Privacy Policy

Last update: January 1, 2025
Website: flowexam.com
Contact: antoine@flowexam.com

1. Introduction

Welcome to FlowExam.com (hereinafter referred to as the “Site”). This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect your personal data when you access our online training platform.

FlowExam is an educational platform designed to help users prepare for their exams through interactive tests and educational content. We are committed to protecting your privacy and respecting your personal data rights.

By accessing or using our Service, you agree to the terms of this Policy. If you do not agree to these terms, please do not use our services.

2. Applicable Laws

This Privacy Policy complies with the following legislation:

Regulation (EU) 2016/679 of April 27, 2016 (GDPR)
The French Informatique et Libertés Law of January 6, 1978, as amended
The California Consumer Privacy Act (CCPA) for California residents
Any other applicable local legislation

In case of conflict between this Policy and local legislation, the most protective legislation shall prevail.

3. Definitions

“Service” means the FlowExam platform, website, mobile application, and all related services we offer.
“User” means any natural or legal person who accesses or uses our Service.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Data Controller” means SAS Elite Education, responsible for decisions regarding the processing of your data.
“Data Processor” means our service providers who process your data on our behalf.

4. Personal Data Collected

4.1 Data Collected Automatically

When browsing the Site, certain data is collected automatically:

Connection Data: IP address, browser type and version, operating system, device used
Location Data: Approximate location based on IP address
Navigation Data: Pages viewed, session duration, traffic source, actions taken
Cookies and similar technologies: Unique identifiers, user preferences
Performance Data: Loading speed, technical errors

4.2 Data Collected Voluntarily

When you use certain features of the Service, we may collect:

Identification Information: Last name, first name, email address, phone number (optional)
Account Information: User ID, password (encrypted), account creation date
Payment Information: Billing details, transaction history (processed via our secure providers like Stripe)
Educational Usage Data: Test scores, course progress, time spent, answers to questions, learning preferences
Communication Information: Messages, support requests, feedback
Demographic Data: Education level, field of study, learning objectives

4.3 Sensitive Data

We do not collect any sensitive data within the meaning of GDPR (health data, political opinions, religious beliefs, biometric data, etc.).

5. Purposes of Processing

Your personal data is collected and processed for the following purposes:

Account Management: Creation, authentication, security, and administration of your user profile
Service Execution: Access to the platform, participation in courses and tests, certificate generation
Payment Processing: Invoicing, subscription management, refunds, fraud prevention
Communications: Sending transactional emails, order confirmations, course notifications, customer support
Service Improvement: Usage analysis, educational statistics, ergonomics, performance, content personalization
Legal Obligations: Compliance with tax, accounting, and legal requirements
Security and Protection: Fraud detection and prevention, protection of our rights and those of others
Marketing: Sending newsletters, promotional offers (only with your consent)

6. Legal Basis for Processing

In accordance with GDPR, the processing of your data is based on one of the following legal grounds:

Your Consent: For marketing cookies, newsletters, promotional communications
Performance of a Contract: For account creation, platform access, payments, service provision
Compliance with Legal Obligations: For invoicing, taxation, legal requirements
Legitimate Interest: For Service improvement, security, fraud prevention, statistical analysis

7. Data Recipients

Your personal data may be shared with:

Our Team: FlowExam members strictly authorized to access your data to provide you with the Service
Service Providers:
- Hosting and infrastructure providers
- Payment processors (Stripe, PayPal, etc.)
- Analytics tools (Google Analytics, Mixpanel, etc.)
- E-mailing and communication providers
- Customer support tools
All our providers act as data processors and comply with GDPR through data processing agreements
Legal Authorities: If required by law, voluntarily, or upon official request
Potential Acquirers: In the event of a merger, acquisition, or asset sale (with prior notification)

We never sell your personal data to third parties for commercial purposes.

8. Retention Period

We retain your personal data only for the period necessary for the processing purposes:

Active Account Data: Retained as long as your account is active
Inactive Accounts: Deleted after 24 months of inactivity (with prior notification)
Payment and Billing Data: Retained for 10 years in compliance with French accounting obligations
Navigation/Cookie Data: Retained for a maximum of 13 months
Support Data: Retained for 3 years after the end of the business relationship
Marketing Data: Retained until you unsubscribe

After these periods, your data is irreversibly deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

Encryption: HTTPS/TLS 1.2+ transmission, password encryption
Infrastructure: Secure servers hosted in the European Union
Access Control: Strong authentication, restricted access based on the need-to-know principle
Security Audits: Regular penetration testing, compliance audits
Processor Compliance: Data processing agreements, regular audits
Incident Response: Procedures in case of data breach

Limitation of Liability: Despite these precautions, no system is completely invulnerable. By using the Internet, you acknowledge that absolute security does not exist. We cannot be held liable for security breaches resulting from circumstances beyond our control.

