FlowSystem AI Logo
Talk To The AI Talk to a Human

Compliance

Last Updated: February 10, 2026

Our Commitment to Compliance

At FlowSystem AI, we take compliance seriously. We are committed to maintaining the highest standards of data protection, privacy, and security to earn and keep our customers' trust. Our compliance program is built on industry-leading frameworks and continuously evolving to meet new regulatory requirements.

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for all customers in the European Economic Area (EEA) and United Kingdom. Our GDPR compliance includes:

  • Lawful basis for data processing under Article 6 of GDPR
  • Data Processing Agreements (DPAs) available for all enterprise customers
  • Right to access, rectification, erasure, and data portability
  • Privacy by design and by default in all product development
  • Data breach notification procedures compliant with Article 33
  • Designated Data Protection Officer (DPO) available for inquiries

CCPA Compliance

FlowSystem AI complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). California residents have the right to:

  • Know what personal information we collect, use, and share
  • Delete personal information held by us
  • Opt-out of the sale or sharing of personal information
  • Non-discrimination for exercising CCPA rights
  • Correct inaccurate personal information
  • Limit use and disclosure of sensitive personal information

To exercise these rights, contact us at tamara@flowsystem.ai

HIPAA Considerations

While FlowSystem AI is not specifically designed for healthcare providers handling Protected Health Information (PHI), we understand that some HVAC contractors may serve healthcare facilities. We implement administrative, physical, and technical safeguards that align with HIPAA security requirements:

  • End-to-end encryption of call recordings and transcripts
  • Access controls and authentication mechanisms
  • Audit logs for all data access and modifications
  • Business Associate Agreements (BAA) available for healthcare customers

Customers requiring HIPAA compliance should contact our enterprise team to discuss BAA arrangements.

SOC 2 Type II

FlowSystem AI is working toward SOC 2 Type II certification. Our security and compliance program is built on the five Trust Service Principles:

  • Security: Protection against unauthorized access
  • Availability: System availability for operation and use
  • Processing Integrity: Complete, valid, accurate, timely processing
  • Confidentiality: Protection of confidential information
  • Privacy: Collection, use, retention, and disclosure of personal information

SOC 2 reports will be available to enterprise customers under NDA upon certification completion.

Telephone Consumer Protection Act (TCPA)

FlowSystem AI helps customers comply with TCPA regulations governing automated calls and text messages:

  • Consent management for automated communications
  • Do Not Call (DNC) list integration capabilities
  • Call recording disclosure and consent mechanisms
  • Time-of-day calling restrictions
  • Opt-out mechanisms for automated messages

Customers are responsible for obtaining proper consent before using our automation features.

Data Residency

FlowSystem AI infrastructure is hosted in secure, SOC 2 certified data centers within the United States. Customer data is stored in:

  • Primary data center: US-East region
  • Backup data center: US-West region for disaster recovery
  • Data does not leave the United States unless explicitly configured
  • EU data residency available for enterprise customers upon request

Third-Party Audits

We conduct regular third-party security audits and penetration testing:

  • Annual penetration testing by certified security firms
  • Quarterly vulnerability assessments
  • Continuous automated security scanning
  • Independent privacy assessments

Industry Standards

Our compliance program incorporates recognized industry standards and frameworks:

  • NIST Cybersecurity Framework
  • ISO 27001 information security controls
  • CIS Critical Security Controls
  • OWASP security best practices for application development

Compliance Documentation

Enterprise customers can request the following compliance documentation:

  • Data Processing Agreement (DPA)
  • Business Associate Agreement (BAA) for HIPAA compliance
  • Security questionnaires and vendor assessments
  • Penetration testing reports (under NDA)
  • SOC 2 reports when available (under NDA)

Contact our sales team at tamara@flowsystem.ai to request compliance documentation.

Continuous Improvement

Compliance is an ongoing commitment. We continuously monitor regulatory changes and update our practices accordingly. Our compliance team regularly reviews:

  • Changes in privacy and security regulations
  • New industry standards and best practices
  • Customer feedback on compliance requirements
  • Incident response and lessons learned
  • Third-party vendor compliance posture

Contact Us

For compliance-related questions, data processing inquiries, or to request compliance documentation:

  • Email: tamara@flowsystem.ai
  • Phone: (843) 868-5512
  • Address: FlowSystem AI, Charleston, SC

For GDPR-specific inquiries, you may contact our Data Protection Officer at the email address above.