Privacy Policy

Last updated: February 23, 2025  |  Effective date: February 23, 2025

Flowforce ("we," "our," or "us") operates the Flowforce application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the practices described in this policy.

For privacy-related questions or requests, contact us at support@flowforce.app.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, password (stored in hashed form), and optional profile details (phone, address, city, province, country, postal code, title, company, website) when you register or update your profile.
  • Organization/tenant information: Company or workspace name and settings when you create or manage an organization.
  • Contacts and leads: Names, email addresses, phone numbers, company details, notes, and other business contact data you add or import into the Service.
  • Communications: Email content you send or receive through the Service, SMS messages, call metadata (e.g., duration, timestamps), and related notes or recordings if you use integrated voice/SMS features.
  • Billing information: Billing details are processed by our payment provider (e.g., Stripe). We may store billing-related metadata (plan, usage) but not full payment card numbers on our servers.
  • Support and feedback: Any information you send when contacting support or submitting feedback.

1.2 Information Collected Automatically

  • Usage data: How you use the Service (e.g., pages visited, features used, actions taken) for analytics, security, and improving the product.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and similar technical data, including for security (e.g., login attempts, abuse prevention) and session management.
  • Log data: Server logs, error reports, and audit logs (e.g., who did what and when) for security, compliance, and troubleshooting.

1.3 Cookies and Similar Technologies

  • We use cookies and similar technologies for authentication, session management, security (e.g., CAPTCHA), and preferences (e.g., trusted device, selected tenant).
  • You can control cookies through your browser settings; disabling certain cookies may limit some features or require you to sign in again more often.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service (accounts, teams, leads, deals, contacts, email, calls, SMS, calendar, tasks, and related features).
  • Authenticate and secure access (login, two-factor authentication, rate limiting, fraud and abuse prevention).
  • Process communications (sending and receiving email via our infrastructure and partners, and where applicable, voice and SMS).
  • Run AI and automation features (e.g., lead summaries, enrichment, email drafting, chat-style assistance) using approved third-party AI providers, with data used only as necessary to deliver those features.
  • Bill and manage subscriptions (plan limits, usage, invoicing, and payment processing via our billing provider).
  • Support you (respond to inquiries, troubleshoot issues, and send important service-related messages).
  • Improve the Service (analytics, product development, and performance).
  • Comply with law (legal obligations, responding to lawful requests, enforcing our terms).

3. Legal Basis (Where Applicable)

  • Contract: Processing necessary to provide the Service and perform our contract with you or your organization.
  • Legitimate interests: Security, fraud prevention, analytics, and improving the Service, where not overridden by your rights.
  • Consent: Where we rely on consent (e.g., optional marketing, non-essential cookies), you may withdraw it at any time.
  • Legal obligation: Where we must process data to comply with applicable law.

4. Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

  • Service providers: With vendors that help us run the Service (e.g., hosting, email delivery, SMS/voice, payment processing, AI, storage, scheduling). These providers are bound by contract to use data only to provide services to us and in line with this policy.
  • Your organization: If you use the Service as part of a team or organization, other authorized users and admins in that organization may see data you add or that is shared within the workspace (e.g., leads, contacts, deals, activities).
  • Legal and safety: When required by law, to protect rights and safety, to enforce our terms, or to respond to valid legal process (e.g., subpoenas, court orders).
  • Business transfers: In connection with a merger, sale, or other transfer of assets, subject to the same privacy commitments.

Examples of third-party services we may use: email (e.g., Mailgun, Resend), payments (Stripe), AI (e.g., OpenAI), voice/SMS (e.g., Telnyx), storage (e.g., cloud object storage), security (e.g., Cloudflare Turnstile), scheduling (e.g., QStash), and optional integrations (e.g., Google Calendar). Their own privacy policies apply to their processing.

5. Data Retention

  • We retain your data for as long as your account is active or as needed to provide the Service and comply with legal, tax, or regulatory requirements.
  • After account closure, we may retain certain data for a limited period for legal, security, or dispute-resolution purposes, after which it is deleted or anonymized.
  • You or your organization admin may request deletion of specific data or the account; we will honor such requests where consistent with law and our retention obligations.

6. Security

We implement technical and organizational measures to protect your information (e.g., encryption in transit and at rest where applicable, access controls, secure authentication, and monitoring). No system is completely secure; we encourage you to use strong passwords and keep your login details confidential.

7. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal and contractual exceptions.
  • Portability: Request a portable copy of your data in a structured, machine-readable format.
  • Restriction or objection: Request restriction of processing or object to certain processing (e.g., marketing, profiling where applicable).
  • Withdraw consent: Where we rely on consent, withdraw it at any time.
  • Complain: Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us at support@flowforce.app. We will respond within the time required by applicable law. For organization-level data, we may need to coordinate with your account or workspace administrator.

8. International Transfers

The Service may be provided using resources and partners in different countries. Where we transfer personal data from your jurisdiction to another, we ensure appropriate safeguards (e.g., standard contractual clauses or other approved mechanisms) are in place as required by applicable law.

9. Children

The Service is not intended for users under the age of 16 (or higher where local law requires). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us at support@flowforce.app and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on our website or in the Service and indicate the "Last updated" date. Material changes may be communicated by email or an in-app notice. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, requests, or complaints:

We will respond as required by applicable law.