Update privacy policy for GDPR compliance

[Yndira-E]

Description

This PR updates the privacy policy to accurately reflect our current tracking implementation and to strengthen our compliance with GDPR

Key Changes

• Tool Transparency: Clearly describes our use of third-party tools, including Google Analytics, HubSpot, PostHog, warmly.ai, and advertising pixels (Google, Meta, LinkedIn).
• Cookie Alignment: Aligns policy descriptions with our actual site configuration (e.g., distinguishing between strictly necessary security cookies like reCAPTCHA and optional tracking).
• Notice to European Users: Added a dedicated section for EEA, UK, and Swiss visitors covering Legal Bases for processing (Consent, Contractual Necessity, Legitimate Interest) and explicit GDPR rights (Erasure, Portability, Restriction).
• International Transfers: Discloses the use of Standard Contractual Clauses (SCCs) and our preference for EU-based data centers (e.g., HubSpot EU1) to protect data transferred to the US.

Related Issue(s)

Checklist

• I have read the contribution guidelines
• I have considered the performance impact of these changes
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
• For blog PRs, an Art Request has been created (instructions)

[netlify]

✅ Deploy Preview for flowforge-website ready!

Name	Link
🔨 Latest commit	3f34551
🔍 Latest deploy log	https://app.netlify.com/projects/flowforge-website/deploys/69a826128740c50008e144eb
😎 Deploy Preview	https://deploy-preview-4634--flowforge-website.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 93 (🟢 up 5 from production) Accessibility: 81 (no change from production) Best Practices: 100 (no change from production) SEO: 91 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[UnicornGunnerz]

@Yndira-E Is there a reason we added the European Economic Area (EEA) section? Shouldn't we cover all regions in our privacy policy? Let me know if I'm missing anything.

[Yndira-E]

That section covers a GDPR requirement. GDPR doesn't cover all regions, so it's only a requirement where listed there. It was a recommendation made by Gemini.

The intention wasn’t to exclude other regions; the general privacy policy still applies globally, but to clarify the rights and legal framework that are specific to GDPR.

Also worth noting that the website behaviour itself is the same globally: no cookies are installed without consent except for strictly necessary ones.

That said, if you think the structure should be different or have more accurate legal guidance, happy for it to be adjusted.

[UnicornGunnerz]

Makes sense. thank you!