Privacy Policy

Last Updated: January 1, 2026

FLOW MOMENTUM LIMITED ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy.This privacy policy explains how we collect, use, share, and protect your personal information when you visit our websites (hosted via Beehiiv), use our mobile or web applications (hosted via Lovable), join our community, or engage with our services.We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. WHO WE ARE (DATA CONTROLLER)

For the purposes of data protection laws, the Data Controller responsible for your personal data is:

FLOW MOMENTUM LIMITED
Company Number: 15513519
Registered Address: Bartle House, 9 Oxford Court, Manchester, England, M2 3WQ
Email: [email protected]

2. THE DATA WE COLLECT ABOUT YOU

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

1. Identity Data: First name, last name, username, or similar identifier.

2. Contact Data: Billing address, email address, and telephone numbers.

3. Financial Data: Partial payment card details (e.g., last 4 digits) and payment history. Note: We do not store full credit card details; these are processed directly by our third-party payment processor, Stripe.

4. Transaction Data: Details about payments to and from you and other details of products and services you have purchased.

5. Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

6. Profile Data: Your username and password, purchases or orders made by you, course progress, community posts, comments, preferences, feedback, and survey responses.

7. Usage Data: Information about how you use our website, products, and services.

8. Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

9. Integrated Service Data: Information from third-party services you choose to connect to our app (e.g., Google Drive metadata, files you select to process).

Special Categories of Personal Data (Health & Training Data)In order to provide our individualized training plans, we may collect Health and Fitness Data via your connection with Garmin. This includes:

* Training activity details (duration, intensity, type).

* Physiological metrics (heart rate, power output, speed).

* Derived training indicators calculated from this data.

We only collect this data with your explicit consent when you connect your Garmin account. You may revoke this connection at any time.

3. HOW WE COLLECT YOUR DATA

We use different methods to collect data from and about you:

A. Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us. This includes personal data you provide when you:

* Sign up for our newsletter or visit our website (via Beehiiv).

* Join our community (via Discord).

* Purchase a product or service.

* Give us feedback or contact us.

B. Third-Party Integrations & Sign-On: We collect data when you choose to connect third-party services:

* Google SSO: When you register or log in using Google, we receive your basic profile information (name, email, profile picture) to authenticate you.

* Google Services: If you connect Google Drive, we access the specific files or metadata necessary to perform the requested actions within the app.

* Garmin Connect: When you link your Garmin account, we receive your training activities and health metrics to analyze your performance.

C. Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing actions using cookies and server logs.

D. Third Parties: We may receive personal data about you from payment providers (e.g., Stripe) or analytics providers (e.g., Google Analytics).

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

1. Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing access to a course or the web app).

2. Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

3. Legal Obligation: Where we need to comply with a legal or regulatory obligation.

4. Consent: Generally, we do not rely on consent as a legal basis other than for sending marketing communications or processing Special Category Data (Health Data).

Specific Purposes for Processing

1. To register you as a new user via Email or Google SSO

* Type of Data: Identity, Contact, Technical
* Lawful Basis: Performance of a contract with you

2. To analyze your training data and generate personalized plans

* Type of Data: Identity, Health & Fitness Data (Special Category), Usage
* Lawful Basis: Explicit Consent (Article 9 UK GDPR) obtained when you connect Garmin.

3. To facilitate Google Drive integration features

* Type of Data: Identity, Technical, Integrated Service Data
* Lawful Basis: Performance of a contract with you (providing the requested app functionality)

4. To process and deliver your order* Type of Data: Identity, C

ontact, Financial, Transaction
* Lawful Basis: Performance of a contract with you

5. To manage our relationship with you

* Type of Data: Identity, Contact, Profile, Marketing & Comms
* Lawful Basis: Performance of a contract; Necessary for our legitimate interests

6. To administer and protect our business

* Type of Data: Identity, Contact, Technical
* Lawful Basis: Necessary for our legitimate interests (network security, troubleshooting)

7. To deliver relevant content and measure effectiveness

* Type of Data: Identity, Contact, Profile, Usage, Marketing
* Lawful Basis: Necessary for our legitimate interests

5. DISCLOSURES OF YOUR PERSONAL DATA (DATA PROCESSORS)

We carefully select service providers that demonstrate compliance with UK and EU data protection standards. We may share your personal data with the following parties:

1. n8n (Workflow Automation)

* Role: Processes training data logic and automates workflows.
* Location: Frankfurt, Germany (EU).
* Compliance: Hosted within the EU/EEA.

