Privacy Policy

Last updated: April 7, 2026

1. Introduction

FlowEntry ("we", "us", or "our") operates the website at flowentry.io and the associated charting application (collectively, "the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, username, and password (stored as a bcrypt hash — we never store your plain-text password)
  • Payment information: processed by Stripe (credit/debit card) or NOWPayments (cryptocurrency). We do not store your full card number, CVV, or bank details. We only store your Stripe customer ID for record-keeping.

2.2 Information Collected Automatically

  • Authentication cookies: we use HTTP-only secure cookies containing a JSON Web Token (JWT) to maintain your login session. These cookies are essential for the Service to function and cannot be opted out of while using authenticated features.
  • Basic server logs: IP addresses, request timestamps, and user-agent strings may be logged by our server infrastructure for security and debugging purposes.

2.3 Information We Do NOT Collect

  • We do not use tracking cookies, analytics pixels, or advertising trackers
  • We do not collect your trading activity, exchange credentials, or wallet addresses
  • We do not use Google Analytics or any third-party analytics service
  • We do not collect location data beyond what your IP address implies

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your user account
  • Authenticate you when you log in
  • Process payments and manage your subscription status
  • Provide access to paid features based on your subscription tier
  • Generate Telegram invite links for paid subscribers
  • Respond to your support inquiries
  • Detect and prevent fraud or abuse of the Service

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share your information only in these limited circumstances:

  • Stripe: your email and payment details are shared with Stripe to process card payments. See Stripe's Privacy Policy.
  • NOWPayments: your payment amount and order ID are shared with NOWPayments for cryptocurrency payments. See NOWPayments' Privacy Policy.
  • Cloudflare: our website traffic passes through Cloudflare for DNS, SSL, and DDoS protection. See Cloudflare's Privacy Policy.
  • Legal requirements: we may disclose information if required by law, court order, or governmental regulation.

5. Data Storage & Security

Your account data is stored in a SQLite database on our secure server. We implement the following security measures:

  • Passwords are hashed with bcrypt (never stored in plain text)
  • Authentication uses HTTP-only, secure, SameSite cookies
  • API endpoints are protected with rate limiting
  • Security headers are enforced via Helmet.js
  • Input validation and XSS sanitization on all user inputs
  • HTTPS encryption on all connections via Cloudflare SSL

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except for records we are required to maintain for legal, tax, or accounting purposes.

Payment records (transaction IDs, amounts, dates) may be retained for up to 7 years for tax and accounting compliance.

7. Your Rights

You have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and personal data
  • Data portability: request your data in a machine-readable format

To exercise any of these rights, contact us via Telegram at @theproff2. We will respond to your request within 30 days.

8. Cookies

We use only essential cookies required for the Service to function:

  • Authentication cookie (JWT): an HTTP-only, secure cookie that maintains your login session. This cookie is set when you log in and cleared when you log out. It contains an encrypted token — no personal data is stored in the cookie itself.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can take steps to remove it.

10. International Users

Our servers are located in Europe. If you access the Service from outside this region, your information may be transferred to, stored, and processed in a country with different data protection laws than your own. By using the Service, you consent to such transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

For questions about this Privacy Policy or your personal data, contact us via Telegram at @theproff2.

← Back to Home