FLFlowye Licensing
Privacy noticeLast updated: 14 May 2026

Flowye Privacy Notice

Last updated: 14 May 2026

This Privacy Notice explains how Flowye handles personal data for creators, buyers who activate protected products, and people who contact Flowye.

Flowye is designed to handle the data needed for creator accounts, protected products, buyer activation, abuse prevention, support, checkout/provisioning, slot lifecycle, offer snapshots, and service operations. Flowye does not use activation tooling for marketing analytics.

1. Who controls your data

The controller for Flowye is Dummics / Dominik Martignago, an individual developer based in Udine, Italy.

Creators remain responsible for their own storefront terms, customer support, avatar/product sales, and any personal data they process independently from Flowye.

2. What Flowye does

Flowye helps creators protect creator-controlled avatar/package distribution workflows by adding activation and licensing checks around protected products.

Creators buy protection capacity/service access for a specific Protected Product or Avatar Identity. Buyers may interact with Flowye when activating a protected product in a Unity/package/import/activation workflow.

3. Data Flowye collects from creators

Flowye may collect and process creator data such as:

  • account details, such as name, username, email, authentication records, and account state;
  • protected product, Avatar Identity, Avatar Variant, package, review, provisioning, and dashboard records;
  • Protected Avatar Slot lifecycle records, such as Pending Setup, Pending Review, Packaging, Active, Grace, Archived, Suspended, Cancelled, renewal, and archive status;
  • buyer/license/activation records managed by the creator through Flowye;
  • checkout, order, payment state, provider checkout/order/subscription references, provider identifiers, webhook/reconciliation records, Offer Terms, Offer Snapshot, accepted legal document versions, checkout consent records, provisioning state, refund, chargeback, and support references;
  • Managed Services, Distribution Services, rebuild, re-protection, add-on, custom integration, and manual provisioning records;
  • communication and support messages sent to Flowye;
  • technical/security logs linked to creator account activity.

4. Data Flowye collects from buyers during activation

For buyers or end users who activate a protected product, Flowye may process limited data needed to verify access and prevent abuse, such as:

  • license key, activation code, entitlement, or similar activation reference;
  • protected product, Avatar Identity, Avatar Variant, package, or creator references;
  • account or identifier values needed by the activation flow, where the protected product requires them;
  • activation time, status, error state, product availability state, refund/chargeback state, and security signals;
  • Existing End User Entitlement and New Provisioning references where needed to determine whether activation or provisioning is valid;
  • limited device, project, network, or environment signals where needed for activation security, abuse prevention, or troubleshooting.

Flowye does not need buyers' unrelated personal files and does not use buyer activation data for marketing analytics.

5. Payment and checkout data

Flowye may process checkout, order, payment state, provider checkout/order/subscription references, provider identifiers, provider webhook/reconciliation records, Offer Terms, Offer Snapshot, accepted legal document versions, checkout consent records, provisioning, refund, and chargeback information needed to provide creator protection access and handle disputes.

Flowye does not store full card details where payments are handled by an external payment processor. For the current launch architecture, provider-specific operations may use Polar. Payment providers process payment data under their own terms and privacy notices.

The current price and checkout terms are shown on the pricing page or during checkout. Flowye may keep purchase-specific records so later pricing changes do not overwrite the historical purchase record.

6. Support and contact data

If you contact Flowye, Flowye may process the information you provide, such as your email address, message content, screenshots, logs, product references, license references, and support history.

For avatar/product files, product quality, storefront purchase issues, avatar refunds, and creator-specific setup, buyers should contact the creator or storefront first. Flowye can help with technical activation issues where relevant.

7. Technical and security logs

Flowye may process technical/security logs needed to operate the service, debug activation issues, detect abuse, investigate tampering, protect creators and legitimate buyers, and keep the service reliable.

Logs may include request metadata, timestamps, route or endpoint names, account or license references, error codes, and security signals. Flowye aims to keep logs practical and proportionate to operational and security needs.

Future Distribution Services may process object storage keys, file hashes, checksums, file sizes, package paths, signed-link generation logs, link expiry records, download/access logs, and related audit records where needed to provide, secure, debug, or account for managed distribution.

