PRIVACY POLICY

the dtx company dba Flowcode

Effective Date October 30th, 2023

1. INTRODUCTION - how this privacy policy works

This is the Privacy Policy for the dtx company dba Flowcode (“dtx”) and its business operations, including Flowcode and Flowpage.  It covers how we use the personal information we obtain in connection with our websites (“Sites”), Flowpages, and other services, features, content, technology and applications (desktop and mobile), including, for example, our QR Codes known as Flowcodes, our Flowtags, our API, our Flowleads tool and our Flowcode Conversion Pixel (all of which we refer to as our “Services”). We help participating companies (Brands) and other creators of Flowcodes, Flowtags, Flowpages, Flowcode Conversion Pixels and/or other dtx-powered offerings (“Creators”) build connections. Sometimes we do this – and provide other aspects of our Services to Brands, Creators and other consumers using our Services – by collecting information through Flowpages, Flowtags, Flowcodes or through the websites, applications or other online properties of Brands and Creators that use our Services.  

If you represent a Brand or are a Creator or a consumer who uses our Services, this Privacy Policy sets out how we look after your personal information and contains information regarding your privacy rights when using our Services or otherwise interacting with dtx. This Privacy Policy also covers the personal data we collect in the context of our other business-to-business interactions and marketing efforts. Dtx respects your privacy and is committed to protecting your personal information.

For the purposes of the relevant privacy and data protection law in the United Kingdom, European Union, or locations with similar law, in most cases (except where we have agreed to act solely as a “processor” of your information on behalf of a Brand or Creator you are interacting with as discussed below), dtx is considered the “controller” of your personal information. This means that we are responsible for deciding how we store and use personal information about you and providing you with the information contained in this Privacy Policy. However, this Privacy Policy only applies to dtx’s handling of your personal information. Brands, Creators and other third parties collect and handle personal information pursuant to their own policies and procedures, which differ from this Privacy Policy and for which they are responsible. Clicking on third-party links or enabling connections to third parties through our Services (including by using or visiting their Flowcodes, Flowpages or Flowtags) may allow third parties to collect or disclose personal information about you. These third parties typically act as separate and independent controllers of your personal information, including with respect to information they collect on Flowpages and through Flowcodes and Flowtags. We do not control these third parties and are not responsible for their privacy policies and procedures.

By using a Site or other Services, such as by scanning a dtx-powered QR code (including one labeled Flowcode, Flowtag or Flowpage), creating a personalized Flowcode QR code (“Personal QR code”), creating a Flowpage (“Personal Flowpage”) or Flowtag, or visiting, scanning, tapping, entering information into or clicking on a Site, Flowpage, Flowcode or Flowtag, you authorize the collection and handling of your information as described in this Privacy Policy.

The types of information we collect are described in the Key Privacy Details section below. You disclose some of that information with us using the information collection technology described below. We also may use that technology to collect information about you automatically. We may also receive personal information from Brands, Creators, service providers and data partners (e.g., Google), trade associations and industry partners, event organizers, joint marketing partners, public agencies, as well as other publicly available sources such as websites. If you disclose your Personal QR code or you disclose any other dtx-powered QR code (including through your Personal Flowpage) to another person who then scans that QR code, we may collect from that person’s device the same categories of information as described in the Key Privacy Details section below and the rest of this Privacy Policy, and that collection of information will be subject to the terms of this Privacy Policy. In addition, if a Flowpage uses our contact collection form or other information collection widget, another person (for example, a Flowpage visitor) may enter additional information into that widget. In that case, our own collection and handling of such information will be subject to the terms of this Privacy Policy, but the Flowpage Creator’s handling of the information will be subject to their own privacy policies and practices.

It is important that you read this Privacy Policy together with any other privacy policy or notice we provide on specific occasions so that you are aware of how and why we are using your personal information. This Privacy Policy is not a contract.

We will update this Privacy Policy from time to time and may also notify you in other ways from time to time about how we handle your personal information.

