Privacy Policy

1. Who We Are

Session Flo ("we", "us", or "our") is the operator of sessionflo.com. We provide interactive session tools including polls, quizzes, word clouds, icebreakers, and collaborative agendas for facilitators, teachers, and teams.

If you have any questions about this Privacy Policy, please contact us at [email protected].

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide

• Account information: Name and email address when you sign up for an account.
• Profile details: Any optional profile information you choose to add.
• Session content: Polls, quizzes, questions, and other content you create within the platform.
• Communications: Messages you send to us via contact forms or email.
• Payment information: Billing details processed securely by our payment provider (Stripe). We do not store card numbers directly.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, and actions taken within the platform.
• Device and browser information: IP address, browser type, operating system, and device identifiers.
• Cookies and similar technologies: Session cookies for authentication and preference cookies to remember your settings.

2.3 Participant Data

When attendees participate in a session (e.g., respond to a poll), we collect their responses. Participants can optionally remain anonymous. We do not require participants to create accounts or provide personal information to join a session.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Session Flo platform.
• Authenticate you and manage your account.
• Process payments and send billing-related communications.
• Send service notifications, updates, and administrative messages.
• Respond to your support requests and enquiries.
• Analyse usage patterns to improve features and user experience.
• Detect, investigate, and prevent fraud and security incidents.
• Comply with our legal obligations.

We do not sell your personal data to third parties, and we do not use your data for targeted advertising.

4. Legal Basis for Processing

Where applicable under GDPR and similar legislation, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to deliver the services you have signed up for.
• Legitimate interests: Analytics, security monitoring, and service improvement, balanced against your rights.
• Legal obligation: Where we are required to retain or disclose data by law.
• Consent: For optional cookies and marketing communications (where we seek your explicit consent).

5. Sharing Your Information

We share your data only in the following circumstances:

• Service providers: Trusted third-party vendors who help us operate the platform (e.g., cloud hosting, payment processing, email delivery). They are contractually bound to protect your data and may not use it for their own purposes.
• Authentication providers: If you sign in using Google or Microsoft OAuth, those providers process your credentials in accordance with their own privacy policies.
• Legal requirements: If required by law, regulation, or valid legal process.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance if this occurs.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Session response data is retained to allow you to review historical results; you may delete individual sessions and their data at any time from your dashboard.

7. Cookies

We use the following types of cookies:

• Essential cookies: Required for authentication and to keep you signed in. These cannot be disabled without affecting core functionality.
• Preference cookies: Store settings such as your chosen theme (light/dark mode).
• Analytics cookies: Help us understand how the platform is used so we can improve it. You may opt out of analytics cookies.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data is transmitted over encrypted connections (HTTPS/TLS). Passwords are hashed using industry-standard algorithms and are never stored in plain text.

While we take security seriously, no system is entirely immune from risk. If you discover a security vulnerability, please contact us at [email protected].

10. International Data Transfers

Your data may be processed and stored in countries outside your own, including countries that may have different data protection laws. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Session Flo is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the platform. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of Session Flo after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: