Overview
Floem ("Floem", "we", "us", or "our") operates a B2B sales intelligence and lead management platform designed for real estate sales teams. We are committed to protecting the personal information you share with us and being transparent about how it is used.
This Privacy Policy explains what data we collect, how we use it, who we share it with, and what choices you have. By using Floem's services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our platform.
Plain-language summary: We collect data needed to operate Floem. We do not sell your personal data to third parties. You can request deletion of your data at any time.
Information We Collect
We collect information in three ways: information you give us directly, information generated automatically, and information from third-party sources.
| Category | Examples | Source |
|---|---|---|
| Account & identity | Name, email address, password (hashed), job title, organization name | Provided by you |
| Lead & CRM data | Lead names, phone numbers, interest stage, source channel, interaction history | Entered by your team |
| Audio recordings | M4A audio files of in-person conversations with leads, recorded via the device microphone with explicit prior consent | Captured by you via the app |
| Location data | GPS coordinates (latitude & longitude), reverse-geocoded place names (suburb / neighbourhood), timestamps associated with recordings and attendance events | Automatically captured during recordings and punch-clock events |
| Attendance data | Punch-in and punch-out timestamps, GPS location at time of each punch event | Captured via punch clock feature |
| Communications | Support tickets, emails to our team, in-app feedback messages | Provided by you |
Voice Recordings & Microphone
The Floem mobile app includes a voice recording feature that allows sales staff to record in-person conversations with property leads for coaching and quality assurance purposes. This section explains how that feature works and how the resulting audio data is handled.
Consent is mandatory before every recording. The app displays a disclosure screen to the lead before recording begins, stating: "This conversation will be recorded by your enterprise on Floem AI for sales coaching and quality assurance purposes." The lead may decline without any penalty or impact on the interaction.
Audio captured via the device microphone during the recording session. Recordings are saved in M4A format.
The audio file is stored temporarily on the device until the upload completes. It is deleted from the device automatically after a successful upload.
The recording is uploaded to Floem's servers (AWS infrastructure) over an encrypted TLS connection. The upload also includes: an auto-generated filename containing the lead name, salesperson name, project name, and date/time; the associated lead ID; and the GPS coordinates at the time of recording.
Recordings are accessible only to the employing organisation's authorised management or admin team. Floem staff may access recordings solely for technical support purposes, under a data processing agreement.
Sales coaching, quality assurance, and performance review by the employing organisation. Recordings are not used for advertising or sold to third parties.
Users and leads may request deletion of a specific recording by contacting kushal@floem.ai. The employing organisation may also request bulk deletion as part of account closure.
The app requires the following permissions to enable recording:
- Android: RECORD_AUDIO, FOREGROUND_SERVICE, FOREGROUND_SERVICE_MICROPHONE (Android 14+), WAKE_LOCK, POST_NOTIFICATIONS (Android 13+).
- iOS: Microphone usage permission — "This app requires access to the microphone for recording."
Background recording: On Android, a foreground service keeps the recording process active if the app is backgrounded during a session. A persistent notification is shown to the user whenever this service is running. The service stops automatically when the recording ends.
Location Data
Floem collects device GPS location at specific points during app use. Location is not tracked continuously in the background.
| When collected | What is captured | How it is used |
|---|---|---|
| Recording start | High-accuracy GPS coordinates (latitude & longitude) captured once at the moment recording begins | Attached to the recording upload to associate the conversation with a physical site |
| Punch-in / Punch-out | GPS coordinates and timestamp at the moment the employee punches in or out | Attendance record sent to the employer's dashboard to verify on-site presence |
Reverse geocoding: GPS coordinates are converted to a human-readable place name (suburb, neighbourhood, or city) using the OpenStreetMap Nominatim API, a third-party service operated by the OpenStreetMap Foundation. Your coordinates are transmitted to OpenStreetMap's servers for this lookup. OpenStreetMap's privacy policy applies to that request.
Accuracy: The app requests high-accuracy GPS (typically within 3–10 metres), which may use GPS hardware, Wi-Fi, and mobile networks.
Permissions required:
- Android: ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION.
- iOS: Location When In Use usage description (handled by the operating system permissions dialogue).
Location data retention: Location data is stored alongside the associated recording or attendance record and is subject to the same retention schedule described in Section 09. It is deleted within 30 days of account closure unless a legal hold applies.
How We Use Information
We use collected data for the following purposes:
Providing, operating, and maintaining the Floem platform and all its features.
Creating and managing your account, authenticating your identity, and providing customer support.
Analyzing usage patterns to improve existing features, fix bugs, and develop new capabilities.
Sending transactional emails (password resets, billing receipts), product updates, and—where permitted—marketing communications.
Detecting, investigating, and preventing unauthorized access, abuse, and other illegal activities.
Complying with applicable laws, regulations, and lawful requests from public authorities.
Understanding aggregate usage trends to make informed product decisions. Analytics data is anonymized where feasible.
Marketing communications: You may opt out of non-transactional emails at any time via the unsubscribe link included in each message or by contacting us directly.