If Flowye offers a Public Availability Check, Flowye may process creator-provided identifiers, request/response metadata, timestamps, status results, rate-limit records, error states, and disable/pause reasons. Public Availability Check data should be limited to the feature and is not intended for scraping, enumeration, mass monitoring, or marketing profiling.

8. Why Flowye uses this data

Flowye uses data to:

  • create and manage creator accounts;
  • provide protected slot/service access;
  • review, provision, configure, and support protected products;
  • manage Active Terms, Renewals, Grace Periods, Archived Mode, Suspended Mode, cancellations, Existing End User Entitlements, and New Provisioning;
  • verify buyer activation and valid access;
  • prevent abuse, fraud, tampering, circumvention, unauthorized sharing, and security risk;
  • handle checkout, Offer Snapshots, accepted legal versions, renewals, subscriptions, refunds, chargebacks, and provisioning repair;
  • provide support and respond to requests;
  • maintain legal, security, accounting, and operational records.

9. Legal bases

Depending on the context, Flowye may rely on:

  • contract: to provide Flowye access, protected slots, dashboard features, activation checks, support, and checkout/provisioning;
  • legitimate interests: to protect creators, buyers, Flowye, and the service from abuse, fraud, tampering, and security risk;
  • legal obligation: to keep records required by law, tax/accounting rules, disputes, or lawful requests;
  • consent: where Flowye asks for consent for a specific optional processing activity.

10. Automated activation decisions

Some activation decisions are automated. For example, Flowye may allow or block activation based on license records, product status, refund or chargeback state, abuse signals, tampering signals, or security checks.

If you believe an activation was blocked by mistake, contact the creator first for purchase/product issues, or Flowye for technical activation issues.

These checks are used to verify access and protect creators, buyers, and the service. They are not used for marketing profiling.

11. Where data is stored and processed

Flowye's core app and licensing records are hosted in the EU/EEA, currently on OVHcloud in Frankfurt, Germany.

Some limited data may be processed by payment, support, email, security, storefront, or infrastructure providers depending on the feature used.

Flowye does not claim that every payment, email, support, storefront, security, logging, backup, or provider-side record is always processed only in Europe unless that is proven for the specific provider and feature.

12. Service providers

Flowye may use service providers for hosting, infrastructure, payments, email, support, storefront/checkout, security, logging, backups, and similar operational needs.

Providers may process limited data only as needed for the relevant feature. Where required, Flowye uses appropriate safeguards and provider terms for data protection.

13. Retention

Flowye keeps data only as long as needed for the purposes described in this notice.

In practice:

  • creator account, protected product, slot lifecycle, Offer Snapshot, accepted legal version, and protected slot records are kept while the creator account, protected slot, protected product, historical entitlement, or order remains active or reasonably needed for support, accounting, tax, abuse prevention, dispute, or legal records;
  • buyer activation records are kept while needed to verify legitimate access, support activation, prevent abuse, and maintain product/license history;
  • checkout, refund, chargeback, provider webhook/reconciliation, payment-provider reference, checkout consent, and accounting records may be kept for legal, tax, dispute, and bookkeeping periods;
  • object storage, signed-link, download/access, Public Availability Check, and distribution logs may be kept for operational, security, abuse-prevention, accounting, support, or legal periods appropriate to the feature;
  • support messages are kept as long as needed to resolve the request and maintain a practical support history;
  • technical/security logs are kept for a limited operational period unless needed longer for security, abuse, debugging, legal, or dispute reasons.

14. Your rights

If GDPR or similar law applies, you may have rights to:

  • access your data;
  • correct inaccurate data;
  • request deletion;
  • request restriction;
  • object to certain processing;
  • receive portability where applicable;
  • withdraw consent where processing is based on consent.

These rights may have limits, for example where Flowye must keep records for legal, security, dispute, accounting, or abuse-prevention reasons.

You may also complain to the Italian Data Protection Authority, the Garante per la protezione dei dati personali.

15. Children and minors

Flowye is not directed to children under 13.

If you are under 18, you should only use VRChat, creator storefronts, and protected packages where you have the permissions required by those services and applicable law.

Flowye minimizes buyer activation data and does not knowingly seek data from children under 13.

16. Changes and contact

Flowye may update this Privacy Notice as the product, providers, hosting, checkout, activation model, or legal requirements change.

For privacy questions or rights requests, contact business@dummics.com.