Terms of Service

1. Acceptance

By creating an account, logging in, or running a flow on the Flow platform (flow.lumnar.tech), you agree to these Terms of Service and to our Privacy Policy. If you're using Flow on behalf of an organization, you confirm you have authority to bind that organization. "You" in this document refers to you, the account holder (and your organization, where applicable).

2. What Flow is

Flow is a workflow-automation platform. You design flows out of modules (webhook triggers, HTTP calls, data transforms, AI agents, vector-DB operations, PDF and OCR processing, third-party integrations, and more), connect them to your own tools and AI providers, and run them on our servers.

Flow is a tool, not a turnkey product. The flows you build and the outcomes they produce are a function of your design choices, the prompts you write, the integrations you wire up, and the data you feed in. We provide the runtime, the canvas, the module catalog, the credentials vault, the logs, and the billing — not the business logic inside your flows.

3. Your account

• You need an account to build or run flows. One account per human. Sharing accounts between people is not allowed on the Free and Starter tiers; paid plans may allow team access where the plan says so.
• You must provide accurate contact info. If your email bounces or your payment method becomes invalid, we may suspend the account until you fix it.
• You are responsible for keeping your login credentials secret. Anything that happens under your account is considered your action unless you've reported the account compromised and we've confirmed.
• If you sign in with Google and later lose access to that Google account, we cannot recover your Flow account for you beyond the normal email-based password flows. Keep a recovery path available.

4. Your flows and your data

Your flows are yours. The scenarios you design, the text you write, the files you upload, the data you push through your flows — all of it stays yours. We don't claim ownership, and we don't license anything from you other than what's strictly necessary to run the service: store your flows, execute them when triggered, serve them back to you in the editor, and include them in backups.

You can export your flows at any time and take them elsewhere. If you delete your account, we delete your flows on the schedule described in the Privacy Policy.

5. Your responsibilities

This is the section you most want to read, because it describes the line between what is your problem and what is ours.

Your flow designs

You design your flows. If your design has a bug — an infinite loop, a branch that triggers endless AI calls, a webhook that leaks the wrong data, a conditional that fires at the wrong time, a missing rate limit, a prompt that hallucinates — that is a flow-design issue and it is your responsibility, not ours.

The platform provides safety rails against the most extreme cases (step-count caps, per-step repeat caps, plan-level budgets) but these exist to protect the platform, not to guarantee that your flow behaves correctly. Test your flows, review your logs, and don't point an untested flow at production data.

Credentials you upload

Best practice: use least-privilege API keys (scoped, rate-limited, short-lived where possible), never log a credential value from inside a flow, and rotate credentials after any accidental exposure. We store credentials encrypted and scoped to your scenarios, but the moment a credential value leaves the credential store (e.g. into a variable you log or into a response you return) it's no longer protected.

Prompt injection and AI output

AI models are probabilistic. They can be prompt-injected by untrusted inputs, they can hallucinate, they can return outputs that are wrong or harmful, they can refuse to answer, and they change their behavior between versions. If your flow takes AI output and uses it to send an email, file a ticket, trigger a payment, modify a database, or take any consequential action, you are responsible for the consequences — not the model provider, and not us.

Treat AI output the way you would treat user input from the internet: validate it, sandbox its effects, and put a human in the loop for anything irreversible.

Data you process through flows

If your flow processes personal data about third parties (your customers, your users, employees, anyone else), you are the data controller for that data and we are your processor. That means:

• You are responsible for having a legal basis to process it (consent, legitimate interest, contract, etc.).
• You are responsible for any notices you owe data subjects.
• If you need a formal Data Processing Agreement (DPA), email us — we'll countersign the standard EU SCC-based DPA.
• Don't push data into Flow that you're not legally allowed to push into a third-country sub-processor without additional safeguards.

Legal compliance in your jurisdiction

The flows you build may touch many jurisdictions (your users', your AI provider's, your integrations'). You are responsible for complying with the laws that apply to your use of Flow — including data-protection rules, anti-spam rules (CAN-SPAM, CASL, GDPR marketing consent), consumer-protection rules, and any industry-specific rules (HIPAA, PCI-DSS, financial regulation, etc.). The platform is not certified for HIPAA or PCI-DSS. If your flow would require such certification, do not run it on Flow.

6. Acceptable use

You may not use Flow to:

• Send spam, unsolicited bulk email, or SMS that violates the recipient's applicable laws or opt-in requirements.
• Run phishing, credential-harvesting, or social-engineering campaigns.
• Generate, host, or distribute child sexual abuse material, non-consensual intimate imagery, or material that incites violence against a person or group.
• Impersonate another person, company, or government entity.
• Harass, dox, or stalk another person.
• Break into systems you don't own or have permission to test, scrape sites in violation of their terms, or bypass technical access controls.
• Run flows whose entire purpose is to evade rate limits, ToS, or access controls on a third-party service.
• Mine cryptocurrency, run denial-of-service attacks, or intentionally overload the platform.
• Resell Flow as your own product without a written partner agreement from us.

We may suspend an account we reasonably believe is violating this section. If the violation is egregious (CSAM, large-scale fraud, active attacks) we will suspend immediately and report to authorities where required.

7. Plans, billing, refunds

• Plan prices, step-run allowances, flow-run allowances, and feature eligibility are listed on the Pricing page. That page is the source of truth for current plan details.
• Paid plans are billed in advance via Stripe, either monthly or annually. Annual plans are discounted but still paid up front.
• If you exceed your plan allowance, we don't automatically overcharge you — your flow runs get gated until the next cycle, or you buy a top-up credit pack, or you upgrade your plan.
• Refunds: if you subscribe and change your mind within 14 days (EU consumer law) and haven't used the platform meaningfully, email us and we'll refund. Outside that window, refunds are case-by-case — we'll usually pro-rate credit on unused time rather than refund cash, unless there was a service outage we caused.
• Top-up credit packs are non-refundable but do not expire.
• We may change plan prices or allowances. Existing subscribers get at least 30 days' notice by email before any price change affects their renewal, and you can cancel before the change takes effect.
• Taxes: prices on the pricing page are pre-tax. VAT (or local equivalent) is added at checkout where it applies.

8. Fair use, plan allowances, and abuse

If an account's usage pattern is clearly an attempt to extract the maximum possible value from a tier while sustaining it with the minimum possible payment — for example, consistently burning through the monthly quota in the first few hours or days and then retrying at machine-speed frequency, or running the same flow back-to-back for long uninterrupted stretches so that the account is effectively always at its ceiling — we may treat that pattern as abusive even if it technically stays inside the numeric limit. Tiers are sized for sustained, reasonable workloads, not for adversarial optimization against the platform.

When we see a pattern like this, we may:

• Contact the account and propose an upgraded plan, a custom plan, or a different usage strategy.
• Temporarily throttle the account's step-run or flow-run rate while keeping the monthly ceiling intact.
• Temporarily move the account to a lower tier for the remainder of the current billing cycle.
• Suspend the account entirely if the pattern is extreme or continues after a warning.

No refund is due for tier time lost to abuse-driven downgrades or suspensions. You paid for a plan on the assumption that it would be used within its intended fair-use envelope; using it outside that envelope forfeits the pro-rated value of unused time.

This applies to the Free tier as well as paid tiers. Free is a real, genuinely free tier — not a throttled trial. It is also not a standing invitation to repeatedly burn the maximum monthly allowance in a single burst every cycle. Free accounts whose usage pattern makes the tier structurally impossible to sustain at scale may be rate-limited, moved to a stricter variant, or suspended. Same principle as above: where we reasonably can, we talk first.

Our strong preference is always to have a conversation and help you right-size your plan rather than kick anyone off. But the right to act — including without prior notice, for patterns that are clear and harmful to platform health — is ours to exercise.

Premium modules (Vector DB, OCR, heavier agent modules) require a Pro-or-higher plan. Their per-run cost in step-units is published in the Pricing FAQ and shown inline in the module picker.

9. Third-party services and AI output

When your flow calls a third-party service — OpenAI, Gmail, Twilio, your CRM, a webhook on your own infrastructure, anything else — that service has its own terms, its own uptime, its own rate limits, its own content policies, and its own pricing. We are not responsible for:

• Outages or slowdowns on that third-party service.
• The accuracy or appropriateness of AI output from the model you chose.
• Content-moderation decisions the provider makes about your prompts (e.g. OpenAI refusing a request).
• Rate limits or quotas imposed by the provider that stop your flow from completing.
• Fees the provider charges you directly (e.g. OpenAI token costs are billed to your OpenAI account, not through us).
• Breaches or data-handling practices of that provider.

If a third-party's change breaks your flow, we will do our best to update the corresponding module in a reasonable timeframe — but we don't guarantee continuous compatibility with services we don't own.

10. Intellectual property

The platform itself — the editor, the runtime, the module catalog, the website, the documentation, the logos — is owned by Lumnar and protected by copyright and other IP rights. We grant you a non-exclusive, non-transferable right to use the platform for the duration of your subscription, subject to these Terms.

Open-source components used inside the platform remain under their own licenses.

If you publish a flow under our "Community" module-request path or submit a flow to a public sample-flow catalog we may create, you grant us a perpetual, worldwide, royalty-free license to distribute and display that specific flow as part of the public catalog. This applies only to flows you explicitly publish; private flows are not affected.

11. Disclaimers and liability limits

This section reads like legalese because it has to. In plain language: the platform is a powerful set of tools you operate yourself; we can't guarantee that every tool works perfectly, that every flow you design behaves correctly, or that no data ever goes missing.

We specifically do not warrant, and are not liable for:

• Data loss. We keep backups on a best-effort basis. We cannot guarantee that every byte you've ever stored with us will always be recoverable. Keep your own backups of anything you cannot afford to lose.
• Leaked credentials you exposed through your own flow design. See section 5 — if your flow surfaced a key, we cannot undo that.
• Flow-design mistakes. Infinite loops, runaway AI costs billed to your AI provider, emails sent to the wrong list, wrong recipients on a webhook — all follow from design choices you made.
• Third-party service failures described in section 9.
• AI-generated content. The model you chose produced it; you chose to act on it; you chose the prompt. We do not vet AI output for accuracy, legality, or safety.
• Service interruptions. We don't publish a formal SLA at this time. We aim for high uptime but do not guarantee it. Scheduled maintenance will be announced where possible; emergency fixes may not be.
• Lost profits, lost business, or indirect damages resulting from any of the above.

To the maximum extent permitted by law, our total aggregate liability to you for all claims arising out of or related to the service in any 12-month period is capped at the greater of (a) the amount you paid us for the service during those 12 months or (b) €100. This cap does not apply to liability that cannot be excluded by law (gross negligence, intent, statutory consumer rights, personal-injury liability, etc.).

Nothing in this section limits rights you have as a consumer under mandatory EU or Romanian law.

12. Indemnification

You agree to defend and hold us harmless from any claim brought by a third party that arises from (a) your flows, (b) data you pushed through your flows, (c) your breach of these Terms, or (d) your violation of a third party's rights (including IP and privacy rights). We will tell you promptly about any such claim, let you control the defense where you want to, and cooperate reasonably.

13. Suspension and termination

You can cancel any time from your account page. Cancellation stops your next renewal; the service remains available through the end of the already-paid period.

We can suspend or terminate an account if we reasonably believe you've violated these Terms, especially the Acceptable Use section, or if required to by law. For non-emergency violations we'll give you a chance to fix the issue first.

On termination, your access ends. You can export your flows for 30 days after termination unless the termination was for abuse, in which case we may skip the grace period. After the grace window, your data is deleted per the Privacy Policy.

14. Changes to these terms

When we change these Terms materially, we'll update the "Last updated" date above and notify active accounts by email at least 14 days before the change takes effect. Continuing to use the service after the change means you accept the new Terms. If you don't accept them, cancel before the effective date and we'll refund any unused pre-paid time on paid plans.

15. Governing law and disputes

These Terms are governed by the laws of Romania, without regard to conflict-of-laws rules. Disputes that can't be resolved through direct discussion go to the competent courts of Bucharest, Romania. This does not override mandatory consumer-protection rights that apply in your country of residence.

EU consumers can also use the European Commission's Online Dispute Resolution platform, though we prefer to resolve issues directly via email first.

16. Contact

For anything related to these Terms, billing questions, legal notices, or to request our standard DPA: max@lumnar.com.