2. Supabase (Database Provider for Lovable App)

* Role: Stores user profiles and application data.
* Location: Zurich, Switzerland.
* Compliance: Switzerland is recognized by the UK and EU as providing an adequate level of protection (Adequacy Decision).

3. Google (Google Workspace / Cloud)

* Role: Authentication (SSO), internal email, and Drive integrations.
* Location: Europe (Data residency specifically selected for Google Workspace).
* Compliance: Hosted within the EU/EEA.

4. Stripe (Payment Processor)

* Role: Securely processes payments.
* Location: United States.
* Compliance: Stripe is certified under the EU-U.S. Data Privacy Framework (DPF) and the UK Extension, ensuring secure transfer of payment data.

5. Beehiiv (Website & Newsletter Host)

* Role: Hosts the main website and email delivery services.
* Location: United States.
* Compliance: As per the Beehiiv Acceptable Use Policy (AUP), data is processed in the US. We rely on appropriate safeguards (such as standard contractual clauses or the Data Privacy Framework where applicable) to protect your data.

6. Garmin (Integration)

* Role: Exchanges fitness data via API if connected.
* Location: United States / Global.
* Compliance: For residents of the European Economic Area (EEA), the UK, or Switzerland, personal data is legally controlled by Garmin Würzburg GmbH in Germany.

7. Discord (Community Platform)

* Role: Hosts community interactions and discussions.
* Location: United States.
* Compliance: Discord is certified under the EU-U.S. Data Privacy Framework (DPF).

6. INTERNATIONAL TRANSFERS

We prioritize storing your data within the UK, the EEA, or countries with "Adequacy Decisions" (like Switzerland, where our Supabase database is located).

However, some of our service providers (including Beehiiv, Stripe, and Discord) process data in the United States. Whenever we transfer your personal data out of the UK/EEA, we ensure it is protected by one of the following safeguards:

1. Adequacy Decisions: Transferring to countries (like Switzerland or EEA member states) deemed to provide adequate protection.

2. Data Privacy Framework (DPF): Using providers like Stripe and Discord that are self-certified under the UK Extension to the EU-US Data Privacy Framework.

3. Standard Contractual Clauses (SCCs): Where a provider is not DPF certified, we rely on standard contracts approved for use in the UK which give personal data the same protection it has in the UK.

4. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

* Specific to Google Data: Data accessed via Google APIs (such as Drive files) is used solely for the functionality visible to you in the app and is not used for developing, improving, or training generalized AI models without your permission.

* We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

8. DATA RETENTION

How long will you use my personal data for?

* General: We retain your data as long as you have an active account or as needed to provide services.

* Training Data (Garmin): We retain your synced training metrics to provide historical analysis. If you disconnect Garmin or delete your account, this data is deleted or anonymized.

* Tax & Legal: We keep basic transaction information for six years for tax purposes.

* Marketing: We retain marketing contact details until you unsubscribe.

9. YOUR LEGAL RIGHTS

Under UK data protection laws, you have rights including:

* Request access to your personal data.
* Request correction of your data.
* Request erasure of your data.
* Object to processing (especially regarding marketing).
* Withdraw consent at any time (specifically for the Garmin health data connection or marketing).

If you wish to exercise any of these rights, please contact us at [email protected].

10. CONTACT US

FLOW MOMENTUM LIMITED
Bartle House, 9 Oxford Court, Manchester, England, M2 3WQ
Email: [email protected]

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO) (www.ico.org.uk).

© 2026 Flow Momentum Ltd..

Report abuse

Privacy policy

Terms of use

Powered by beehiiv