Privacy Policy

Last Updated: January 1, 2026
Website: flowexam.com
Contact: antoine@flowexam.com

1. Introduction

Welcome to FlowExam.com ("the Site"). This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect your personal data when you access our online training platform.

FlowExam is an educational platform designed to help users prepare for their exams through interactive tests and educational content. We are committed to protecting your privacy and respecting your personal data rights.

By accessing or using our Service, you agree to the terms of this Policy. If you do not agree to these terms, please do not use our services.

2. Applicable Laws

This Privacy Policy complies with the following legislation:

Regulation (EU) 2016/679 of April 27, 2016 (GDPR)
French Data Protection Act of January 6, 1978, as amended
California Consumer Privacy Act (CCPA) for California residents
Any other applicable local legislation

In the event of a conflict between this Policy and local legislation, the more protective legislation shall prevail.

3. Definitions

"Service" refers to the FlowExam platform, website, mobile application, and all related services we offer.
"User" refers to any natural or legal person who accesses or uses our Service.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Data Controller" refers to SAS Elite Education, responsible for decisions regarding the processing of your data.
"Data Processor" refers to our service providers who process your data on our behalf.

4. Personal Data Collected

4.1 Data Collected Automatically

When you browse the Site, certain data is collected automatically:

Connection Data: IP address, browser type and version, operating system, device used
Location Data: Approximate location based on IP address
Browsing Data: Pages viewed, session duration, traffic source, actions taken
Cookies and Similar Technologies: Unique identifiers, user preferences
Performance Data: Loading speed, technical errors

4.2 Data Collected Voluntarily

When you use certain features of the Service, we may collect:

Identification Information: Name, first name, email address, phone number (optional)
Account Information: Username, password (encrypted), account creation date
Payment Information: Billing details, transaction history (processed via our secure providers like Stripe)
Educational Usage Data: Test scores, course progress, time spent, answers to questions, learning preferences
Communication Information: Messages, support requests, feedback
Demographic Data: Education level, field of study, learning objectives

4.3 Sensitive Data

We do not collect any sensitive data as defined by the GDPR (health data, political opinions, religious beliefs, biometric data, etc.).

5. Purposes of Processing

Your personal data is collected and processed for the following purposes:

Account Management: Creation, authentication, security, and administration of your user profile
Service Delivery: Access to the platform, participation in courses and tests, generation of certificates
Payment Processing: Billing, subscription management, refunds, fraud prevention
Communications: Sending transactional emails, order confirmations, course notifications, customer support
Service Improvement: Usage analysis, educational statistics, usability, performance, content personalization
Legal Obligations: Compliance with tax, accounting, and legal requirements
Security and Protection: Fraud detection and prevention, protection of our rights and those of others
Marketing: Sending newsletters, promotional offers (only with your consent)

6. Legal Basis for Processing

In accordance with the GDPR, the processing of your data is based on one of the following legal grounds:

Your Consent: For marketing cookies, newsletters, promotional communications
Performance of a Contract: For account creation, platform access, payments, service provision
Compliance with Legal Obligations: For billing, taxation, legal requirements
Legitimate Interest: For Service improvement, security, fraud prevention, statistical analysis

7. Data Recipients

Your personal data may be shared with:

Our Team: FlowExam members strictly authorized to access your data to provide you with the Service
Service Providers:
- Hosting and infrastructure providers
- Payment processors (Stripe, PayPal, etc.)
- Analytics tools (Google Analytics, Mixpanel, etc.)
- Emailing and communication providers
- Customer support tools
All our providers act as Data Processors and comply with the GDPR through data processing agreements
Legal Authorities: If required by law, voluntarily, or upon official request
Potential Acquirers: In the event of a merger, acquisition, or sale of assets (with prior notification)

We never sell your personal data to third parties for commercial purposes.

8. Retention Period

We retain your personal data only for the duration necessary for the processing purposes:

Active Account Data: Retained as long as your account is active
Inactive Accounts: Deleted after 24 months of inactivity (with prior notification)
Payment and Billing Data: Retained for 10 years in accordance with French accounting obligations
Browsing/Cookie Data: Retained for a maximum of 13 months
Support Data: Retained for 3 years after the end of the business relationship
Marketing Data: Retained until you unsubscribe

After these periods, your data is permanently deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

Encryption: HTTPS/TLS 1.2+ transmission, password encryption
Infrastructure: Secure servers hosted in the European Union
Access Control: Strong authentication, restricted access based on the need-to-know principle
Security Audits: Regular penetration testing, compliance audits
Processor Compliance: Data processing agreements, regular audits
Incident Response: Procedures in case of data breach

Limitation of Liability: Despite these precautions, no system is completely invulnerable. By using the Internet, you acknowledge that absolute security does not exist. We cannot be held liable for security breaches resulting from circumstances beyond our control.

