Flossom← Home

Privacy Notice

Last updated: May 23, 2026

1. Who we are

Flossom is operated by Simone Lisl Meuwese, an individual sole trader trading as Flossom ("Flossom", "we", "us"). We are the data controller responsible for your personal data when you use our website and app at flossom.app.

If you have any questions about this notice or want to exercise your rights, contact us at hello@flossom.app.

2. The data we collect

  • Account data — email address, hashed password (or third-party sign-in identifier), display name.
  • Service content — the threads, projects, shopping lists, custom threads, and notes you save in Flossom.
  • Support and contact data — messages you send us via the contact form or email.
  • Usage and device data — pages viewed, actions taken, browser type, device type, language, approximate location derived from IP, and timestamps. Used for analytics and security.
  • Cookies and local storage — essential session cookies, plus a small amount of local storage for preferences (e.g. low-stock alert toggle). See section 9.
  • Billing data — handled by Paddle (see section 5). We receive a customer ID, subscription status, plan, and renewal/end dates — not your card details.

3. Why we use your data and our legal basis

  • Provide the Service (account creation, storing your stash and projects, generating shopping lists) — performance of a contract.
  • Process payments and manage subscriptionsperformance of a contract; data sharing with Paddle is necessary for this.
  • Customer supportperformance of a contract and our legitimate interest in helping users.
  • Improve and secure the Service (analytics, debugging, fraud prevention) — our legitimate interest in running a reliable, safe product.
  • Transactional and product emails (sign-in, password reset, low-stock alerts you have enabled) — performance of a contract.
  • Legal obligations (tax, accounting, responding to lawful requests) — legal obligation.

4. Who we share data with

We share personal data only with the following categories of recipient, and only as needed:

  • Hosting and infrastructure providers — to host our database, authentication, and email infrastructure.
  • Paddle, our Merchant of Record — for the sale of Flossom Pro, subscription management, payments, tax compliance, invoicing and refunds. Paddle is an independent data controller for that processing. See Paddle's Privacy Notice.
  • Analytics and error-monitoring providers — to help us understand how the Service is used and to detect issues.
  • Email service providers — to deliver transactional and product emails.
  • Professional advisers (legal, accounting, tax) where reasonably needed.
  • Authorities where we are required to do so by law or to protect our rights.

We do not sell your personal data.

5. International transfers

Some of our service providers (including Paddle and our hosting providers) may process data outside the UK and EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or applicable adequacy decisions.

6. How long we keep your data

We keep your account and Service content for as long as your account is active. If you close your account, we delete or anonymise your data within a reasonable period, except where we need to retain it to comply with legal obligations (for example, tax and billing records kept for the period required by law).

7. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data deleted ("right to be forgotten");
  • restrict or object to certain processing;
  • receive a portable copy of your data;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with your local data protection authority.

To exercise these rights, email hello@flossom.app. We will respond within one month.

8. Security

We use appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and row-level security on the database. No system is 100% secure; if you believe your account has been compromised, contact us immediately.

9. Cookies and local storage

Flossom uses a small number of strictly necessary cookies and similar technologies to keep you signed in and remember basic preferences. We use privacy-respecting analytics to understand aggregate usage. We do not use advertising or cross-site tracking cookies. You can clear cookies and local storage at any time from your browser settings; doing so will sign you out and reset preferences.

10. Children

Flossom is not directed at children under 16. If you believe a child has provided personal data to us, contact us and we will delete it.

11. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or by email where appropriate.