Privacy Policy

Effective Date: April 1, 2026

Last Updated: April 1, 2026

Welcome to flexyflow (hereinafter, “we”, “us”, “our”, “flexy”, “the Company”, or “the Organization”). The privacy of our users is a fundamental pillar of our business philosophy. We are deeply committed to protecting and respecting your personal information, and we believe that you, as a user, have absolute control over your data.

This Privacy Policy has been designed to be as clear, transparent, and accessible as possible, aligning our practices with the highest standards of data protection under Colombian law while maintaining a permissive and user-friendly approach.

Our website https://www.flexyflow.co (hereinafter, the “Website”) and associated services are designed to offer you the best possible experience, with the least amount of restrictions and the greatest freedom of use permitted by law.

This policy is governed by Law 1581 of 2012 (General Personal Data Protection Regime in Colombia), Decree 1377 of 2013 (Partial Regulation of Law 1581), Law 1266 of 2008 (Habeas Data), Decree 1759 of 2016 (Regulation of Decree 1074 of 2015 regarding personal data protection), External Circular 002 of 2015 from the Superintendence of Industry and Commerce, and all other related and amending regulations governing the protection of personal data in the Republic of Colombia.

1. Data Controller Information

flexyflow Email: info@flexyflow.co
Phone: +57 318 868 6712
Address: Valle del Cauca, Colombia

Website: https://www.flexyflow.co

The responsible party for the processing of your personal data is flexyflow, acting as the owner and manager of information under the terms established by current Colombian legislation.

2. Important Definitions

For the purposes of this Privacy Policy, the following definitions established in Law 1581 of 2012 and its regulatory decree shall apply:

Personal Data: Any information linked or that can be associated with one or more determined or determinable natural persons.
Sensitive Personal Data: Those that affect the data subject’s privacy or whose improper use may result in discrimination.
Public Data: Data that the law has declared as public or that are not considered sensitive.
Database: An organized set of personal data undergoing processing.
Data Subject: The natural person whose personal data is subject to processing.
Data Controller: The natural or legal person that decides on the database and/or the processing of data.
Data Processor: The natural or legal person that processes personal data on behalf of the controller.
Processing: Any operation or set of operations on personal data such as collection, storage, use, circulation, or deletion.
Authorization: Prior, express, and informed consent of the data subject for the processing of their personal data.
Habeas Data: A fundamental right that allows the data subject to access, update, correct, and delete their personal data.

3. Principles Governing Data Processing

At flexyflow, We faithfully adhere to the principles established in Article 4 of Law 1581 of 2012, which means:

3.1 Principle of Legality

All personal data processing is carried out in strict accordance with current legal provisions and prior authorizations granted by the data subjects.

3.2 Principle of Purpose

The processing of your personal data has specific, legitimate, and express purposes that you are aware of and accept. We use your information to provide you with an exceptional service and continuously improve your experience with us.

3.3 Principle of Freedom

The processing of your personal data may only be carried out with prior, express, and informed authorization from the data subject. We value your autonomy and fully respect your decisions about your data.

3.4 Principle of Veracity or Quality

We strive to maintain accurate, complete, exact, and updated data. The quality of your information is important to us, and we invite you to keep us informed of any changes.

3.5 Principle of Transparency

We guarantee the data subject’s right to obtain information about their personal data undergoing processing. You may access, know, and verify how we have processed your information at all times.

3.6 Principle of Restricted Access and Circulation

Your personal data may only be accessed and processed by persons authorized by you or by law. However, we believe in transparency, so you may request access to your information at any time.

3.7 Principle of Security

We implement reasonable and appropriate technical, administrative, and organizational security measures to protect your personal data against unauthorized access, loss, misuse, alteration, or destruction. We are constantly improving our security systems.

3.8 Principle of Confidentiality

We guarantee that your personal data will be processed in a strictly confidential manner by our team and any third parties involved in its processing, who have signed confidentiality agreements and committed to complying with our data protection policies.