2. KEY PRIVACY DETAILS - how we collect and use your personal information

This section of our Privacy Policy sets out some key details about how the dtx company dba Flowcode (“dtx”) and its business operations, including Flowcode and Flowpage, collect and use your personal information.  It does not apply to the handling of personal information by our customers (such as Brands and Creators).  For full context and details, we recommend reading this entire Privacy Policy from the top.

To understand dtx’s handling of personal information, you need to know a few things about how our QR codes work:

QR CODES

When you point the camera on any modern phone or tablet at a QR code, you’ll either be given an option to take some action, or your device will automatically take that action. For example, when you point the camera at the QR code below, you’ll see the option to visit a webpage. Some QR codes can do other things, like download some content or install an app.

Personal Information We Collect

Personal Information that could be collected or generated when you scan one of our QR Codes (including on a Flowtag):

  • a record of the specific QR Code you scanned;
  • information about your device, such as its current IP address, the operating system and the browser used by the device;
  • unique cookie IDs we assign to your browser (but cookie usage is reduced or unavailable in some countries outside the United States)
  • precise geolocation; and
  • inferences drawn from any of the above, such as your general location based on your IP address, or an inference about your interests or your attributes based on the fact that you scanned that particular QR Code.

Personal Information collected in other contexts, such as through other use of our Sites or interactions with our business contacts or other counterparties:

  • contact information, such as name, username, email address, phone number and address, and professional or employment-related data (such as title);
  • information about your purchases in accordance with your contract with us under our Terms of Service;
  • payment details, such as payment card number in accordance with our Terms of Service or other contract with us;
  • records of services carried out and business relationships;
  • information about your interests and marketing preferences;
  • information about your device or browser, that we collect through automatic means such as cookies and other technology (e.g., unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation information, list of installed apps, local Wi-Fi network name; and internet connection information);
  • details you provide through forms or other interactive content that we host, such as a Flowpage contact collection form or check-in form, including name, phone, address, age, gender;
  • other information collected through automatic means about your interactions with Brands, Creators and other partners, and about your interactions with our Sites and Services; and
  • inferences drawn from any of the above.

For more information about the information we collect through cookies and how it is used, please see the Cookie Notice section of our Privacy Policy below.

How We Use Personal Information

We use personal information for the following purposes:

  • provide our Services to Brands, Creators, users, and others;
  • conduct product and service development (including to improve our Services and create new ones);
  • respond to questions, concerns, or customer service inquiries;
  • send information about our current and future Services (or the offerings of customers such as Brands or Creators), including marketing communications, by phone, email, online display advertising, and other channels;
  • conduct other marketing;
  • analyze market conditions and use of our Services;
  • customize the content and advertising individuals see on our Sites, across the Internet, and elsewhere;
  • conduct investor relations;
  • enforce the legal terms that govern our business relationships;
  • conduct audits and other internal and external investigations;
  • detect and take measures against fraud, cybersecurity violations and other risks (e.g., security assessments);
  • comply with law, protect rights and ensure safety; and
  • create appropriately aggregated or de-identified data, which is not subject to this Privacy Policy, and which we may use or disclose for any purpose.


The California Consumer Privacy Act (“CCPA”) defines the “sale” of personal information to include selling user data to random third parties for money, like a data broker does. But it also defines “sale” and “sharing” in a broader sense that includes some common practices that we have engaged in during the last 12 months. For example, under the CCPA, these terms include the use of certain advertising services, like when we pay an ad tech company to place a cookie on the browser of a visitor to our website so that the user can see an ad for our services on other websites. The ad tech company can see the website visitor’s IP address and other browser/device/cookie data as part of that process. Under the CCPA, we also are “selling” personal information when we allow vendors that assist us with our Services (like certain analytics providers) to also use IP addresses and browser/device/cookie data to improve their services in certain ways.  The terms “sale” and “sharing” also cover some of our other uses of other advertising services, like if we were to pay a third-party website to serve ads for us to individuals that we specify by giving that website a list of those individuals’ email addresses (or hashes of those email address). This would be considered a “sale” and “sharing," even though we’d be the ones who would pay for it.  We don’t engage in other “sales” or “sharing” of California personal information (as those terms are defined under the CCPA), but we do engage in other disclosures of personal information about Californians and others, as described further below.  We don’t “sell” or “share” personal information (as those terms are defined under the CCPA) if we have actual knowledge that the consumer is less than 16 years of age.  Californians can opt out of our CCPA “sales” and “sharing” by following the instructions on our Your Privacy Choices form.

