Last updated: May 28, 2026
Struct2Flow
Luiz Sergio Cinti Scheidegger
Marsopstraße 2B, 81245 München, Deutschland
Email: privacy@struct2flow.com
| Data Type | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Email, name | Account creation and authentication | Art. 6(1)(b) - contractual necessity |
| Process descriptions | AI-powered diagram generation | Art. 6(1)(b) - contractual necessity |
| BPMN diagrams (XML) | Storage and retrieval of your work | Art. 6(1)(b) - contractual necessity |
| IP address, access logs | Security, abuse prevention | Art. 6(1)(f) - legitimate interest |
We use Plausible Analytics, a privacy-friendly, cookie-free analytics service. Plausible collects anonymous, aggregate usage data (page views, referrers, device type, country) without setting cookies, using fingerprinting, or collecting personal data. No data is shared with third parties. Plausible is hosted in the EU and is fully GDPR compliant. For details, see Plausible's data policy.
Storm2Flow does not use cookies. Authentication tokens are stored in your browser's local storage, which is not subject to the ePrivacy Directive's cookie consent requirements. Our analytics provider (Plausible) does not set cookies.
We use the following third-party services to operate Storm2Flow:
Hosting, authentication (Cognito), data storage (DynamoDB, S3), email delivery (SES), speech-to-text (Transcribe), and all AI processing (Bedrock). Data is processed in EU (Frankfurt, eu-central-1). AWS is certified under the EU-US Data Privacy Framework.
All AI features (diagram generation, text / file / image / voice extraction, and analysis) run on AWS Bedrock in EU (Frankfurt, eu-central-1), using cross-region inference profiles restricted to EU regions only. Your inputs (descriptions, uploaded files, images, voice transcripts) and the generated diagrams are processed within the EU and are not sent to Anthropic's, OpenAI's, or any other provider's own (non-EU) API. Per the AWS Bedrock terms, your inputs and outputs are not used to train any model and are not shared with the underlying model providers.
All of your data (accounts, process descriptions, uploaded files, images, voice transcripts, generated diagrams, and all AI processing) is stored and processed within the EU (AWS eu-central-1, Frankfurt). We do not transfer your content to AI providers outside the EU.
Our sole processor is Amazon Web Services. As a US-parent company, AWS is certified under the EU-US Data Privacy Framework and provides Standard Contractual Clauses (SCCs) approved by the European Commission; these cover the limited circumstances in which EU-stored data could be subject to access by a US parent company. No process content is sent outside the EU for AI inference.
Storm2Flow uses artificial intelligence to generate BPMN diagrams from your text descriptions. This is an automated process, but it does not produce decisions with legal or similarly significant effects on you. The generated diagrams are suggestions that you can edit, accept, or reject. You retain full control over the final output.
Under GDPR, you have the right to:
To exercise any of these rights, contact us at privacy@struct2flow.com.
You have the right to lodge a complaint with your local data protection authority. For Germany, this is the relevant state data protection authority (Landesdatenschutzbeauftragte) for your Bundesland, or the Bundesbeauftragte für den Datenschutz (BfDI) for federal matters.
We may update this privacy policy from time to time. The "last updated" date at the top indicates the most recent revision. Continued use of the Service after changes constitutes acceptance.