4. Information We Collect

At flexyflow, We collect information transparently and always with your knowledge. The types of information we may collect include:

4.1 Personal Information You Provide to Us

4.1.1 Basic Identification Data

Full name
First and last names
Date of birth
Identification document number (citizen ID card, passport, etc.)
Place of issue of the document
Gender
Photograph (if you choose to provide it)
Nickname or username

4.1.2 Contact Information

Primary email address
Additional email addresses
Mobile phone number
Landline phone numbers
Complete postal address
Billing address
Delivery address
City, department, and country of residence
Postal code

4.1.3 Financial and Payment Information

Credit or debit card information (processed securely by our payment providers)
Bank account numbers (when necessary for transfers)
Alternative payment method information (PayPal, Nequi, Daviplata, etc.)
Transaction history
Invoices and payment receipts
Billing and tax information
Tax identification number (NIT)

4.1.4 Professional and Employment Information

Name of the company or organization
Position or job title
Department
Employee number (if applicable)
Corporate email
Corporate phone
Company address
Business sector
Industry
Company size
Previous work experience (if provided through our careers portal)

4.1.5 Preference and Interest Information

Product and service preferences
Stated interests
Comments and opinions you voluntarily share
Survey and questionnaire responses (when you choose to participate)
Suggestions and recommendations
Communication preferences

4.1.6 User-Generated Content

Comments on our blog or forums
Product or service reviews
Messages sent through our contact forms
Direct communications with our team
Photographs or images you send us
Any other content you choose to share with us

4.2 Information Collected Automatically

4.2.1 Technical and Device Information

Internet Protocol (IP) address
Browser type and version
Operating system
Device used (computer, mobile phone, tablet, etc.)
Unique device identifier (Device ID)
Device manufacturer
Device model
Screen resolution
Preferred browser languages
Time zone
Regional settings

Pages visited
Time spent on each page
Order of pages visited
Date and time of access
Referring website (how you arrived at our site)
Searches performed within the site
Downloads and files accessed
Videos watched
Interactions with site elements (buttons, forms, etc.)
Browsing history
User preferences
Cookies and similar technologies

4.2.3 Location Information

General location based on IP address
Approximate city and country
Location coordinates (if you provide explicit permission)
Time zone information

4.2.4 Log Data

Server logs
Error logs
Security logs
Performance logs

4.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

Social networks (when you connect or interact with us through them)
Analytics service providers
Business partners and affiliates
Public access sources
Public databases
Credit bureaus (with your prior authorization, if applicable)

4.4 Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to provide and improve our services. We define our cookie policy in a broad and permissive manner:

4.4.1 What are Cookies?

Cookies are small text files stored on your device when you visit our Website. We also use similar technologies such as pixels, tags, local shared objects, scripts, and other tracking technologies.

4.4.2 Types of Cookies We Use

A) Essential Cookies (Always Active) These cookies are strictly necessary for the Website to function correctly. They are automatically activated and cannot be deactivated because they are necessary for:

Basic site operation
Remembering your session preferences
Keeping you logged in while browsing
Processing your requests and transactions
Ensuring site security Note: These cookies are necessary for site operation and do not require your explicit consent.

B) Performance and Analytics Cookies We use analytics cookies to understand how visitors interact with our Website:

Google Analytics (with IP anonymization)
Google Search Console
Facebook Pixel
Remarketing pixels
Heatmap and session recording cookies
A/B testing cookies
Traffic analysis cookies These cookies help us understand what works well and what we can improve.

C) Functionality Cookies These cookies allow the Website to remember your choices and provide enhanced features:

Remembering your preferred language
Remembering your location
Remembering your theme preferences
Remembering form data
Showing personalized notifications
Saving accessibility settings

D) Marketing and Advertising Cookies We use marketing cookies to show you relevant advertisements:

Google Ads
Facebook Ads
Instagram Ads
Remarketing cookies
Conversion tracking cookies
Ad preference cookies
DoubleClick cookies These cookies may track your browsing habits to show you personalized advertising.