3. COOKIE NOTICE – what cookies we use as part of our Services

Through our Sites and other Services (including on Flowpages and in some Brands’ and Creators’ online properties and communications, such as via the Flowcode Conversion Pixel), we and third parties collect information from your device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality and other computer code.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about your usage and interactions with the relevant website, application, email or other online property (for example, the URL of the third-party website from which you came, the pages and content on our Site that you view, how frequently you access or use the Services, and how you engage with or navigate our Services (including the links you click on), error logs, and other similar information). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.

These technologies help:

  • Display personalized content;
  • Facilitate online marketing;
  • Remember your settings on the pages you visit so that we can display your preferred content the next time you visit;
  • Perform analytics, measure traffic and usage trends, and better understand the demographics of users;
  • Diagnose and fix technology problems;
  • Plan for and enhance our business; and
  • Facilitate the other uses and disclosures described in this Privacy Policy.

For example, in some cases, we assist with the collection of information by advertising services provided by third parties. We and ad services may track your online activities over time by collecting information through automated means such as cookies, and we or they may use this information to show you ads that are tailored to your individual interests or characteristics, your prior visits to certain websites, or other information we or they know, infer, or have collected from people like you.

In addition, when you scan a dtx-powered QR code, dtx may use cookies and the other information collection technology described above to collect information about that interaction (as further described above in the QR Codes section of our Privacy Policy).

4. RETENTION – how long we keep your personal information for

In general, we will retain your information in identifiable form only for the time necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  Because we may collect and use the same category of personal information for different purposes and in different contexts, there is not typically a fixed retention period that always will apply to a particular category of personal information. Therefore, to determine the appropriate retention period for personal information, we may consider factors such as the potential risk of harm from unauthorized use or disclosure of your personal information, the amount, nature, and sensitivity of the personal information, the purposes for which we process your personal information, to determine if we can achieve those purposes through other means, and the applicable legal requirements. Examples of how long we normally intend to retain personal information that we collect about residents of California in certain situations are set forth below. Information may also persist in copies made for backup and business continuity purposes for longer than original copies.

Category of personal information collected from Californians
Examples of how long we normally plan to keep this information
Identifiers, such as your name, username, email address, phone number and address
We plan to retain certain identifiers associated with points of contact for Brands and Creators for the duration of the customer’s contract with dtx, and for 2 years after that for related administration and sales purposes.
Commercial information, such as information you provided to us in your communications (some of which is personal information) and information about your purchases or interactions with our Services.
We plan to retain certain information on an individual’s interest in our services for up to 1 year after the person’s last interaction with dtx, or 2 years after the end of a Brand’s or Creator’s contract with dtx for sales and marketing purposes.
Financial information, such as your payment card number.
We may retain financial information for 7 years in support of financial statements/filings and key financial or business process controls.
Internet or other electronic network activity information, such as technical data about your device and your interactions with our Sites and Services, and with Brands and Creators.
We plan to retain the California IP address associated with account logins on our own websites for several years for account authentication, fraud detection, and other cybersecurity purposes.
Professional or employment related data, such as your title.
We plan to retain various forms of professional related data received in the sales context for 1 year after the person’s (or their organization’s) last interaction with dtx, or 2 years after the end of a Brand’s or Creator’s contract with dtx for sales and marketing purposes.
Inferences drawn from any of the above.
We often retain inferences for the same period of time for which we retain the underlying data.

