Last updated: March 24, 2025
Applies to: EU/EEA (GDPR) & USA (CCPA/CPRA)
At Flowxtra GmbH, privacy is not just a compliance checkbox—it’s a core principle. We embed privacy and data security by design across all systems and services, ensuring adherence to major global data protection laws, including:
EU General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
California Privacy Rights Act (CPRA)
Swiss Data Protection Act (revDSG)
Other applicable global laws
Flowxtra GmbH
Wipplingerstraße 20/18, 1010 Vienna, Austria
📧 privacy@flowxtra.com
📞 +43 676 905 4441
Imprint
Flowxtra is a global AI-powered recruitment platform offering tools for companies and candidates to connect through intelligent matching, resume optimization, and transparent workflows.
We process personal data based on the following GDPR & US-compliant legal grounds:
Consent – Job alerts, marketing, analytics, optional cookies
Contractual necessity – Platform usage, job application processing
Legal obligation – Accounting, tax, anti-fraud
Legitimate interests – Platform improvements, fraud prevention, recruitment analytics
User rights management – As required under GDPR, CPRA, and others
Depending on your role (Candidate, Company, or Admin), we may collect:
Name, email, phone, location
Resume/CV, job preferences
Uploaded documents
Application history and activity logs
Company name, industry, representative contacts
Billing and invoicing data (via Stripe/SevDesk)
Job post content and recruiter activity
IP address, browser/device metadata
Tracking data (Google Analytics, cookies)
reCAPTCHA logs to detect bots
Flowxtra ensures lawful cross-border data transfers. Our infrastructure spans:
EU Data Centers: Verpex (Austria/Germany)
US Providers: Google Cloud, Firebase (SCCs + DPF Certified)
Asia: Google Cloud (Singapore) for regional availability
Billing: Stripe (US, DPF Certified), SevDesk (Germany, GDPR compliant)
Transfer mechanisms used:
Standard Contractual Clauses (SCCs)
EU-U.S. Data Privacy Framework
DPAs with all sub-processors
🌐 EU-only data processing is available upon request.
Flowxtra implements robust technical and organizational security controls:
AES-256 encrypted data storage
Secure cloud infrastructure (Verpex, Google Cloud)
Role-based access controls
TLS/SSL encryption
Regular security audits and vulnerability scans
Bot protection via reCAPTCHA
Routine backups with defined retention periods
Flowxtra retains your data as follows:
| User Type | Retention Period |
|---|---|
| Active Users | While account is active |
| Inactive Users | Deleted/anonymized after 12 months |
| Legal Records | Retained for 7 years (billing, tax, audit) |
| Backups | Deleted automatically after 30 days |
| Cookies & Tracking | As per Cookie Policy |
Flowxtra uses AI for candidate-job matching and resume enhancement. However:
No fully automated decisions are made.
Humans always review AI-generated results before presenting them to clients.
This aligns with Article 22 GDPR and avoids automated hiring decisions.
US (CCPA/CPRA) ComplianceFlowxtra respects your rights under US data privacy laws. If you are a California resident, you have the right to:
Access your personal data
Request deletion
Correct inaccuracies
Opt out of data “sales” (Flowxtra does not sell personal data)
Limit use of sensitive personal data (Flowxtra does not collect such data)
📬 To exercise US data rights, email us at: privacy@flowxtra.com
You can exercise the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your data |
| Rectification | Fix errors or update your info |
| Erasure (Right to be Forgotten) | Ask us to delete your data |
| Restriction | Temporarily stop processing in certain cases |
| Portability | Receive data in a machine-readable format |
| Object | Opt out of processing (e.g., for marketing) |
| Withdraw Consent | Revoke any prior consent |
| Complain to Authority | Austrian DPA: www.dsb.gv.at |
Submit requests via:
🔗 Data Request Form
📧 privacy@flowxtra.com
We use cookies to:
Remember your preferences
Analyze performance (Google Analytics, Adobe Analytics)
Prevent fraud (via reCAPTCHA)
Display location-based content
Cookie preferences can be managed via our Cookie Settings Panel.
Flowxtra uses third parties under strict data protection agreements:
| Vendor | Purpose | Legal Basis |
|---|---|---|
| Google / Firebase | Hosting, analytics | SCCs + DPF |
| Stripe | Payment processing | DPF + Art. 6(1)(b) |
| SevDesk | Invoice generation | Art. 6(1)(c) |
| Mailchimp | Newsletter (opt-in only) | Consent-based |
| Verpex | EU-based cloud infrastructure | Art. 6(1)(f) |
We may update this Data Protection Statement when necessary. Material changes will be communicated via our platform and email.
For all data protection inquiries:
Data Protection Officer (DPO):
📧 privacy@flowxtra.com
📍 Flowxtra GmbH, Wipplingerstraße 20/18, 1010 Vienna, Austria