E) Social Media Cookies To allow you to share content on social networks:

Facebook Connect
Instagram
LinkedIn
Twitter
YouTube
Share buttons cookies

F) Additional Third-Party Cookies We may use cookies from other services that offer additional functionalities:

Live chat
Embedded videos
Interactive maps
Weather services
Calculators and tools

You have full control over cookies and can:

Accept all cookies with a single click
Reject all non-essential cookies
Configure your cookie preferences granularly
Change your preferences at any time from our cookie banner
Configure preferences from your browser
Delete existing cookies

Note that rejecting certain cookies may affect Website functionality. We are very permissive with the use of cookies because we believe they improve your experience.

4.5 Sensitive Personal Data

We generally do not collect sensitive personal data. However, if at any point we need to collect this type of data, we will do so only:

With your express and informed authorization
When necessary to provide you with a specific service
When permitted by law

Examples of sensitive data we do NOT collect unless you voluntarily provide it with authorization:

Racial or ethnic origin
Political orientation
Religion or other beliefs
Union membership
Health data
Biometric data
Sexual life

If you voluntarily provide us with this type of information, we will understand that you have granted express authorization for its processing.

5. How We Use Your Information

At flexyflow, We use your information flexibly and always oriented to offering you the best possible service. We use your information for:

5.1 Provision of Services

Processing and managing your service requests
Executing transactions and payments
Issuing invoices, receipts, and related documents
Managing your account and user profile
Providing technical support and customer service
Resolving questions, complaints, and claims
Processing returns and refunds (when applicable)
Communicating with you about your requests
Managing reservations, appointments, or schedules (if applicable)

5.2 Service Improvement

Analyzing Website and service usage
Identifying areas for improvement
Developing new features and services
Personalizing your user experience
Remembering your preferences
Offering relevant content and recommendations
Conducting tests and quality improvements
Optimizing Website performance
Correcting errors and technical issues

5.3 Communication and Marketing

Sending newsletters and bulletins (if subscribed)
Communicating promotions, offers, and discounts
Informing about new products or services
Sending Website updates
Notifying about policy or terms changes
Conducting satisfaction surveys
Requesting reviews and comments
Sending personalized communications based on your interests
Showing relevant advertisements on other platforms
Performing remarketing and retargeting

5.4 Legal Compliance and Security

Complying with legal and regulatory obligations
Responding to requests from competent authorities
Protecting our rights and yours
Preventing and detecting fraud
Preventing and detecting misuse
Detecting and resolving security issues
Verifying identities
Preventing spam and abuse
Monitoring compliance with our terms
Managing disputes and litigation
Cooperating with law enforcement when required by law

5.5 Basis for Processing

We carry out the processing of your personal data under the following legal bases, in a very broad and permissive manner:

Your prior, express, and informed authorization at all times
Execution of a contract to which you are a party, when applicable
Compliance with a legal obligation applicable to us
Protection of fundamental rights recognized in the Constitution
Legitimate interest of the company, as long as it does not prevail over your rights
Safeguarding public interest or the life of a natural person
Historical, statistical, or scientific purposes when applicable

At flexyflow, We are very open about who we share your information with and believe in collaboration. Your information may be shared with:

6.1 Service Providers and Business Partners

We share information with companies that help us operate our business and provide you with services:

Hosting and server providers
Payment service providers (payment gateways, payment processors)
Email marketing and automation services
CRM and customer management providers
Data analytics services
Live chat and customer support providers
Cloud storage services
Backup and data recovery services
Communication tools (Slack, Microsoft Teams, etc.)
SMS and messaging service providers
Accountants and financial service providers
Legal and accounting advisors
Marketing and advertising agencies
Social media platforms

All these providers have agreed to maintain the confidentiality and security of your information and are contractually obligated to use it only for the purposes we specify.

6.2 Authorities and Government Entities

We may share information with:

Superintendence of Industry and Commerce (SIC)
Attorney General’s Office
Judges and courts of the Republic of Colombia
Regulatory and supervisory authorities
Military and police forces
Control and surveillance entities
National Civil Registry (when necessary)
DIAN (Colombian Tax and Customs Authority)
Consumer protection entities
Ombudsman’s Office
Municipal ombudsmen
Any authority requiring information pursuant to law

6.3 Corporate Operations

In the event that flexyflow participates in:

Mergers and acquisitions
Corporate reorganization
Sale of assets or business units
Transfer of assets in case of bankruptcy or insolvency
Any type of corporate transaction

We will share your information with potential buyers, investors, or business partners involved in such processes, under strict confidentiality agreements.

