Who We Are

FlowSpotNeuron is a mobile app UX/UI design studio based in London. We create digital experiences that people actually enjoy using. When you reach out to us or work with us, we collect certain information – and this policy explains what, why, and how.

Our registered address is UNIT 3 Ground Floor, Neville Pl, High Rd, London N22 8HX, United Kingdom. You can reach us at help@flowspotneuron.com or call +447740605144.

What Information We Collect

We're not in the business of hoarding data. We only collect what we genuinely need to provide our services and communicate with you.

Information You Give Us Directly

• Your name and contact details when you fill out our contact form or email us
• Company information and project details you share during consultations
• Payment information when you become a client (though we don't store full card details – our payment processor handles that)
• Any feedback, files, or materials you send us during a project

Information We Collect Automatically

• Basic website analytics – pages you visit, how long you stay, what device you're using
• IP address and general location data (city level, nothing creepy)
• Browser type and operating system details

We use standard analytics tools to understand how people use our website. This helps us improve things like load times and navigation. We're not tracking your every move across the internet – just what happens on our site.

How We Use Your Information

Everything we collect serves a purpose. Here's what we actually do with your data:

• Respond to your enquiries and provide quotes for potential projects
• Deliver design services and communicate about ongoing work
• Process payments and send invoices
• Share project updates, files, and deliverables
• Improve our website and services based on usage patterns
• Send occasional updates about our services (only if you've said yes to that)
• Comply with legal obligations like tax reporting

We won't suddenly add you to marketing lists without permission. If you enquire about our services, we might follow up a couple of times, but if you're not interested, just let us know and we'll stop.

Legal Basis for Processing

Under UK GDPR, we need a lawful reason to process your personal data. Here's our reasoning:

Who We Share Your Data With

We're not selling your information to anyone. But we do work with a few trusted partners who help us run our business:

• Email service providers to send and receive messages
• Cloud storage services where we keep project files securely
• Payment processors who handle transactions (they're PCI-DSS compliant, which is the gold standard)
• Analytics tools that help us understand website traffic
• Accountants and legal advisors when required

These partners only get access to the specific information they need to do their job. They're contractually bound to keep your data secure and can't use it for their own purposes.

International Data Transfers

Most of our tools and services are UK or EU-based. Occasionally, we use services hosted in other countries – usually the United States. When we do, we make sure appropriate safeguards are in place:

• Standard contractual clauses approved by the UK Information Commissioner's Office
• Adequacy decisions where the destination country has strong data protection laws
• Additional security measures beyond what's legally required

Your data security doesn't stop at borders. We vet every service provider carefully.

How Long We Keep Your Data

We don't keep information longer than necessary. Different types of data have different retention periods:

When retention periods expire, we securely delete or anonymise your data. "Securely delete" means properly wiping it – not just moving it to a recycle bin.

Your Rights

UK data protection law gives you several rights over your personal information. These aren't just theoretical – you can actually exercise them, and we'll help you do so.

Access Your Data

You can request a copy of all the personal information we hold about you. We'll provide it in a clear, readable format within one month. This is called a Subject Access Request, and it's completely free.

Correct Inaccurate Information

If we've got something wrong – misspelled your name, outdated email address, whatever – just let us know and we'll fix it promptly.

Delete Your Data

You can ask us to delete your information, and we'll comply unless we have a legal reason to keep it (like financial records we're required to retain). We'll explain our reasoning if we can't delete everything immediately.

Object to Processing

If you don't want us to process your data for specific purposes – like marketing or analytics – you can object. We'll stop unless we have compelling legitimate grounds to continue.

Restrict Processing

In certain situations, you can ask us to temporarily stop using your data while we sort out a dispute or verify accuracy.

Data Portability

You can request your data in a machine-readable format to transfer to another service provider. We'll provide it in CSV or JSON format.

Withdraw Consent

If we're processing your data based on consent (like marketing emails), you can withdraw that consent anytime. There's an unsubscribe link in every marketing email, or just email us directly.

Security Measures

We take data security seriously – not just because we have to, but because we'd be horrified if your information got compromised. Here's what we do to protect it:

• All data transmissions are encrypted using TLS (that's the padlock you see in your browser)
• Our servers and databases have strong access controls – only authorised personnel can access them
• We use multi-factor authentication on all business accounts
• Regular security updates and patches are applied promptly
• Client files are stored in encrypted cloud storage with access logging
• We have backup systems to prevent data loss
• Our team receives regular training on data protection and security

No system is 100% bulletproof – anyone who claims otherwise is lying. But we've implemented industry-standard protections and continuously monitor for potential threats. If we ever experienced a data breach that affected your information, we'd notify you and the ICO within 72 hours.

Cookies and Tracking

Our website uses a few cookies – small text files stored on your device. We're pretty minimal with these:

Essential Cookies

These make the website work properly. They remember things like whether you've submitted a form, so you don't see it twice. We don't need permission for these because they're necessary for the site to function.

Analytics Cookies

We use analytics to understand how people use our site – which pages are popular, where people drop off, that sort of thing. We've configured our analytics to anonymise IP addresses and respect "Do Not Track" signals where possible.

You can control cookie settings through your browser. Blocking essential cookies might break some functionality, but that's your choice. Most browsers let you block third-party cookies while allowing first-party ones.

Children's Privacy

Our services are designed for businesses, not children. We don't knowingly collect information from anyone under 16. If you're a parent and believe your child has provided us with personal information, contact us immediately and we'll delete it.

Changes to This Policy

We might update this policy occasionally – usually when we add new services or tools, or when privacy laws change. When we make significant changes, we'll notify current clients by email and update the "last updated" date at the top of this page.

We won't make changes that reduce your rights without giving you proper notice and options.

Complaints and Concerns

If you're unhappy with how we've handled your personal data, please tell us first. We'll do our best to resolve any issues quickly and fairly. Email help@flowspotneuron.com with your concern, and we'll respond within 5 working days.

You also have the right to complain to the supervisory authority. In the UK, that's the Information Commissioner's Office (ICO). You can contact them at ico.org.uk or call 0303 123 1113. But honestly, we'd appreciate the chance to fix things directly before you escalate to the regulator.