FlowLeapFlowLeap
  • Télécharger
  • À propos
  • Tarifs
Se connecterS'inscrire

Produit

Vue d'ensembleAgent de brevetsCLIMCPPlace de marchéVersions
TéléchargerÀ propos

Ressources

BlogDocumentationApprendre(bientôt disponible)Communauté(bientôt disponible)Carrières(bientôt disponible)
Tarifs
Se connecterS'inscrire

Privacy Policy

Last updated: 10 July 2026

This Privacy Policy explains how Flow Leap SASU ("FlowLeap", "we", "us") collects, uses, shares, and protects personal data when you use the FlowLeap desktop application, website at flowleap.co, dashboard, API, and related services (the "Service").

We are committed to protecting your privacy and the confidentiality of your patent work. We do not use your content to train AI models (see Section 5).

This policy is written for the European Union General Data Protection Regulation (GDPR) and French data-protection law, overseen by the CNIL.

1. Who is responsible for your data

For personal data processed through the Service, the data controller is:

Flow Leap SASU — registered in the French National Business Register (RNE) under SIREN 988 064 721, with head-office SIRET 988 064 721 00018, VAT number FR81 988 064 721, and registered office at 47 rue Marcel Bonnet, 94230 Cachan, France.

Privacy contact: contact@flowleap.co

Where we process personal data on behalf of an Organization (for example, content submitted by an Organization's members in the course of their work), we generally act as a data processor for that Organization, which is the controller of that data. In that case, our Data Processing Agreement governs that processing, and you should also consult your Organization's own privacy notice.

2. Scope

This policy covers personal data of account holders, Organization members, website visitors, and people who contact us. It does not cover third-party websites or services we link to, or the Model Provider and agent harness accounts you choose to connect, which have their own policies.

3. What data we collect

Data you provide:

  • Identity and account data — name, email address, and authentication details (managed via our identity provider, Clerk).
  • Organization data — Organization name, your role, membership, and settings.
  • Billing data — subscription plan, billing details, and invoices (payments are handled by our payment provider, Polar; we do not store full card numbers).
  • Your Content — the Inputs you submit (prompts, instructions, documents, prior-art references, drafts, claims) and the Outputs generated for you.
  • Support and communications — messages you send us and related details.

Data collected automatically:

  • Technical data — IP address, device and browser information, and application version.
  • Usage data — feature usage, request counts, tool activity, diagnostics, and activity/audit events.
  • Cookies and similar technologies — as described in Section 11.

We do not intentionally collect special-category personal data, and you should avoid submitting it as Input unless necessary and lawful.

4. How and why we use your data (purposes and lawful bases)

PurposeExamplesLawful basis (GDPR Art. 6)
Provide the ServiceAuthenticate you, run AI features and patent-data tools, return Outputs, and manage OrganizationsPerformance of a contract
Billing and paymentsProcess subscriptions, invoices, taxesContract; legal obligation
Security and abuse preventionProtect accounts, detect and prevent fraud and misuse, maintain audit logsLegitimate interests; legal obligation
SupportRespond to your requestsContract; legitimate interests
Service improvement (aggregated)Anonymous/aggregated statistics and diagnostics — not model trainingLegitimate interests
CommunicationsService and security noticesContract / legitimate interests
Marketing (if any)Product news, newslettersConsent (you can opt out anytime)
Legal compliance and disputesComply with law, enforce our Terms, establish or defend legal claimsLegal obligation; legitimate interests

Where we rely on legitimate interests, we balance them against your rights and have concluded our interests do not override them; you may object (see Section 12).

5. Your Content: our commitments

5.1 We do not train on your content. We do not use your Inputs or Outputs to train, fine-tune, or improve any AI models, and our agreements with AI Service Providers prohibit them from using your content to train their models. Your chosen Model Provider processes primary inference under its own terms.

5.2 Confidentiality. We treat Your Content as confidential. Access is limited to personnel and sub-processors who need it to provide the Service, under confidentiality obligations.

5.3 Primary model inference. Primary model inference uses the Model Provider account, credentials, or agent harness you select. FlowLeap does not proxy or pay for that model usage. Your selected provider processes those requests under your separate agreement with it, including its privacy, retention, and training terms.