6.4 Protection of Rights

We may share information when we believe in good faith that it is necessary to:

Protect our rights, privacy, security, or property
Protect other users or the general public
Prevent fraud or illegal activities
Respond to emergencies
Enforce our terms and conditions
Comply with judicial or extrajudicial requests

In addition to the above, we may share your information with any third party when you expressly authorize us to do so.

7. International Data Transfer

We may transfer your information to countries outside of Colombia. When we transfer data internationally, we ensure that:

The destination country provides an adequate level of data protection
The recipient has signed a confidentiality agreement
All provisions of Law 1581 of 2012 and Decree 1377 of 2013 are complied with
Your authorization is obtained when required by law

Countries where we may process your information include, but are not limited to: United States, Spain, Germany, United Kingdom, Canada, Argentina, Mexico, Brazil, Chile, Peru, Ecuador, and other countries where our service providers have operations.

By providing us with your information, you expressly consent to this international data transfer.

8. Data Retention

We retain your information for as long as necessary for the purposes described in this policy. Our retention period is very flexible:

8.1 Criteria for Determining the Retention Period

We consider the following criteria:

The nature and type of information
The purposes for which we process it
The legal obligations applicable to us
The need to provide future services
Your expressed preferences
Applicable statutes of limitations
Industry practices

8.2 Retention Periods

Generally:

User account data: while the account is active and for a reasonable period after closure
Transaction history: minimum 5 years in accordance with Colombian accounting and tax regulations
Communication data: minimum 3 years for inquiries and support
Navigation logs: minimum 1 year for analysis and security
Cookies: according to your browser settings and our policies
Marketing data: while you have an active subscription or until you request deletion

8.3 Data Deletion

When we no longer need your information, we will delete it securely. However, we may retain certain data:

To comply with legal obligations
To resolve disputes
To enforce our rights
For technical reasons (backup, log files, etc.)
While a request from you is pending

You may request deletion of your data at any time, subject to legal exceptions.

9. Your Rights as a Data Subject

As a personal data subject, you have broad and profound rights under Colombian legislation. At flexyflow, We respect them all and facilitate their exercise in an agile manner:

9.1 Right to Knowledge (Art. 14, Law 1581)

You have the right to know what personal data we have about you, how we are processing it, and the conditions of such processing.

9.2 Right to Access (Art. 14, Law 1581)

You have the right to access your personal data undergoing processing. You may request a copy of all your information in a readable format.

9.3 Right to Update (Art. 14, Law 1581)

You have the right to update your personal data when it is inaccurate, incomplete, or outdated.

9.4 Right to Correction (Art. 14, Law 1581)

You have the right to correct your personal data when you believe there are errors in the information we handle.

9.5 Right to Deletion (Art. 15, Law 1581)

You have the right to request the deletion of your personal data when:

You believe it is not being used for authorized purposes
Authorization has been revoked (except when there is a legal obligation to retain it)
It is appropriate pursuant to law
The data is no longer necessary for the purposes for which it was collected

Note that we may retain certain data according to legal exceptions.

9.6 Right to Revoke Authorization (Art. 15, Law 1581)

You may revoke at any time the authorization you have granted us for the processing of your personal data, as long as there is no legal obligation to maintain the processing.

9.7 Right to File Complaints and Claims (Art. 16, Law 1581)

You have the right to file complaints and claims before:

flexyflow: as the first step to resolve any concerns
Superintendence of Industry and Commerce (SIC): as the controlling authority

9.8 Right to Request Proof of Authorization

You have the right to request proof that we have obtained your authorization for the processing of your data.

9.9 Right to Indemnification

You have the right to be compensated for moral and material damages that may result from the improper processing of your personal data.

9.10 Right to Habeas Data (Art. 15, Political Constitution)

This fundamental right allows you to dispose of your data as you see fit, within the limits established by law.

9.11 Right to Independence

You have the right for your data to be used freely, without being subject to automated decisions that significantly affect you.

9.12 Right to Submit Petitions

You may exercise your rights through petitions, queries, or claims. We will respond to your requests in an agile manner.