5. DATA TRANSFER – how we disclose your information

We disclose your information to third parties as follows:

  • To Brands and Creators: We disclose information to Brands and Creators. For example, when we collect information about you in the context of your relationship with (or interaction with) a Brand or Creator, we may disclose that information to the Brand or Creator. When you connect your Flowpage to a Brand or Creator by activating one of their Flowtags, we disclose your information to that Brand or Creator. In some cases, Brands, Creators or their suppliers may collect information directly from you, such as via forms, cookies, or other technology on Flowpages. We may also disclose personal information to Brands or Creators in other situations.
  • To Vendors: We may disclose your information to companies that provide services to us, including, without limitation, facilitating some aspects of our Sites or Services such as sending emails and fulfilling customer service requests.
  • To Affiliates: We may disclose information to other members of our corporate family for the purposes described in this Privacy Policy.
  • To Business Partners: Where we are permitted to do by applicable privacy laws and with your consent if required by law, we may disclose information to businesses with which we partner to offer you certain products, services, and promotions which may be of interest to you.
  • To Customers: If you sign up for an individual account using an email address containing an email domain controlled by a current or future customer, we may disclose certain information about your account status to that customer (for example, whether you have responded to an invitation to convert your account from an individual account to an enterprise account). If you consent to converting your account to the customer’s  enterprise account, all information associated with your account may be disclosed to the applicable customer.
  • To other customers: Similar to the “To Customers” sentence above, if you have an account that is managed by another account, we may disclose your personal information to that account manager.
  • Legal Proceedings: We disclose information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law;
  • Compliance: We disclose information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Services’ terms and conditions or other agreements or policies.
  • Corporate Transactions: We may disclose your information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, a bankruptcy, or other significant corporate event.

When applicable, we comply with legal requirements for transfers of personal information to third countries, such as by making transfers under the following conditions:

  • Transfers to countries that have been deemed to provide an adequate level of protection for personal information by the relevant authorities.
  • Transfers using specific approved contracts, such as the EU Standard Contractual Clauses for transfers of personal information to third countries, with appropriate modifications for other jurisdictions.
  • Transfers in reliance on e EU-U.S. Data Privacy Framework, the UK-U.S. Data Bridge, or other programs approved by relevant authorities.
  • Transfers based on appropriate consent.
  • Transfers necessary to perform a contract with the data subject.
  • Transfers that are legally mandated in appropriate circumstances.

Please contact us at [email protected] if you would like further information on the specific mechanism used by us when transferring your personal information out of the United Kingdom or Europe.

6. LEGAL BASIS FOR PROCESSING – justification for processing under the GDPR and similar laws

We will only use your personal information when the law allows us to. If you are based in the United Kingdom or Europe, when we act as a data controller we will only use your personal information if we have one of the following legal bases:

  • where we need to perform the contract we have entered into with you (for example the Terms of Service);
  • where it furthers our legitimate interests (or of our customers, business partners, or suppliers) in business activities such as the ones listed below, and because that handling of data does not unduly impact your interests, rights, and freedoms, such as:
  • using identifiers and financial information to protect business activities, individuals, and property;
  • using identifiers to communicate for customer service;
  • using identifiers for marketing and advertising (including sending certain direct marketing);
  • using commercial information to analyze and improve our business activities;
  • using identifiers and Internet or other electronic network activity information to  provide cybersecurity, manage information technology assets, and manage risks and legal issues;
  • where we need to comply with a legal obligation;
  • where we need to protect your interests (or someone else’s interests); and/or
  • where we have obtained your consent.  (We may request your consent before engaging in certain activities described in this Privacy Policy.  For example, visitors to flowcode.com in the EU will see a request for consent before ad targeting cookies are used on that website.)

7. DATA SECURITY 

We urge you to use a unique password for each of the Services, to keep them in a safe place and not to give them to anyone. Also remember to sign off your account and close your browser window when you have finished your visit to the Sites or your other use of the Services. We use various physical, technical, and organizational safeguards in an effort to protect personal information. However, no security method is perfect, and even if you take those steps, we cannot guarantee that any personal information will remain secure.

8. COOKIES – options for controlling cookies

To opt out of the non-essential cookies on flowcode.com, please select ‘Cookie Settings’ from the link in that website’s footer to manage your preferences.

To learn more about interest-based advertising generally, or to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices from each browser you use.

