Back to Home

Privacy Policy

Last Updated: November 1, 2025

1. Introduction

Welcome to the Flowith OS Invitation Code Purchase Platform (referred to as "Platform", "we", "us", or "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data.

2. Information We Collect

2.1 Payment Information

When you purchase an invitation code, payment information is collected and processed by our payment processor Creem (Armitage Labs OÜ, an Estonian company). This information includes:

  • Credit/debit card type
  • Last 4 digits of card number
  • Billing address
  • Contact information (such as email address)

Important Note: We do not directly store or process your complete payment card information. All payment data is securely handled by Creem, which further uses Stripe as its payment infrastructure provider.

2.2 Order Information

We store the following information in our database:

  • Order ID (generated by Creem)
  • Invitation code allocation records
  • Order status and timestamps

2.3 Automatically Collected Information

We use Vercel Analytics to collect anonymous website usage data:

  • Page views
  • Referral sources
  • Device type (desktop/mobile)
  • Geographic location (country/region level)
  • Browser type

This data is anonymous and does not contain personally identifiable information.

2.4 Information We Do NOT Collect

  • ❌ We do not collect email addresses (invitation codes are displayed directly on the webpage)
  • ❌ We do not use third-party advertising tracking cookies
  • ❌ We do not collect social media information
  • ❌ We do not collect device IP addresses (Vercel Analytics collects this, but we cannot access it)

3. How We Use Your Information

We use collected information for:

  • Transaction Processing: Complete your invitation code purchase and display the code on the payment success page
  • Order Management: Record invitation code allocation to prevent duplicate use
  • Fraud Prevention: Verify payment signatures to prevent unauthorized access
  • Service Improvement: Analyze website usage patterns to optimize user experience (through anonymous analytics)
  • Legal Compliance: Comply with applicable laws and regulations

4. Information Sharing

We only share your information in the following circumstances:

4.1 Payment Processor

  • Creem (Armitage Labs OÜ): Acts as Merchant of Record to process all payments
    • Creem Privacy Policy: https://www.creem.io/privacy
    • Creem further uses Stripe, Inc. to process payment card information
    • Stripe Privacy Policy: https://stripe.com/privacy

4.2 Infrastructure Service Providers

  • Supabase: Used to store order records and invitation code data
    • Privacy Policy: https://supabase.com/privacy
  • Vercel: Used for website hosting and anonymous analytics
    • Privacy Policy: https://vercel.com/legal/privacy-policy

4.3 Legal Requirements

We may need to disclose your information in the following situations:

  • As required by law, regulation, or legal process
  • To protect our rights, property, or safety
  • To investigate potential violations

4.4 Our Commitment

We will NOT sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We take the following measures to protect your data:

  • Transmission Encryption: All data transmission uses HTTPS/TLS encryption
  • Webhook Verification: HMAC SHA-256 signature verification ensures data integrity
  • Payment Security: Payment processing is handled by PCI DSS compliant Creem and Stripe
  • Access Control: Strictly limited database access permissions
  • Regular Reviews: Regular security practice reviews and dependency updates

6. Data Retention

  • Order Records: Retained long-term for accounting, tax, and legal compliance purposes
  • Invitation Code Data: Retained permanently to prevent duplicate allocation and abuse
  • Analytics Data: Retained by Vercel in accordance with their privacy policy

We do not collect personally identifiable information (such as email addresses) that would need to be deleted.

7. Your Rights

Under applicable data protection laws (such as GDPR, CCPA), you may have the following rights:

  • Right to Access: Request a copy of the data we hold about you
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your order data in certain circumstances (only after order completion with no disputes)
  • Right to Restriction: Request restriction of processing of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your order data in a structured format

To exercise these rights, please contact us at: support@yourlifeyourawareness.org

8. Cookie Policy

8.1 Cookies We Use

This website uses the following types of cookies:

  • Essential Cookies: Generated by the Next.js framework for basic website functionality (session management, etc.)
  • Analytics Cookies: Anonymous analytics cookies used by Vercel Analytics

8.2 Third-Party Cookies

When you visit the Creem payment page, Creem may set its own cookies. Please refer to Creem's privacy policy for details.

8.3 Managing Cookies

You can manage or disable cookies through your browser settings, but this may affect some website functionality.

9. Third-Party Links

This website will redirect you to Creem's payment page to complete transactions. We are not responsible for the privacy practices of third-party websites. Please review their privacy policies:

  • Creem Privacy Policy: https://www.creem.io/privacy
  • Stripe Privacy Policy: https://stripe.com/privacy
  • Vercel Privacy Policy: https://vercel.com/legal/privacy-policy
  • Supabase Privacy Policy: https://supabase.com/privacy

10. International Data Transfers

Our service providers are located in different countries/regions:

  • Creem: Estonia (EU)
  • Vercel: United States
  • Supabase: Configurable regions

If you are located in the EU, your data may be transferred outside the EU. We ensure these transfers comply with GDPR requirements through appropriate safeguards (such as Standard Contractual Clauses).

11. Children's Privacy

We do not collect personal information from children. Since we do not collect personally identifiable information (such as email addresses), the privacy risk to children is minimal.

If you believe we have inadvertently collected information from a child, please contact us, and we will take immediate steps to delete it.

12. California Resident Rights (CCPA)

If you are a California resident, under the California Consumer Privacy Act (CCPA), you have:

  • The right to know about the personal information we collect
  • The right to delete personal information
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination

To exercise these rights, please contact: support@yourlifeyourawareness.org

13. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect:

  • Service changes
  • Changes in legal requirements
  • Improvements to data processing practices

Significant changes will be communicated by:

  • Posting an announcement on the website
  • Updating the "Last Updated" date at the top of this page

We encourage you to review this policy regularly.

14. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy, please contact:

  • Email: support@yourlifeyourawareness.org

We will respond to your request within 30 days.

Governing Law: This Privacy Policy is governed by Chinese law.