data-deletion) is the official Data Deletion
Instructions URL registered with Meta for the FLOWKIX Social Publisher app. The instructions above
satisfy Meta's data-deletion requirements for Facebook Login and the Instagram Graph API.
14Children's privacy¶
FlowKix is a B2B service intended for businesses and their authorized representatives. We do not knowingly direct our services to children under the age of 16 and we do not knowingly collect personal data from children. If you believe a child has provided personal data to FlowKix, please contact us at privacy@flowkix.com and we will delete it promptly.
15Changes to this policy¶
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make a material change, we will revise the "Last updated" date at the top of this page and, where required by law, notify clients and users by email or through the FLOWKIX HUB. Previous versions are available on request.
16Contact us¶
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:
| privacy@flowkix.com | |
| General inquiries | hello@flowkix.com |
| Postal address | KUIK GROUP LLC d/b/a FlowKix · Charlotte, NC, United States |
| Website | flowkix.com |
For EEA/UK residents who prefer to contact a representative for GDPR purposes, or to designate an authorized agent under CCPA/CPRA, please write to privacy@flowkix.com and we will provide the appropriate contact.