10. Minors

GDPR considers persons under the age of 15 to require consent from a legal representative (parent or guardian) before any personal data collection.

Minor Users: FlowExam may be used by minors, but consent from a parent or guardian is required
Age Verification: We do not collect information allowing automatic age verification
Parental Responsibility: Parents/guardians are responsible for the use of the Service by minors

If we discover that a minor has used our Service without parental consent, we will take appropriate measures to delete their data.

11. Your Rights

In accordance with GDPR, you have the following rights:

11.1 Right of Access

You have the right to obtain a copy of all personal data we hold about you.

11.2 Right to Rectification

You have the right to correct or update your inaccurate or incomplete data.

11.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request the deletion of your personal data, unless we have a legal obligation to retain it.

11.4 Right to Restriction of Processing

You may request that we limit the processing of your data under certain circumstances.

11.5 Right to Object

You have the right to object to the processing of your data for marketing or legitimate interest purposes.

11.6 Right to Data Portability

You have the right to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

11.7 Right to Withdraw Consent

You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

11.8 Exercising Your Rights

To exercise any of these rights, please contact us at: antoine@flowexam.com

Include in your request:

Your name and email address
A clear description of your request
Proof of identity (copy of an identification document if necessary)

Response Time: We will respond to your request within 30 days of receipt. This period may be extended by an additional 60 days for complex requests.

11.9 Right of Redress

If you believe that we are violating your personal data rights, you have the right to file a complaint with the competent data protection authority (CNIL in France).

12. Cookies and Tracking Technologies

12.1 What is a Cookie?

A cookie is a small text file stored on your device when you visit our Site. Cookies allow us to recognize you and personalize your experience.

12.2 Types of Cookies Used

Functional Cookies: Ensure the proper functioning of the Site (authentication, language preferences)
Analytical Cookies: Analyze traffic and improve user experience (Google Analytics)
Marketing Cookies: Personalize content and advertisements (social media, retargeting)
Third-party Cookies: Placed by third parties for the same purposes

12.3 Managing Cookies

Acceptance: You can accept all cookies via the consent banner
Refusal: You can refuse non-essential cookies
Management: You can manage your preferences in your browser settings

Impact: Disabling functional cookies may limit certain Site features.

12.4 Cookie Consent

In accordance with ePrivacy law, we ask for your explicit consent before placing non-essential cookies on your device. You can change your preferences at any time.

13. Subscriptions and Cancellation

13.1 Subscription Terms

FlowExam Elite Offer: Monthly subscription renewed automatically
Start: Takes effect on the date of payment
Renewal: Automatic every month, unless canceled

13.2 Cancellation

Method: Cancellation possible at any time via a simple email to antoine@flowexam.com
Deadline: Cancellation takes effect at the end of the month corresponding to the last payment made
Month Started: Any started month remains fully due
Confirmation: A cancellation confirmation will be sent to you by email

13.3 Refund

Refunds are granted only in cases provided by law (14-day right of withdrawal). No pro-rata refund is granted for cancellations mid-month.

14. Policy Changes

This Privacy Policy may be amended at any time to:

Remain compliant with current legislation
Integrate developments in our practices
Improve clarity and transparency

14.1 Notification of Changes

Minor Changes: Display of the update date
Substantial Changes: Notification via email or banner on the Site
Timeline: Changes take effect 30 days after notification

By continuing to use the Service after changes, you accept the updated Policy.

15. Data Controller

The controller of personal data processing is:

SAS Elite Education
Société par Actions Simplifiée (Simplified Joint Stock Company)
Registered with the Trade and Companies Register (RCS) of France
Contact: antoine@flowexam.com
Website: https://flowexam.com

16. Data Protection Officer (DPO)

For any questions regarding this Policy or the protection of your data, you can contact our Data Protection Officer:

📧 antoine@flowexam.com

17. Disclaimer

Service provided “as is”: The Service is provided “as is” and “as available”
No Warranties: We do not guarantee that the Service will be error-free or uninterrupted
Use at your own risk: You use the Service at your own risk
Limitation of Liability: We are not liable for indirect or consequential damages

18. Final Provisions

Entirety: This Policy constitutes the entire agreement between you and FlowExam regarding data protection
Severability: If any provision is found invalid, the others remain in force
Governing Law: This Policy is governed by French law
Jurisdiction: Disputes are subject to the jurisdiction of the French courts

19. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our personal data practices:

📧 Email: antoine@flowexam.com
🌐 Website: https://flowexam.com

Last update: January 1, 2025