Privacy Policy for Flowmatix - Automation
This page explains how Flowmatix Automation processes personal data in accordance with the GDPR. Last updated: February 17, 2026
Flowmatix Automation provides AI-powered WhatsApp automation and booking workflows for clinics. We process personal data only to the extent necessary to operate this website and deliver our services.
1. General information
This Privacy Policy explains how personal data is processed when using Flowmatix and this website, in accordance with the General Data Protection Regulation (GDPR).
2. Controller
Bastian Barkowski
An der Moorbäke 6 27798 Hude Germany
Email:info@flowmatix.io
3. Our service & roles
Flowmatix provides technical automation for clinic workflows (qualification, booking, reminders, CRM sync). Clinics remain responsible for patient data and clinical decisions.
- Clinic: Data controller for patient data
- Flowmatix: Data processor where applicable (Art. 28 GDPR)
4. Website data (server logs)
When visiting our website, technical data may be processed, such as IP address, browser type, device information, pages visited, and timestamps. This data is used to deliver the website securely and to prevent abuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
5. Contact requests
If you contact us via email, contact forms, or WhatsApp, we process the information you provide (e.g., name, contact details, message content) to respond to your request and, where applicable, prepare a contract.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / contract).
6. WhatsApp automation
Flowmatix enables clinics to communicate with patients via WhatsApp using automation workflows. Message routing, timestamps, and technical metadata may be processed to deliver the service.
Patient conversations are intended to be managed within the clinic’s systems (e.g., clinic CRM).
Legal basis: Art. 6(1)(b) GDPR and Art. 28 GDPR (processing for clinics).
7. Hosting & infrastructure
Our automation services are hosted on infrastructure located in Germany (e.g., Hetzner). This is used to operate the system reliably, securely, and with low latency.
Legal basis: Art. 6(1)(f) GDPR.
8. GoHighLevel (CRM)
Flowmatix may use GoHighLevel to provide CRM environments for clinics. Each clinic operates its own dedicated subaccount. Data stored in the clinic’s CRM is controlled by the clinic.
Legal basis: Art. 6(1)(b) GDPR and Art. 28 GDPR.
9. Payments (Stripe)
Payments are processed by Stripe. Flowmatix does not store full payment details. Stripe may process billing and payment information to complete transactions.
Legal basis: Art. 6(1)(b) GDPR.
10. Data retention
We retain personal data only as long as necessary for the purposes described above or as required by law. Technical logs are stored for a limited period for security and diagnostics.
11. International transfers
Some providers (e.g., Meta/WhatsApp, Stripe) may process data outside the EU/EEA. Where applicable, safeguards such as Standard Contractual Clauses (SCCs) are used.
12. Your rights under GDPR
You have the right to:
- Access your data
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Object to processing
- Lodge a complaint with a supervisory authority
To exercise your rights, contact: info@flowmatix.io
13. Security
We use appropriate technical and organizational measures, including encrypted transport (HTTPS), access controls, and system hardening, to protect personal data.
14. Updates to this policy
We may update this Privacy Policy to reflect legal, technical, or service changes. The current version is always available on this page.