Sharing & Disclosure
We do not sell your personal data. We share data only in limited, controlled circumstances:
Third-party vendors (hosting, analytics, payment processing, email delivery) who process data on our behalf under strict data-processing agreements.
If Floem is acquired, merged, or goes through an asset sale, your data may be transferred to the successor entity. We will notify you before any such transfer takes effect.
We may disclose data when required by law, court order, or governmental authority, or when necessary to protect the safety of our users or the public.
In any other circumstance where you have explicitly consented to sharing.
| Sub-processor | Purpose | Location |
|---|---|---|
| AWS / Vercel | Cloud infrastructure & hosting (including recording storage) | India / US |
| Stripe | Payment processing | US |
| PostHog | Product analytics | EU / US |
| Resend | Transactional email | US |
| OpenStreetMap Nominatim | Reverse geocoding of GPS coordinates to place names | Global (OSM Foundation) |
Organisation Visibility (B2B)
Floem is a B2B platform sold to organisations (employers) who deploy it to their sales teams. The employing organisation is the data controller for data generated by its employees within the app; Floem acts as a data processor on the employer's behalf.
Important for employees: Your employer has visibility into the data categories listed below. If you have questions about what your specific employer can see or how they use that data, please contact your employer's HR or compliance team directly.
The following data categories are accessible to authorised administrators within the employing organisation:
| Data category | What the employer can see |
|---|---|
| Voice recordings | All recordings made by team members, including audio content, auto-generated filename (containing salesperson name, lead name, project, date/time), and associated lead ID |
| Recording location | GPS coordinates and reverse-geocoded place name attached to each recording at the time it was created |
| Attendance records | Punch-in and punch-out timestamps and GPS location for each team member |
| Lead & CRM activity | All lead records, interaction history, and stage changes entered by team members |
| User profiles | Name, email address, phone number, role, and account verification status of team members |
| Channel partner view | Channel partners with administrative access can view the list of team members under their purview, along with associated leads and verification status |
Floem does not grant any employer access to data belonging to another organisation. All data is logically segregated by organisation within our systems.
Your rights as an employee: Regardless of your employer's access, you retain all the personal data rights listed in Section 11 against Floem as data processor. To exercise those rights, contact kushal@floem.ai. For rights against your employer as data controller, contact your employer directly.
Cookies & Tracking
We use cookies and similar technologies to provide and improve our service. Cookies help us remember your preferences, authenticate sessions, and understand how you interact with Floem.
| Cookie type | Purpose | Retention |
|---|---|---|
| Strictly necessary | Authentication, session management, CSRF protection | Session |
| Functional | User preferences, language, layout choices | 1 year |
| Analytics | Usage patterns, feature adoption, error tracking | 90 days |
You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may impact platform functionality.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:
Data is retained for the duration of your subscription and the associated contractual relationship.
Data is deleted or anonymized within 30 days of account closure, unless retention is required by law.
Recordings are retained for the duration of the employing organisation's subscription unless the organisation or the individual requests earlier deletion by contacting kushal@floem.ai.
GPS coordinates and attendance records are retained alongside the associated recording or punch event and deleted within 30 days of account closure.
Encrypted backups may persist for up to 90 days before being permanently purged.
Financial records are retained for 7 years as required by applicable tax and accounting regulations.
If data is subject to a legal hold or dispute, it will be retained until the matter is resolved.
Requesting deletion: You may request deletion of your data at any time by emailing kushal@floem.ai. We will action verified deletion requests within 30 days, subject to any legal retention obligations.
Security
We implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
- All data in transit is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256.
- Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
- We conduct regular security reviews and penetration testing.
- Passwords are hashed using bcrypt with per-user salts; we never store plaintext passwords.
Incident response: In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of it, as required by applicable law.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. We honor all applicable rights under GDPR, CCPA, and Indian data protection law (DPDPA).
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data ("right to be forgotten").
Receive your data in a machine-readable format (CSV/JSON).
Object to processing based on legitimate interests or for direct marketing.
Request that we limit how we process your personal data.
To exercise any of these rights, contact us at kushal@floem.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request.
International Transfers
Floem is headquartered in India. If you access our services from outside India, your data may be transferred to, processed, and stored in India or other countries where our service providers operate.
When transferring data from the European Economic Area (EEA) or United Kingdom, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and adequacy decisions where applicable.
EEA users: We process your data in accordance with GDPR. For privacy-related queries, contact us at kushal@floem.ai.
Children's Privacy
Floem is a business software platform intended exclusively for adults (18 years or older). We do not knowingly collect or solicit personal data from anyone under the age of 18.
If we learn that we have inadvertently collected personal data from a minor, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us immediately at kushal@floem.ai.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of material changes by:
- Posting a prominent notice on our platform at least 30 days before changes take effect.
- Sending an email to the address associated with your account.
- Updating the "Effective" and "Last reviewed" dates at the top of this page.
Continued use of Floem after changes take effect constitutes your acceptance of the revised policy. If you do not agree with the changes, you must stop using the service and may request account deletion.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out using any of the following:
Floem Privacy Team
We aim to respond to all privacy-related inquiries within 5 business days. For escalation or complaints, you may also contact your local data protection authority.