Skip to main content
Flow State MGMT

Privacy Policy

Last updated: April 30, 2026

Beta Privacy Policy

This Privacy Policy is currently in beta and pending review by our entertainment attorney. The structure and substance below describe how Flow State Management LLC handles your data today. Final attorney-reviewed wording will be posted before paid signups open. Beta users will be notified of any material changes at least 30 days before they take effect.

Information We Collect

When you create an account, we collect your name, email address, and the management company you represent. When you use the Service, we store the data you upload or enter, including roster details, contracts, royalty statements, tour data, financial records, and documents in your Document Vault.

We also collect operational data automatically: device and browser information, IP address, login timestamps, error reports, and product usage patterns. We use a limited set of cookies and similar technologies to keep you signed in and to measure aggregate product usage.

How We Use Information

We use the information we collect to operate the Service, authenticate your account, provide customer support, prevent fraud and abuse, comply with legal obligations, and improve the product. We do not sell your personal information. We do not use your roster, financial, or document data for advertising.

AI Inputs and Raquel Transcripts

When you chat with Raquel, your messages are sent to a third-party AI provider (Anthropic) for inference. Anthropic processes the request and returns a response. Anthropic's commercial API does not train AI models on customer inputs or outputs by default, and we do not opt your data into any training pipeline.

We log every Raquel turn (your prompt, Raquel's response, and metadata about the turn) to a secure audit table inside your Flow State Management workspace. Audit logs are retained for seven years to support customer support, legal compliance, and product safety review. Audit logs are accessible only to Flow State Management administrators and are never shared with third parties except as required by law or your written instruction.

We do not use your roster data, contracts, royalty statements, financial records, or document vault content to train AI models, ours or anyone else's. If we ever build a feature that requires training on customer data (for example, a manager- specific recommendation model), we will obtain your written consent before doing so and make participation optional and reversible.

Sharing and Processors

We use a small set of subprocessors to run the Service, including Supabase (hosted Postgres and authentication), Vercel (hosting and edge delivery), Anthropic (AI inference for Raquel), Stripe (billing), Resend (transactional email), Sentry (error reporting), and Slack (internal incident notifications). Each subprocessor is bound by its own data processing terms and accesses only the data it needs to perform its function.

We do not sell, rent, or share your personal information with advertisers. We may disclose information when required to comply with a lawful subpoena, court order, or other legal process, or to protect the rights, safety, and property of Flow State Management LLC, our customers, or the public.

Data Retention

Active account data is retained for as long as your subscription is active. When you cancel and delete your account, we delete or de-identify your roster, contracts, royalty data, and financial records within 30 days, except where retention is required by law or by an active legal hold. Raquel audit logs are retained for seven years to support tax and regulatory audit windows.

Security

We use Postgres Row Level Security policies to enforce that one tenant's data is never visible to another tenant. We encrypt data in transit using TLS and at rest using the encryption defaults of our hosting providers. Access to production systems is limited to a small set of authorized personnel and audited.

No system is perfectly secure. If we ever detect a breach involving your personal information, we will notify you and applicable regulators in accordance with applicable law.

Flow State Management LLC is on a path to SOC 2 Type II certification. We will update this policy with attestation status when the audit completes.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict the processing of your personal information. To exercise any of these rights, contact us at the email address below. We will respond within the time frame required by applicable law.

Children's Privacy

The Service is intended for music industry professionals and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided personal information to us, contact us so we can delete it.

Changes to this Policy

We may update this Privacy Policy from time to time. When we make a material change we will notify you by email or through an in-product notice and update the "Last updated" date at the top of this page.

Contact Us

Questions about this Privacy Policy? Email us at privacy@flowstatemgmt.com.

[Final mailing address and entertainment attorney sign-off pending review.]