Last updated: June 2026
FoundFlow (“the App”, “we”, “us”) is a private, internal Lost & Found management platform for hotels. This policy explains what data we process, why, and how we protect it. FoundFlow is an operational tool for hotel staff and administrators; it is not a guest-facing service.
We do not require or intentionally collect guest personal data.
We do not sell personal data or use it for advertising.
FoundFlow is multi-tenant: each hotel's data is strictly isolated and scoped server-side. Passwords, PINs, and security answers are stored only as one-way cryptographic hashes (Argon2). Access uses signed session tokens with expiry, login attempts are rate-limited, and transport is encrypted over HTTPS.
Records are retained while the hotel account is active. When a hotel account is deleted, its users, records, and photos are removed.
Any signed-in user can request deletion of their account and personal data in the app via Settings/Profile → “Request account deletion”, or by emailing us. Because accounts are organization-managed, we verify each request with the hotel before removal. Verified requests are actioned within 30 days. Requests: admin@foundflow.net.
We use a transactional email provider (Resend) to deliver admin invitations and password-reset links. Only the recipient email address and message content are shared for this purpose.
FoundFlow is a workplace tool intended for hotel staff and is not directed to children.
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date.
Questions about privacy: admin@foundflow.net