10. How to Exercise Your Rights

To exercise any of your rights, you may:

10.1 Email

Send an email to: info@flexyflow.co Subject: “Habeas Data Rights Request” or “Exercise of Data Subject Rights”

10.2 Web Form

Complete the contact form available on our Website.

10.3 Written Communication

Send written communication to our address: flexyflow Valle del Cauca, Colombia

10.4 Request Requirements

To process your request, we may require:

Your full name
Identification document number
Email address associated with your account
Clear description of your request
Any documents proving your identity

10.5 Response Times

We will respond to your requests within the following timeframes:

Queries: maximum 10 business days
Claims: maximum 15 business days
Deletion requests: maximum 15 business days

If we cannot respond within these timeframes, we will inform you of the reasons and the estimated timeframe.

10.6 Free of Charge

The exercise of your rights is completely free of charge. We do not charge any fee for processing your requests.

11. Data Security

We implement robust and constantly improving security measures to protect your information:

11.1 Technical Measures

SSL/TLS encryption for secure transmissions
Data encryption at rest
Firewalls and perimeter protection systems
Intrusion detection and prevention systems
Updated antivirus and anti-malware
Two-factor authentication (for administrative access)
Automatic and secure backups
Continuous system monitoring
Current security certificates
Updated security protocols

11.2 Administrative Measures

Information security policies
Confidentiality agreements with employees and contractors
Data protection training
Role-based access control
Periodic security audits
Incident response procedures
Periodic risk assessments
Evaluated and certified providers

11.3 Organizational Measures

Team dedicated to data protection
Organization structure oriented toward security
Security culture among our collaborators
Constant policy review and update

11.4 Limitations

Although we implement all reasonable measures, no system is completely impenetrable. Therefore, we cannot guarantee absolute security, but we are constantly working to improve.

12. Minors

12.1 Age Restrictions

Our services are NOT directed to minors under 18 years of age. We do not intentionally collect personal data from minors.

12.2 Exceptional Situations

If in any exceptional case we need to process data from minors, we will do so only:

With express authorization from the parent, guardian, or legal representative
When strictly necessary for the provision of the service
When permitted by law
Always prioritizing the best interests of the minor

12.3 If We Are Notified

If we become aware that we have collected data from a minor without proper parental authorization, we will delete such information from our systems as soon as possible.

12.4 Inappropriate Content

We do not allow minors under 18 to publish inappropriate content on our Website.

13. Links to Third-Party Websites

13.1 External Content

Our Website may contain links to third-party websites, including:

Social networks (Facebook, Instagram, LinkedIn, Twitter, YouTube)
Blogs and content sites
Online stores and marketplaces
Payment services
Analytics tools
Other external websites

13.2 We Are Not Responsible

flexyflow is not responsible for:

The privacy practices of third-party sites
The content of external sites
The use of cookies by third parties
The terms and conditions of external sites
The security of external sites

13.3 Recommendation

We recommend reviewing the privacy policies of any third-party sites before providing them with personal information.

13.4 Third-Party Services

We use third-party services that may also collect information:

Google Analytics
Google Ads
Facebook Pixel
Stripe / PayU / other payment processors
Email marketing services

The practices of these services are governed by their own privacy policies.

When you interact with us through social networks:

We may access your public profile information
We may collect information about your interactions with our posts
We may receive messages and comments you send

When you share content from our Website on social networks:

The information is governed by the policies of the corresponding social network
You are responsible for configuring your privacy options on those platforms

We are not responsible for the data processing carried out by:

Facebook (Meta)
Instagram
LinkedIn
Twitter
YouTube
TikTok
WhatsApp
Other social networks

15. Modifications to This Policy

15.1 Right to Modification

flexyflow reserves the right to modify, update, or amend this Privacy Policy at any time, without prior notice, when we consider it necessary.

15.2 Updates

We may update this policy to:

Reflect changes in our practices
Adapt to new legal requirements
Incorporate improvements and best practices
Correct inaccuracies or errors

15.3 Notification of Changes

Changes will be communicated through:

Publication of the new version on our Website
Update of the “Last Updated” date
Notification by email (if we have your address)
Notice on our cookie banner (if the change affects cookies)
A visible notice on the Website

15.4 Your Responsibility

We recommend periodically reviewing this Privacy Policy to be aware of any modifications. Continued use of our Website after any change constitutes your acceptance of the new policy.

