← Back to home

Privacy Policy

Last updated: June 1, 2026

1. Introduction

FlowsCheckout (referred to as “we,” “us,” or “our”) is committed to protecting the privacy of users of our on-domain checkout service. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform and services.

By using FlowsCheckout, you agree to the practices described in this policy. If you do not agree with these terms, please do not use our services.

2. Data We Collect

2.1 Information You Provide

  • Account information: first name, last name, email address, encrypted password
  • Profile information: store name, URL, e-commerce platform (Shopify, WooCommerce)
  • Payment information: processed via Stripe — we never store your banking details
  • Communications: exchanges with our customer support team

2.2 Automatically Collected Data

  • Browsing data: IP address, browser type, pages visited, session duration
  • Usage data: interactions with our dashboard, configured settings
  • Technical cookies necessary for the service to function

2.3 Your Customers' Data

When you use FlowsCheckout to host your checkout pages, we process your customers' data (name, email, transaction amount) solely to operate the service. We act as a data processor, and you remain the data controller for this data.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: to provide our on-domain checkout services
  • Legitimate interest: to improve our services, ensure security, and prevent fraud
  • Consent: for marketing communications (you may withdraw at any time)
  • Legal obligation: to comply with tax and regulatory requirements

4. How We Use Your Data

  • Provide, maintain, and improve our on-domain checkout services
  • Configure and deploy your checkout pages on your domain
  • Assist you via our customer support
  • Send service-essential communications (invoices, technical notices)
  • Detect and prevent fraudulent or abusive activities
  • Comply with our legal and regulatory obligations

5. Data Sharing

We never sell your personal data to third parties. We only share your data with:

  • Hetzner (hosting) — server hosting and your checkout pages (Germany)
  • Stripe (payments) — subscription and billing processing
  • Directus — content management and database
  • Vercel — website and documentation hosting
  • Legal authorities — if required by law or to protect our rights

6. International Transfers

Our servers are located in Germany (Hetzner) and the United States (Vercel). For transfers outside the EU, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection.

7. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Account data: until account deletion + 30 days
  • Billing data: 10 years (tax obligation)
  • Login logs: 12 months
  • Customer payment data: 36 months

8. Security

We implement appropriate technical and organizational security measures, including SSL/TLS encryption for all transmissions, encrypted password storage (bcrypt), regular security audits, and restricted data access based on the principle of least privilege.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object — object to the processing of your data
  • Right to withdraw consent at any time

To exercise these rights, contact us at privacy@mirorpay.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies

We only use cookies strictly necessary for the service to function (session cookies, authentication cookies). We do not use advertising or third-party tracking cookies. You can configure your browser to reject cookies, but this may affect the functionality of our service.

11. Changes

We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with a revised update date. In case of material changes, we will notify you by email.

12. Contact

For any questions regarding this Privacy Policy or your rights, contact us:

  • Email: privacy@mirorpay.com
  • Support: hello@mirorpay.com
  • Registered office: MirorPay SAS, France