Privacy Policy

Flowtropic Private Limited

Last updated: March 2026

1. Introduction

FlowTropic is a product of Flowtropic Private Limited ("we," "our," or "us"), a company incorporated under the Companies Act 2013, bearing CIN U62099KL2026PTC101981, registered at C/O Vinu P, Payingattu Veedu, Karuvampoyil, Kozhikode, Kerala - 673572.

We provide AI-powered social commerce automation solutions for merchants on Instagram. This Privacy Policy explains how we collect, use, store, and protect data from both the Merchant (User) and the End-Customer (Shopper) in accordance with the Information Technology Act 2000, the Digital Personal Data Protection Act 2023 (DPDP Act), and applicable Meta Platform policies.

2. Information We Collect

From the Merchant (You)

  • Account information including name, email, and business profile details obtained via Google OAuth.
  • Inventory data including product names, prices, stock status, and image links provided through our merchant dashboard.
  • Courier and shipment details including tracking IDs and courier service names.

From the End-Customer (Shopper)

  • Conversation data including incoming Instagram DMs and comments required to identify products and process orders.
  • Order fulfilment data including full name, delivery address, phone number, and email provided during the ordering process.
  • Payment reference data including Transaction IDs (UTR numbers) shared for payment verification.

What We Do Not Collect

We do not collect, store, or process credit card numbers, bank account passwords, UPI PINs, or any sensitive financial credentials directly.

3. How We Use Your Information

We use data strictly to operate as an automated sales assistant:

  • Product identification - analyzing Instagram post captions and images to understand which product a customer is enquiring about.
  • Order processing - storing customer shipping details to generate order records and facilitate delivery coordination.
  • Payment verification - extracting Transaction IDs from shared payment screenshots for merchant review and confirmation.
  • Order notifications - sending order status updates including payment confirmation and shipment tracking to customers via Instagram DM.

4. AI and Data Processing

We use third-party large language models including Google Gemini to generate natural language responses. Conversation text shared with AI providers is minimized and anonymized wherever possible. No personally identifiable information is shared with AI providers beyond what is strictly necessary to process a specific interaction.

All payment verifications are provisional until manually confirmed by the Merchant. No automated financial decisions are made without human review.

5. Data Retention

  • Merchant account data is retained for the duration of the active subscription and deleted within 30 days of account disconnection.
  • End-customer order data is retained for 180 days from the date of the order to support dispute resolution and delivery tracking.
  • Payment reference screenshots are deleted within 90 days of order completion.
  • Conversation logs are retained for 90 days for service improvement and then permanently deleted.

6. Data Sharing

We do not sell personal data under any circumstances. We share data only with the following service providers strictly to operate our platform:

  • Meta Platforms Inc. - via the Instagram Graph API to send and receive messages.
  • Google Cloud - for authentication services.
  • PostgreSQL and Redis - for secure data storage and session management.
  • Razorpay - for payment link generation where applicable.

All third-party providers are contractually bound to handle data in compliance with applicable privacy laws.

7. Data Security

We implement industry-standard security measures including encrypted data transmission, access controls, and secure cloud infrastructure. However, no system is completely secure. We will notify affected users promptly in the event of any data breach as required under applicable law.

8. Your Rights

Merchants have the right to:

  • Access all data we hold about your account and business.
  • Request correction of inaccurate data.
  • Disconnect Sasha AI at any time - upon disconnection, access tokens are deleted immediately.
  • Request complete data deletion by contacting us.

End-Customers have the right to:

  • Request access to personal data stored about them.
  • Request deletion of their order data, address, or conversation history.
  • Make such requests directly or through the Merchant via our Data Deletion request process.

To exercise any of these rights, contact us at the details below.

9. Grievance Officer

In accordance with the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023, we have appointed a Grievance Officer to address privacy concerns:

  • Name: Jayadeep PV
  • Designation: Director, Flowtropic Private Limited
  • Email: flowtropiv26@gmail.com
  • Address: C/O Vinu P, Payingattu Veedu, Karuvampoyil, Kozhikode, Kerala - 673572
  • Response time: We will respond to all grievances within 30 days of receipt.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated to active Merchants via email. Continued use of Sasha AI after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

  • Flowtropic Private Limited
  • Email: flowtropiv26@gmail.com
  • Address: C/O Vinu P, Payingattu Veedu, Karuvampoyil, Kozhikode, Kerala - 673572