10. Minors

The GDPR considers individuals under 15 years of age to require consent from a legal guardian (parent or guardian) before any personal data collection.

Minor Users: FlowExam may be used by minors, but consent from a parent or guardian is required
Age Verification: We do not collect information allowing automatic age verification
Parental Responsibility: Parents/guardians are responsible for the use of the Service by minors

If we discover that a minor has used our Service without parental consent, we will take appropriate measures to delete their data.

11. Your Rights

In accordance with the GDPR, you have the following rights:

11.1 Right of Access

You have the right to obtain a copy of all personal data we hold about you.

11.2 Right to Rectification

You have the right to correct or update your inaccurate or incomplete data.

11.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data, unless we have a legal obligation to retain it.

11.4 Right to Restriction of Processing

You may request that we limit the processing of your data under certain circumstances.

11.5 Right to Object

You have the right to object to the processing of your data for marketing or legitimate interest purposes.

11.6 Right to Data Portability

You have the right to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

11.7 Right to Withdraw Consent

You may withdraw your consent at any time without affecting the lawfulness of prior processing.

11.8 Exercising Your Rights

To exercise any of these rights, please contact us at: antoine@flowexam.com

Include in your request:

Your name and email address
A clear description of your request
Proof of identity (copy of an ID document if necessary)

Response Time: We will respond to your request within 30 days of receipt. This period may be extended by an additional 60 days for complex requests.

11.9 Right to Lodge a Complaint

If you believe that we are violating your personal data rights, you have the right to file a complaint with the competent data protection authority (CNIL in France).

12. Cookies and Tracking Technologies

12.1 What is a Cookie?

A cookie is a small text file stored on your device when you visit our Site. Cookies allow us to recognize you and personalize your experience.

12.2 Types of Cookies Used

Functional Cookies: Ensure the proper functioning of the Site (authentication, language preferences)
Analytical Cookies: Analyze audience and improve user experience (Google Analytics)
Marketing Cookies: Customize content and advertisements (social networks, retargeting)
Third-Party Cookies: Placed by third parties for the same purposes

12.3 Cookie Management

Acceptance: You can accept all cookies via the consent banner
Refusal: You can refuse non-essential cookies
Management: You can manage your preferences in your browser settings

Impact: Disabling functional cookies may limit certain Site features.

12.4 Cookie Consent

In accordance with ePrivacy law, we ask for your explicit consent before placing non-essential cookies on your device. You can change your preferences at any time.

13. Subscriptions and Cancellation

13.1 Subscription Terms

FlowExam Elite Offer: Monthly subscription renewed automatically
Start Date: Takes effect on the date of payment
Renewal: Automatic every month, unless canceled

13.2 Cancellation

Method: Cancellation possible at any time via a simple email to antoine@flowexam.com
Notice Period: Cancellation takes effect at the end of the month corresponding to the last payment made
Partial Month: Any month started is due in full
Confirmation: A cancellation confirmation will be sent to you by email

13.3 Refund

Refunds are only granted in cases provided by law (14-day right of withdrawal). No pro-rata refunds are granted for cancellations mid-month.

14. Policy Changes

This Privacy Policy may be modified at any time to:

Remain compliant with current legislation
Incorporate evolving practices
Improve clarity and transparency

14.1 Notification of Changes

Minor Changes: Display of the update date
Substantial Changes: Notification by email or banner on the Site
Effective Date: Changes take effect 30 days after notification

By continuing to use the Service after changes, you accept the updated Policy.

15. Data Controller

The personal data controller is:

SAS Elite Education
Simplified Joint Stock Company
Registered with the Trade and Companies Register (RCS) of France
Contact: antoine@flowexam.com
Website: https://flowexam.com

16. Data Protection Officer (DPO)

For any questions regarding this Policy or the protection of your data, you can contact our Data Protection Officer:

📧 antoine@flowexam.com

17. Disclaimer

Service Provided "As Is": The Service is provided "as is" and "as available"
No Warranties: We do not guarantee that the Service will be error-free or uninterrupted
Use at Your Own Risk: You use the Service at your own risk
Limitation of Liability: We are not responsible for indirect or consequential damages

18. Final Provisions

Entire Agreement: This Policy constitutes the entire agreement between you and FlowExam regarding data protection
Severability: If a provision is found to be invalid, the others remain in effect
Governing Law: This Policy is governed by French law
Jurisdiction: Disputes are subject to the jurisdiction of the French courts

19. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our personal data practices:

📧 Email: antoine@flowexam.com
🌐 Website: https://flowexam.com

Last Updated: January 1, 2026