Privacy Policy
Last updated · July 2026
Who is responsible
The controller for data processing on this service is Florian Wasmeier (Flow), Thannöd 18, 84371 Triftern, Germany. Contact: hello@gowiththeflow.io.
What we collect
· Account data — name, email, and authentication identifiers when you sign up (email, Google, or magic link).
· Content you upload — product packshots, SKU data, brand assets, and the on-model images generated from them.
· Billing data — plan, invoices and payment status (card details are handled by Stripe; we never see full card numbers).
· Usage & technical data — generation activity, credits, and standard server logs (IP, timestamps) needed to run and secure the service.
Why we process it (legal basis)
To provide the service and fulfil our contract with you (Art. 6(1)(b) GDPR), to meet legal and accounting obligations (Art. 6(1)(c)), and for our legitimate interest in operating, securing and improving the product (Art. 6(1)(f)). We do not run advertising trackers.
Cookies & analytics
Essential cookies keep you signed in and secure the service (Art. 6(1)(b)/(f) GDPR) — these are always active. We also measure aggregate, cookieless traffic and performance (Vercel Web Analytics & Speed Insights), which set no cookies and identify no individual.
Optional product analytics (PostHog, hosted in the EU) help us understand how the studio is used so we can improve it. Because PostHog sets cookies, it runs only if you consent via our cookie banner (Art. 6(1)(a) GDPR, § 25 TTDSG). You can withdraw consent at any time by declining the banner or clearing the atelier-analytics-consent setting in your browser storage; withdrawal does not affect prior lawful processing. Error diagnostics (Sentry) store only a pseudonymous account identifier, no IP or form contents.
AI image generation
To create on-model imagery, the packshots and reference images you provide are sent to Google's Gemini image model. Google acts as a processor for this generation; images are stored in our private storage bucket and served to you via short-lived signed links.
Processors we use
We share data only with the service providers needed to run Atelier:
- Vercel— Application hosting & CDN · EU / USA
- Supabase— Database, authentication & file storage · EU (Frankfurt)
- Google (Gemini API)— AI image generation · USA
- Stripe— Payments & billing · EU / USA
- Resend— Transactional email · EU / USA
- Sentry— Error monitoring & diagnostics · EU (Germany)
- Vercel Web Analytics— Cookieless, aggregate traffic statistics · EU / USA
- PostHog— Product analytics (only with your consent) · EU
Where data is processed outside the EU, transfers rely on EU Standard Contractual Clauses or an adequacy decision.
How long we keep it
Account and content data are retained while your account is active and for a reasonable period afterward, then deleted. Invoices are kept for the statutory retention period.
Your rights
You have the right to access, correct, delete, restrict, and port your data, and to object to processing (Art. 15–21 GDPR). To exercise any of these, or to request account deletion and a data export, email hello@gowiththeflow.io and we will action it. You may also complain to a supervisory authority.