15.5 Previous Versions

We retain previous versions of this policy for your reference. You may request access to previous versions if you wish.

16. Acceptance of This Policy

16.1 Expression of Acceptance

By accessing, using, or browsing our Website, by providing us with your personal data, by creating an account, by contracting our services, by subscribing to our newsletter, or by interacting in any other way with us, you express:

That you have read, understood, and accept this Privacy Policy in its entirety
That you expressly authorize flexyflow to process your personal data as described herein
That you are over 18 years of age or have authorization from your legal representative
That the data you have provided is true, complete, and current

16.2 Non-Acceptance

If you do not agree with any part of this Privacy Policy, we request that you:

Refrain from using our Website
Not provide us with your personal data
Contact us to express your concerns

When the processing of your data requires your explicit consent, we will request it clearly and separately before carrying out such processing.

17. Legislative Reference

This policy has been prepared in accordance with:

Political Constitution of Colombia (Articles 15, 20, and 74)
Law 1581 of 2012 (General Personal Data Protection Regime)
Decree 1377 of 2013 (Partial Regulation of Law 1581)
Decree 1074 of 2015 (Single Regulatory Decree for Commerce, Industry, and Tourism Sector)
Decree 1759 of 2016 (Amendments to Decree 1074)
Law 1266 of 2008 (General Habeas Data Provisions)
External Circular 002 of 2015 from the Superintendence of Industry and Commerce
Rulings of the Constitutional Court on personal data protection
SIC Treatment Guide for Personal Data
SIC Self-Regulatory Guides on personal data databases and treatment policies

18. Applicable Law and Jurisdiction

18.1 Applicable Law

This Privacy Policy is governed by and interpreted in accordance with the laws of the Republic of Colombia.

18.2 Jurisdiction

Any dispute related to this policy, the processing of your personal data, or the exercise of your rights as a data subject will be submitted to:

The judges and courts of the Republic of Colombia
The Superintendence of Industry and Commerce (SIC) as the controlling authority
Alternative dispute resolution mechanisms established by law

18.3 Language

This policy is written in English. In case of translation to another language, the Spanish version shall prevail.

19. Contact Information

For any inquiry, request, claim, complaint, or to exercise your rights as a personal data subject, you may contact us:

flexyflow

Email: info@flexyflow.co Phone: +57 318 868 6712 WhatsApp: +57 318 868 6712 Address: Valle del Cauca, Colombia

Business Hours: Monday to Friday, 8:00 AM - 6:00 PM (Colombia time) Website: https://www.flexyflow.co

Our data protection team is available to assist you and answer all your questions.

20. Final Provisions

20.1 Severability

If any provision of this policy is declared invalid or unenforceable, the remaining provisions shall remain valid and applicable to the maximum extent permitted by law.

20.2 No Waiver

The fact that we do not enforce any right or provision of this policy shall not constitute a waiver of such right or provision.

20.3 Entire Agreement

This policy, together with the Terms and Conditions of Use and any other document referred to herein, constitutes the complete agreement between you and flexyflow regarding the processing of your personal data.

20.4 Interpretation

Section titles in this policy are for reference only and shall not affect the interpretation thereof.

By reading and accepting this policy, you broadly and expressly consent to flexyflow:

Collecting, storing, using, circulating, and deleting your personal data according to the purposes described
Performing any personal data processing necessary to provide you with services
Sending marketing communications, promotions, and advertising
Sharing your data with the third parties described in this policy
Using cookies and tracking technologies
Transferring your data internationally
Performing profiling and automated decisions to personalize your experience
Keeping your data for the periods described
Publishing your public profile information on our Website (if applicable)
Contacting you by any means of communication you have provided

This consent is broad, free, voluntary, informed, express, and unequivocal.

Thank you for trusting flexyflow.

Your privacy is important to us, and we are committed to protecting your personal data while offering you the best possible experience on our Website.