Privacy Policy

Effective date: May 4, 2026  ·  Last updated: May 19, 2026

1. Who we are

Laurie CASES is your data controller for personal data processed in connection with the Flourish websites and SaaS (“Flourish”, “we”, “us”) at https://www.flourishnetwork.app and related subdomains used to deliver the service.

• Legal form: French micro-entrepreneur (non-regulated liberal profession).
• SIREN: 921 084 273 · SIRET: 921 084 273 00017
• NAF/APE code: 8559B — Autres enseignements
• Postal address (professional): 27 ALL DU MAJOURAN, 13800 ISTRES, France
• Privacy enquiries and data‑subject requests: laurie.cases@gmail.com — please use subject line “Privacy — Flourish”. A domain contact on @flourishnetwork.app may be added later.

2. What Flourish does (scope)

Flourish provides practice‑growth tooling for independent health practitioners, including foundation and voice capture, AI‑assisted content generation, practitioner dashboards, optional client portals, email tooling, integrations (when enabled), subscriptions, and related communications. It is not a substitute for regulated medical records systems; practitioners remain responsible for their own professional and clinical compliance.

3. Categories of personal data we process

If you browse or join as a practitioner (subscriber / trial):

• Identity and contact: name, email, phone where provided, company or practice name, locale.
• Account and service data: profile and questionnaire answers, services and positioning, strategy or journey data, content library items, scheduling and usage.
• Growth Blueprint data: birth date, birth time, birth city, coordinates/timezone derived from that city, chart and Human Design calculations, blueprint outputs, consent records, and beta feedback you choose to submit.
• Payment data: processed by Stripe (we do not store full card numbers).
• Marketing and analytics: where our site uses Meta Pixel or similar, event and device data as described in Section 8.

If you are an end client/patient using a practitioner’s portal / invite link:

• Contact and profile data you submit; check‑ins, goals, resources, protocol progress as configured by your practitioner.

Technical data (all roles): IP address, browser type, device category, timestamps, inferred region, diagnostic logs stripped of unrelated content where possible.

4. Instagram and Meta (including Facebook Login)

If you connect an Instagram Professional account:

• We receive and store identifiers and OAuth tokens required to operate the integration (such as Meta long‑lived access token(s), Meta/Instagram numeric user identifiers, Instagram username).
• We use those permissions only to provide features you activate (such as confirming connection status and publishing media you initiate from Flourish).
• Meta’s platforms are controllers for their own services; Flourish accesses data through Meta APIs subject to Meta’s Developer Policies and Platform Terms.

Disconnecting Instagram in Flourish removes the integration from our side; revoke access also in Meta’s app settings if you wish to revoke our app entirely.

5. AI and messaging providers

Parts of Flourish invoke AI processors such as OpenAI, DeepSeek, and image generation providers where enabled. Prompts may include textual context from your questionnaire, Growth Blueprint, birth-chart summary, and content library strictly to fulfill the requested feature.

6. Email, hosting, outreach (where enabled)

• Infrastructure: the application runtime is hosted on Render U.S. (Oregon region) cloud; primary database hosted with our configured PostgreSQL provider (commonly Neon or equivalent — check your onboarding email).
• Email: transactional and product email may flow through providers such as Brevo/SendGrid‑class SMTP as configured operationally.
• Optional outreach tooling (e.g., Instantly, SmartLead) receives only prospect and copy data needed to operate campaigns practitioners configure.
• Error monitoring: Sentry may process limited diagnostics if enabled in deployment.

7. Purposes and lawful bases (GDPR)

• Contract: provide Flourish accounts, invoicing via Stripe, support.
• Legitimate interests: security, abuse prevention, product analytics in aggregate.
• Consent: where required — e.g. non‑essential marketing cookies/trackers.
• Legal obligations: tax, invoicing retention, lawful requests.

8. Cookies and tracking

We use strictly necessary cookies for sessions and dashboard login. Non-essential analytics and marketing trackers, including Meta Pixel, are loaded only after consent where required.

9. Retention

• Account and substantive service data retained while subscribed and typically up to twenty‑four months after closure unless shorter erasure windows apply by request or law.
• Billing artefacts via Stripe retained as required for accounting (often seven years).
• Instagram tokens removed on disconnect.

10. International transfers

We are established in France. Subprocessors operate in jurisdictions including the United States. Where transfers are not covered by an adequacy decision, we rely on appropriate safeguards — such as the European Commission Standard Contractual Clauses — as offered by our vendors (Stripe, Render, OpenAI and others).

11. Security

We use HTTPS, access controls appropriate to deployment size, and vendor contracts requiring confidentiality. No online service can guarantee absolute security.

12. Your rights

For data covered by GDPR/UK GDPR, you may contact us at laurie.cases@gmail.com to request access, rectification, deletion, portability, objection, or restriction.

You can request deletion of your Flourish account, Stage 0 answers, birth data, generated blueprints, and beta feedback. Some billing or legal records may need to be retained where required by law.

You may lodge a complaint with the French supervisory authority CNIL (or your local supervisory authority).

13. Automated decision‑making

We do not use solely automated decisions with legal effects on you beyond routine fraud checks by payment processors.

14. Children

Flourish is intended for practitioners and invited adult clients working with them. Do not onboard minors without appropriate consent.

15. Changes

We may update this policy; material updates will be signposted via the site notice or email. Continued use after changes constitutes acknowledgement where lawful.

16. Contact

Privacy enquiries: laurie.cases@gmail.com