5.4 FlowLeap-managed AI tools. Some features, including query building, analysis, embeddings, and OCR, may send relevant content to the AI Service Providers listed in Section 7. They process that content to provide the requested feature under FlowLeap's instructions.

5.5 You stay in control. You can access, export, and delete Your Content from the Service, subject to limited backup and legal-retention periods (Section 9).

6. We do not sell your data

We do not sell your personal data, and we do not use Your Content for advertising or to build advertising profiles.

7. Sharing and sub-processors

Your chosen Model Provider or agent harness processes primary inference under your separate relationship with it. User-selected BYOK providers are therefore not included in FlowLeap's subprocessor table for primary inference. If FlowLeap separately engages the same company for a FlowLeap-managed feature, that separate processing relationship appears below.

We share personal data only as needed to run FlowLeap-managed parts of the Service, with providers bound by data-protection terms, and with authorities where required by law. Our key sub-processors are:

Sub-processorPurposeLocationNotes
AnthropicSelected server-side query building and analysisUSANo training under FlowLeap's provider terms
OpenAISelected server-side query building, analysis, and embeddingsUSANo training under FlowLeap's provider terms
Mistral AIDocument OCREU (France)No training under FlowLeap's provider terms
ClerkAuthentication and account managementUSA—
PolarPayments and billingUSACard data handled by the payment provider
VercelApplication hosting and deliveryUSA—

We may also share data with professional advisers, and with authorities, courts, or regulators (including the CNIL) where legally required, and in connection with a merger, acquisition, or sale of assets (with notice where required).

Patent-data queries are transmitted to the data services needed to fulfil your request, including EPO OPS and USPTO ODP. When you supply your own patent-data credentials, they are forwarded to the relevant service for authentication and are not persisted by FlowLeap.

We keep an up-to-date list of sub-processors and will update this policy when it changes.

8. International data transfers

Some of our sub-processors are located outside the European Economic Area (notably in the United States). Where we transfer personal data outside the EEA, we rely on appropriate safeguards under the GDPR, primarily the European Commission's Standard Contractual Clauses, together with supplementary measures where appropriate. You can request more information about these safeguards using the contact details below.

9. Data retention

We keep personal data only as long as necessary for the purposes above, then delete or anonymize it. Indicative periods:

  • Your Content — until you delete it or your Account/Organization is terminated, subject to limited backups.
  • Account data — for the life of your Account, then deleted or anonymized within a reasonable period after closure.
  • Technical/usage logs — a limited rolling period for security and diagnostics.
  • Billing records and invoices — as required by French law (typically up to 10 years).
  • Support records — for a limited period after the matter is resolved.

10. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege access to Your Content. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a personal-data breach where the law requires.

11. Cookies

We use strictly necessary cookies to operate the Service and, with your consent where required, limited analytics. You can manage non-essential cookies through our cookie controls.

12. Your rights

Under the GDPR, you have the right to: access your data; rectify inaccurate data; erase data; restrict or object to processing (including processing based on legitimate interests); data portability; and to withdraw consent at any time where processing is based on consent. You also have the right not to be subject to solely automated decisions producing legal or similarly significant effects; we do not make such decisions about you.

To exercise your rights, contact us at contact@flowleap.co. We will respond within the time limits required by law. If your data is processed on behalf of an Organization, we may direct your request to that Organization as controller.

You also have the right to lodge a complaint with a supervisory authority — in France, the Commission Nationale de l'Informatique et des Libertés (CNIL), www.cnil.fr.

13. Children

The Service is for professional use by adults. It is not directed to children, and we do not knowingly collect personal data from anyone under 18.

14. Changes to this policy

We may update this policy as the Service evolves. For material changes, we will give reasonable notice (for example, by email or in-product notice). The "Last updated" date above shows the latest version.

15. Contact

Flow Leap SASU · SIREN: 988 064 721 · SIRET: 988 064 721 00018 · VAT: FR81 988 064 721 · 47 rue Marcel Bonnet, 94230 Cachan, France · Privacy and general contact: contact@flowleap.co

FlowLeapFlowLeap
XLinkedInInstagram

© 2026 Flow Leap SASU. Tous droits réservés.

contact@flowleap.co.Confidentialité.Conditions.Réponses.llms.txt.