Privacy Policy

shape

Last Updated: January 15, 2025

This Privacy Policy explains how CustomerFlows LLC ("we," "us," or "our") collects, uses, and protects your information when you use our automated review collection platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, business name, phone number, billing address
  • Business Information: Business type, industry, location, Square merchant ID
  • Payment Information: Payment card details (processed securely by Square - we do not store card numbers)
  • Communication Preferences: Message templates, review URLs, branding settings

1.2 Information from Square

When you connect your Square account, we collect:

  • Customer names and contact information (phone numbers, email addresses)
  • Payment transaction data (amount, date, payment ID)
  • Business profile information (business name, location)

Note: We only access this data to send automated review requests on your behalf. We never store payment card numbers or sensitive financial data.

1.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Communication Data: SMS delivery status, email open rates, click rates
  • Cookies: Authentication tokens, session data, analytics

2. How We Use Your Information

2.1 Primary Services

  • Send automated SMS and email review requests to your customers
  • Generate personalized review landing pages
  • Track campaign performance and analytics
  • Process subscription payments and billing
  • Provide customer support

2.2 Platform Improvements

  • Analyze usage patterns to improve features
  • Conduct A/B testing to optimize message templates
  • Monitor system performance and security
  • Develop new features based on user feedback

2.3 Communications

  • Send service updates and important notifications
  • Respond to support inquiries
  • Send billing and account information
  • Marketing emails (you can opt out anytime)

3. Data Sharing and Disclosure

3.1 Service Providers

We share data with trusted third-party services:

  • Twilio: SMS message delivery
  • SendGrid: Email delivery and tracking
  • Square: Payment processing and OAuth authentication
  • Supabase: Secure database hosting
  • Vercel: Application hosting and deployment

3.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process (subpoenas, court orders)
  • Protect our rights and property
  • Prevent fraud or security threats
  • Protect user safety

3.3 Business Transfers

If CustomerFlows is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change.

3.4 What We Never Do

  • ❌ We never sell your customer data to third parties
  • ❌ We never share your customer contact lists with competitors
  • ❌ We never use your data for unrelated advertising
  • ❌ We never send messages to your customers without your permission

4. Data Security

4.1 Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest
  • Authentication: JWT tokens with 2-hour expiry and refresh tokens
  • Access Controls: Role-based permissions, principle of least privilege
  • Monitoring: 24/7 security monitoring and alerts
  • Backups: Daily encrypted backups with 30-day retention

4.2 Your Responsibilities

  • Keep your password secure and confidential
  • Don't share your account credentials
  • Log out from shared computers
  • Report suspicious activity immediately

5. Your Data Rights

5.1 Access and Portability

You have the right to:

  • Access all your personal data we store
  • Download your data in machine-readable format (CSV/JSON)
  • Request a copy of your message logs and analytics

5.2 Correction and Deletion

  • Update your account information anytime in Settings
  • Request deletion of your account and all associated data
  • Correct inaccurate information

Account Deletion: Contact support@customerflows.io to request account deletion. We will delete your data within 30 days, except where required by law to retain it.

5.3 Marketing Opt-Out

You can opt out of marketing emails:

  • Click "Unsubscribe" in any marketing email
  • Update preferences in your account settings
  • Email support@customerflows.io

Note: You cannot opt out of essential service emails (billing, security alerts, etc.)

6. Cookies and Tracking

6.1 Types of Cookies We Use

  • Essential Cookies: Required for login and security (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences

6.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.

7. Compliance and Regulations

7.1 GDPR (European Users)

If you're in the EU, you have additional rights:

  • Right to be forgotten (complete data deletion)
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

7.2 CCPA (California Users)

California residents have the right to:

  • Know what personal information we collect
  • Know if we sell or share personal information (we don't)
  • Access your personal information
  • Delete your personal information
  • Non-discrimination for exercising privacy rights

7.3 CAN-SPAM and TCPA

  • All emails include unsubscribe links
  • SMS messages follow TCPA regulations
  • We honor opt-out requests immediately
  • Commercial messages clearly identified

8. Children's Privacy

CustomerFlows is not intended for users under 18 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Data Retention

How Long We Keep Your Data

  • Active Accounts: Data retained while your account is active
  • Cancelled Accounts: Data deleted within 30 days after cancellation
  • Message Logs: Retained for 12 months for analytics
  • Billing Records: Retained for 7 years (legal requirement)
  • Backup Data: Deleted from backups within 30 days

10. International Data Transfers

CustomerFlows is based in the United States. If you're accessing our service from outside the US, your information will be transferred to and processed in the United States. By using our service, you consent to this transfer.

We use standard contractual clauses and ensure adequate safeguards for international data transfers.

11. Third-Party Links

Our platform may contain links to third-party websites (Square, Google, Yelp, etc.). We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification when you log in

Continued use of CustomerFlows after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

CustomerFlows LLC

Morgan, TX 76671

Email: support@customerflows.io

Phone: (682) 215-8292

Response Time: Within 72 hours

Your Privacy Matters: We take your privacy seriously and are committed to protecting your data. If you have any concerns or questions, please don't hesitate to reach out. We're here to help.