Privacy Policy
We are committed to protecting your privacy and being transparent about how we handle your data.
Last updated: 9 June 2026
1. Who We Are
Session Flo ("we", "us", or "our") is the operator of sessionflo.com. We provide interactive session tools including polls, quizzes, word clouds, icebreakers, and collaborative agendas for facilitators, teachers, and teams.
If you have any questions about this Privacy Policy, please contact us at [email protected].
2. Information We Collect
We collect information in the following ways:
2.1 Information You Provide
- Account information: Name and email address when you sign up for an account.
- Profile details: Any optional profile information you choose to add.
- Session content: Polls, quizzes, questions, and other content you create within the platform.
- Communications: Messages you send to us via contact forms or email.
- Payment information: Billing details processed securely by our payment provider (Stripe). We do not store card numbers directly.
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, and actions taken within the platform.
- Device and browser information: IP address, browser type, operating system, and device identifiers.
- Cookies and similar technologies: Session cookies for authentication and preference cookies to remember your settings.
2.3 Participant Data
When attendees participate in a session (e.g., respond to a poll), we collect their responses. Participants can optionally remain anonymous. We do not require participants to create accounts or provide personal information to join a session.
2.4 Google User Data
If you choose to sign in with Google or connect your Google account, we collect and access the following Google user data:
- Basic profile information: Your name, email address, and profile picture (via OpenID, profile, and email scopes).
- Google Calendar events: We access your Google Calendar to create, read, and update calendar events for sessions you create on sessionflo.com.
- Google Contacts: We access your contacts list (including regular contacts, other contacts, and directory contacts) to allow you to add attendees from your existing contacts when creating calendar invitations.
How we use Google user data: We only use Google user data to provide the core functionality of our service. Specifically, we use Google Calendar data to create, read, and update sessionflo.com events that you create on our platform. We use Google Contacts data solely to allow you to add contacts from your contacts list when creating sessions or calendar invitations.
Data sharing and disclosure: We do not share, transfer, or disclose Google user data to third parties for advertising or marketing purposes. We only disclose Google user data to service providers acting on our behalf to operate the service, or where required by law, and only to the extent necessary.
Data protection for Google user data: All Google user data is stored separately and encrypted securely using industry-standard encryption protocols. We do not collect or store sensitive personal information beyond what is necessary to provide our services. All data transmission occurs over encrypted HTTPS/TLS connections.
No sale of Google user data: We do not and will never sell Google user data to third parties. Your Google data is used exclusively to improve our application's functionality and user experience as described above.
Data retention and deletion: Google OAuth tokens are stored to enable the Calendar/Contacts integration while your account remains active. If you disconnect your Google account (or revoke access in your Google Account settings), we will delete the stored Google access/refresh tokens from our systems so we can no longer make Google API requests on your behalf. If you delete your Session Flo account, we will delete associated Google tokens within 30 days, unless we are required to retain certain data for legal or compliance purposes.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Session Flo platform.
- Authenticate you and manage your account.
- Process payments and send billing-related communications.
- Send service notifications, updates, and administrative messages.
- Respond to your support requests and enquiries.
- Analyse usage patterns to improve features and user experience.
- Detect, investigate, and prevent fraud and security incidents.
- Comply with our legal obligations.
We do not sell your personal data to third parties, and we do not use your data for targeted advertising.
4. Legal Basis for Processing
Where applicable under GDPR and similar legislation, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to deliver the services you have signed up for.
- Legitimate interests: Analytics, security monitoring, and service improvement, balanced against your rights.
- Legal obligation: Where we are required to retain or disclose data by law.
- Consent: For optional cookies and marketing communications (where we seek your explicit consent).
5. Sharing Your Information
We share your data only in the following circumstances:
- Service providers: Trusted third-party vendors who help us operate the platform (e.g., cloud hosting, payment processing, email delivery). They are contractually bound to protect your data and may not use it for their own purposes.
- Authentication providers: If you sign in using Google or Microsoft OAuth, those providers process your credentials in accordance with their own privacy policies.
- Legal requirements: If required by law, regulation, or valid legal process.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance if this occurs.
Google user data is not shared for third-party use: Notwithstanding the above, we do not share, transfer, or disclose any Google user data (including calendar events and contacts) to third parties for their own purposes, including advertising or marketing. We only disclose Google user data where required by law or to service providers acting on our behalf to operate the service, and only to the extent necessary.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Session response data is retained to allow you to review historical results; you may delete individual sessions and their data at any time from your dashboard.
7. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication and to keep you signed in. These cannot be disabled without affecting core functionality.
- Preference cookies: Store settings such as your chosen theme (light/dark mode).
- Analytics cookies: Help us understand how the platform is used so we can improve it. You may opt out of analytics cookies.
For a full list of the cookies Session Flo uses, including their names and purposes, please read our Cookie Policy.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Receive your data in a structured, machine-readable format.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data is transmitted over encrypted connections (HTTPS/TLS). Passwords are hashed using industry-standard algorithms and are never stored in plain text.
While we take security seriously, no system is entirely immune from risk. If you discover a security vulnerability, please contact us at [email protected].
10. International Data Transfers
Your data may be processed and stored in countries outside your own, including countries that may have different data protection laws. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
11. Children's Privacy
Session Flo is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the platform. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of Session Flo after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: