Privacy Policy

1. Introduction

ClientFlow ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use ClientFlow CRM ("the Service").

2. Information We Collect

Account Information:

When you create an account, we collect your name, email address, company name, and password (stored as a secure hash).

Customer Data:

Data you enter into the Service, including contacts, deals, emails, documents, invoices, and activity logs. This data is owned by you and processed by us solely to provide the Service.

Usage Data:

We collect technical data including IP addresses, browser type, device information, and pages visited to improve the Service and ensure security.

Cookies:

We use essential cookies for authentication and session management. With your consent, we use PostHog for product analytics to improve the Service. You can manage your preferences via our cookie consent banner.

3. How We Use Your Information

• To provide and maintain the Service
• To authenticate your identity and manage your account
• To process transactions and send related information
• To send service-related notifications (e.g., password resets, security alerts)
• To respond to your support requests
• To improve and optimize the Service based on usage patterns
• To detect and prevent fraud or abuse

4. Data Storage and Security

Your data is stored in secure, encrypted databases hosted by Supabase (PostgreSQL). All data is transmitted over HTTPS/TLS. We implement row-level security policies to ensure complete data isolation between tenants. Backups are performed daily and retained for 30 days.

5. Data Sharing

We do not sell, trade, or rent your personal data. We may share data with:

• Service providers: Third-party services that help us operate the Service (e.g., email delivery, payment processing), bound by data processing agreements
• Legal requirements: When required by law, court order, or government regulation
• Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice

6. Sub-Processors

We use the following third-party service providers to operate the Service. Each is bound by a data processing agreement:

7. Your Rights (GDPR / CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data in your account
• Erasure: Request deletion of your account and all associated data
• Portability: Export your data in a machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing of your data for specific purposes

To exercise these rights, visit Settings > Profile in your account dashboard or contact us at privacy@clientflow.com.

8. Data Retention

We retain your data for as long as your account is active. Upon account cancellation, your data is retained for 30 days to allow for reactivation, after which it is permanently and irreversibly deleted from all systems including backups.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required, to protect your data in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before the changes take effect.

12. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@clientflow.com.