Logo
  • Features
  • Integrations
  • Pricing
  • Resources Alternate Text
    • Tutorials
    • Documentation
  • About
Contact Sales Log In Sign Up
IT | EN
Version: 2026-05-07 · Last updated: 2026-05-07 · DRAFT — pending lawyer review

Privacy Policy

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by 101/2018 ("Italian Privacy Code"), this notice describes how we process your personal data.

1. Data controller

Everywhere S.r.l.
VAT: 07050840961
Registered office: [lawyer to complete]
Email: privacy@ew-flow.com
DPO: dpo@ew-flow.com (appointment under review — see lawyer brief)

2. Categories of data processed

  • Account data: email, given name, surname, phone (optional), Azure AD B2C identifier, profile preferences.
  • Billing data: legal name, billing address, VAT, fiscal code, SDI recipient code, Stripe customer ID. We do not store payment card data — payments are processed by Stripe.
  • Service usage data: workflow definitions, execution logs, AI agent conversations, workspace events.
  • Technical data: IP address (truncated where possible), user-agent, authentication logs.
  • Consent records: timestamped acceptances with IP and user-agent.

3. Purposes and legal bases

PurposeLegal basis
Service provision (signup, authentication, workspace management)Art. 6(1)(b) GDPR — contract
Billing and tax obligationsArt. 6(1)(c) GDPR — legal obligation (Italian Civil Code art. 2220)
IT security and fraud preventionArt. 6(1)(f) GDPR — legitimate interest
AI Agent (in-app assistant)Art. 6(1)(b) + 6(1)(f), with explicit acknowledgement at first use
Marketing communications (newsletter, product updates)Art. 6(1)(a) GDPR — explicit consent (opt-in)
Operational telemetry (Application Insights)Art. 6(1)(f) for authenticated users; consent for public-site visitors

4. Recipients and processors

Your data may be processed by service providers acting as processors under Art. 28 GDPR. See the full list at Sub-processors.

  • Microsoft Azure (hosting, database, authentication, telemetry) — Italy (Italy North region).
  • Stripe Payments Europe Ltd (billing) — Ireland; some processing in the US under DPF.
  • [LLM provider for AI Agent — to be defined]

5. International transfers

Data is primarily processed in Italy (Azure "Italy North"). For any transfers to third countries (e.g. Stripe, LLM provider), we rely on Standard Contractual Clauses approved by the European Commission or the EU-US Data Privacy Framework.

6. Retention periods

  • Account data: for the duration of the contract; on deletion request: 30-day grace period, then anonymisation.
  • Billing data: 10 years per Italian Civil Code.
  • AI Agent conversations: 12 months default (configurable).
  • Workflow execution logs: 90 days default (configurable per plan).
  • Consent records: for the duration of the consent plus statute of limitations.
  • Security incident logs: indefinite (compliance evidence).

7. Data subject rights (Arts. 15–22 GDPR)

You have the right to:

  • Access your data (Art. 15) — available at Account → Privacy & Data → Download my data.
  • Rectify inaccurate data (Art. 16) — editable from the Account page.
  • Request erasure (Art. 17) — at Account → Privacy & Data → Delete account.
  • Restrict processing (Art. 18).
  • Receive your data in a structured format (Art. 20) — same export as Art. 15.
  • Object to processing (Art. 21).
  • Not be subject to significant automated decisions (Art. 22).
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with the Garante per la protezione dei dati personali (www.gpdp.it).

To exercise your rights, write to privacy@ew-flow.com.

8. Automated decision-making and profiling

The AI Agent in the platform produces automated suggestions. This is an assistive feature: the user decides whether to apply suggestions and no decisions with legal or similarly significant effects are taken automatically. Further details are shown at first use of the AI Agent.

9. Minors

The service targets B2B users. In Italy the minimum age for autonomous digital consent is 14 (D.Lgs. 101/2018). We do not knowingly collect data from individuals under that age.

10. Cookies

Our use of cookies is described in the Cookie Policy.

11. Changes

This policy may be updated. The current version is 2026-05-07. Where changes are substantial we will request a new acknowledgement.

footer logo

EW-Flow is a product of Everywhere Srl ©2026. All rights reserved.

Everywhere srl P.Iva: 07050840961. support@ew-flow.com

linkedin-icon
  • Product
  • Features
  • Solutions
  • Pricing
  • Integrations
  • Resources
  • Documentation
  • Guide
  • Company
  • About Us
  • Careers
  • Contact
  • Legal
  • Privacy Policy
  • Cookie Policy
  • Terms of Service
  • Sub-processors
  • Cookie Preferences