For controls relating to the data collected from mobile applications, please read your operating system's instructions for complete instructions.  Some of the options may be found here:

  • iOS 7 or Higher: Go to your Settings > Select Privacy > Select Advertising > Enable the "Limit Ad Tracking" setting.
  • For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher: Open your Google Settings app > Ads > Enable "Opt out of interest-based advertising".
  • See the NAI guide to mobile device options for additional suggestions for managing ad-related preferences.

You can also opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page from each browser. Google also allows you to install a Google Analytics Opt-out Browser Add-on for each browser.

In addition, you may be able to set your browser to refuse certain types of cookies, or to alert you when certain types of cookies are being used. Some browsers offer similar settings for HTML5 local storage and other technologies. However, if you block or otherwise reject our cookies, local storage, JavaScript or other technologies, certain websites (including some of our own Sites) may not function as expected.

If you replace, change, upgrade or reset your browser or device, or delete your cookies, or use a browser that automatically deletes cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.

9. MARKETING – what choices you have regarding marketing you receive from us

You can unsubscribe from dtx marketing emails at any time. If you have established an online account with our Services, you may also be able to login to that account to access or change your personal information, or to use certain privacy preference settings.

If you do not want us to see or access your device location, you can turn off location sharing on your device and browser, change your device privacy settings, and change your device’s location settings for our Sites and applications. Please note that disabling such features may result in you not being able to access or receive some of the present or future content available in the Services.

If you would like to opt out of receiving marketing or promotional emails from dtx, please contact [email protected] or follow the instructions in those messages. Please note that if you opt out, we may still send you non-promotional or non-marketing messages, such as communications regarding Services you have requested.

10. PRIVACY RIGHTS – what rights you have regarding your personal information

In addition to exercising your choices regarding cookies and direct marketing as described in the Privacy Policy sections above, depending on where you live, you may have the right to make certain other requests related to your personal information.  For example, if you are located in the United Kingdom, European Union, or an area with similar laws (including, to some extent, certain states in the U.S.), you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of certain personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the absolute right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend most or all processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Withdraw your consent for specific processing at any time, in the limited circumstances where we rely on your consent for such processing. Once we have received notification that you have withdrawn your consent in such circumstances, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Your withdrawal of consent does not affect the lawfulness of processing that occurred before your withdrawal.

If you want to exercise any of these rights, please contact us.

In addition, residents of California, Virginia, Colorado, Connecticut, Nevada, and a growing number of other jurisdictions have a right to opt out of what the laws in those states call a “sale” of personal information.  In most of those states, the law also provides for a right to opt out of certain uses and disclosures of personal information for certain targeted advertising purposes. To exercise those rights, residents of those states can visit our Your Privacy Choices page and follow the instructions there.  California residents’ rights, and the specific methods of contact that they must use to exercise those rights, are described in the next section of this privacy policy.

All the rights described above (except the direct marketing opt-out) are subject to important exceptions.

You will not normally have to pay a fee to access your personal information (or to exercise any of the other rights). However, depending on which laws apply, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any unauthorized people.

All individuals also have a right to complain to their local data protection supervisory authority about any company’s handling of their personal information.  If you have a concern about our data practices, we invite you to please contact us first so that we can do our best to address your concern.

To exercise a right to appeal a decision we have made regarding your personal information (such as under Colorado, Connecticut, or Virginia law), you can contact us at [email protected] with an explanation of why you believe we should reach a different decision. Your appeal under one of those laws will be reviewed by our privacy team, including in certain circumstances our General Counsel. We will respond with a decision and a written explanation of the reasons for the decision within 45 days of your appeal.

11. DETAILS FOR CALIFORNIANS

This section applies only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (CCPA), and it supplements the information in the Key Privacy Details section above and the rest of this Privacy Policy. Personal information about individuals who are not residents of California may be handled differently and is not subject to the same California rights described below. This section also does not apply to personal information that we handle solely on behalf of certain Brands or Creators, even when such information is about a resident of California.

