Data & Security

Your data stays yours.

We connect to your tools to build automations. We don't store, copy, or train on your business data. Here's exactly how we handle it.

The short version
We connect through official APIs. We never ask for your passwords.
Your data stays in your systems. We don't copy or store it on ours.
We don't train AI models on your data. Ever.
You can revoke our access at any time with one click.
When the project is done, we remove all access.
Our commitments

How we handle your data.

We don't store your data

Your business data stays in your systems. We connect to your tools to build and configure automations, but we don't copy, download, or warehouse your data on our servers.

Secure API connections only

We connect to your tools through official APIs and OAuth authentication. We never ask for your passwords. You can see exactly what we have access to, and you can revoke it at any time.

Encrypted everything

All connections use TLS encryption in transit. Any credentials or API keys are stored in encrypted vaults during the project, not in spreadsheets or shared documents.

Your data stays in your tools

When we build an automation that moves data between your systems (say, from Xero to HubSpot), that data flows directly between those platforms. It doesn't pass through or get stored on FlowWorks infrastructure.

Australian Privacy Act compliant

We operate under Australian privacy law and meet all obligations under the Privacy Act 1988. We can provide a data processing agreement for clients who need one for their own compliance requirements.

Access removed after project

When a project is complete, we remove all API connections and access to your systems. If you're on an ongoing retainer, we maintain only the minimum access needed to support your automations.

How it works

We connect. We don't copy.

1

You authorise access

You log into your tool (Xero, HubSpot, etc.) and grant FlowWorks permission through the platform's official OAuth flow. This is the same process you'd use to connect any app.

2

We build the automation

Using the API access you've granted, we configure the automation workflows. Data flows directly between your platforms. It doesn't route through or get stored on our servers.

3

You stay in control

You can see exactly what access we have at any time through your tool's connected apps settings. You can revoke access with one click, no questions asked.

4

Project ends, access goes

When the project wraps up, we remove all API connections and delete any stored access tokens. If you're on a retainer, we keep only what's needed to support your automations.

FAQ

Common questions about data.

No. We never use your business data to train AI models. When we use AI services like OpenAI or Anthropic within your automations, your data is processed under their enterprise terms which explicitly prohibit training on customer data.
Your data stays wherever it already is. If you use Xero, it's on Xero's servers. If you use HubSpot, it's on HubSpot's servers. We don't create a separate copy. The automations we build connect your existing platforms directly.
Not unless you want us to. At project completion, we remove all API connections and access tokens. If you're on an ongoing support retainer, we keep only the access needed to monitor and maintain your automations, and you can revoke it at any time.
We work with accounting firms, healthcare practices, and law firms regularly. We understand the compliance requirements for sensitive data. We can sign NDAs, provide data processing agreements, and scope our access to only the systems and data necessary for the automation.
Yes. We build automations that respect privacy obligations, including data minimisation, purpose limitation, and consent requirements. For businesses preparing for the December 2026 AI transparency amendments, we can help you document how your automations use personal data.
In the unlikely event of a security incident, we follow a documented incident response process. We'll notify you within 24 hours, provide a full assessment, and work with you on remediation. We carry professional indemnity insurance that covers data-related incidents.
Get started

Find out what's costing
your business the most.

A 30-minute conversation. No pitch. No obligation. We'll identify your highest-impact automation opportunities before you spend a dollar.

Get your AI Readiness Review
1300 484 044 · ops@flowworks.com.au · Melbourne, Australia