Collection and Disclosure of California Personal Information During Past 12 Months

We describe in the two charts below the categories of California personal information we have collected, and the categories of third parties to whom we have disclosed such information for a business purpose, during the 12 months leading up to the effective date of this Privacy Policy:

Information collected when you scan a Flowcode:
Category of personal information collected
Categories of third parties to which it was disclosed for a business purpose
Identifiers, such as IP address
Affiliates, customers (including Brands and Creators), and service providers, contractors or agents who perform functions on our behalf, such as (depending on the data and the situation) data storage and hosting providers, email service providers, analytics providers, network and system management providers, communications tools, IT support providers, CRM providers, incentive providers, accounting services. 
Commercial information, such as information about your use of our QR codes
Same as first row
Internet or other electronic network activity information, such as technical data about your device and information about your use of QR codes and your interactions with our Sites and Services, and with Brands, Flowcodes, Flowtags and Flowpages
Same as first row
Inferences drawn from any of the above information
Same as first row
Other personal information
Category of personal information collected
Categories of third parties to which it was disclosed for a business purpose
Identifiers, such as your name, username, email address, phone number and address
Affiliates, customers (including Brands and Creators), and service providers, contractors or agents who perform functions on our behalf, such as (depending on the data and the situation) data storage and hosting providers, email service providers, analytics providers, network and system management providers, communications tools, IT support providers, CRM providers, incentive providers, accounting services. 
Professional or employment-related information, such as your title
Same as first row
Commercial information, such as information you provided to us in your communications (some of which is personal information) and information about your purchases or interactions with our Services
Same as first row
Financial information such as your payment card number
Handled directly by payment card processors and payment service providers
Internet or other electronic network activity information, such as technical data about your device and your interactions with our Sites and Services, and with Brands and Flowpages
Same as first row
Inferences drawn from any of the above information
Same as first row

CCPA Information and Deletion Rights

If you are a California resident, California law may permit you to request that we:

  • Inform you of the categories of personal information we have collected about you in the last twelve months; the categories of sources of such information; the categories of personal information (if any) that we sold or disclosed about you for a business purpose, the business or commercial purpose for collecting or (if applicable) selling your personal information; and the categories of third parties to whom your personal information was sold or otherwise disclosed for a business purpose.
  • Provide a copy of certain information we hold about you.
  • Delete or correct certain information we have about you.

Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to receive discriminatory treatment by dtx for the exercise of your CCPA rights. 

To request to exercise those CCPA rights, please email us at [email protected]. For security and legal reasons, dtx may not accept requests that require us to access third-party websites or services. We do not respond to browser-based do-not-track signals or similar mechanisms. We will take steps to verify your identity before responding to your request, which may include confirming that the browser in your possession matches the one associated with the relevant QR Codes, requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.

If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.

CCPA “sale” and “sharing” of California personal information

As mentioned earlier in this Privacy Policy, you can request opt out of what the CCPA calls “sales” and “sharing” by using our Your Privacy Choices form, which is the fastest and best option.  You also can start the process by emailing us at privacy@flowcode.com  and then following the instructions we send you.

Your browser may also offer a way to activate the Global Privacy Control signal (“GPC”). Flowcode.com treats qualifying browsers for which the user has activated the GPC signal as having opted out of what CCPA calls a “sale” and “sharing” of any California personal information that is collected on that site from that browser using cookies and similar technology. You can override that treatment for a GPC-enabled browser by using the cookie controls available from the website’s footer.

We do not use or disclose “sensitive personal information” covered by this Privacy Policy and as defined in the CCPA in a manner that requires us to offer a special right to limit our use of this data under the CCPA due to its sensitive nature.

California Shine the Light Disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we shared certain categories of “personal information” with third parties for their “direct marketing purposes” (as defined in the Shine the Light law) in the prior calendar year. To exercise that right, please contact us as described below.

12. CHILDREN’S DATA 

Our Services are not directed at and should not be used by children under the age of 16. If we learn that we have collected the personal information of a child under the age of 16, we will delete it or take other steps if required under applicable law. Please inform us if you believe we have collected the personal information of a child under the age of 16 by emailing us at [email protected]

13. CONTACT DETAILS – how to get in touch with us

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us via:

  • mail at:
    the dtx company
    Attn: Privacy Team
    233 Spring St.
    West 3rd Floor
    New York, NY 10013