Privacy Policy

1. Introduction

DIRECT FLOW LLC ("we," "us," or "our") operates DirectFlow.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, company name, billing information
• Database Credentials: Read-only database connection information you provide
• Campaign Data: Email templates, SMS content, campaign settings
• Customer Lists: Contact information retrieved from your database

2.2 Information Collected Automatically

• Usage Data: Campaign performance metrics, API usage, feature utilization
• Log Data: IP addresses, browser type, access times, pages viewed
• Device Information: Hardware model, operating system, unique device identifiers

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Service
• Process and complete transactions
• Send administrative information and updates
• Respond to customer service requests
• Monitor and analyze usage patterns
• Detect and prevent fraudulent or illegal activities
• Comply with legal obligations

4. Data Processing Agreement

4.1 Processor and Controller Relationship

When you use our Service to send marketing communications to your customers:

• You are the data controller for your customer data
• We act as a data processor on your behalf
• We process data only according to your instructions
• We do not use your customer data for our own purposes

4.2 Our Obligations as Data Processor

We commit to:

• Process personal data only on documented instructions from you
• Ensure confidentiality of personnel processing personal data
• Implement appropriate technical and organizational security measures
• Assist you in responding to data subject requests
• Delete or return all personal data after service termination
• Make available all information necessary to demonstrate compliance

4.3 Sub-processors

We may engage sub-processors to assist in providing the Service. Current sub-processors include:

• Cloud infrastructure providers (AWS/Google Cloud)
• Email delivery services
• SMS gateway providers
• Analytics services

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Specifically:

• Account Data: Retained for the duration of your account plus 90 days
• Campaign Data: Retained for 12 months after campaign completion
• Customer Lists: We do not permanently store your customer data
• Legal Records: Retained as required by law

7. Cookie Policy

7.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. We use cookies to enhance your experience and analyze usage.

7.2 Types of Cookies We Use

• Essential Cookies: Required for Service operation (authentication, security)
• Analytics Cookies: Help us understand how you use the Service
• Preference Cookies: Remember your settings and preferences

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit Service functionality.

8. Your Data Rights

Depending on your location, you may have the following rights:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request limited processing of your data
• Portability: Receive your data in a structured format
• Objection: Object to certain processing activities

To exercise these rights, contact us at the information provided below.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses approved by relevant authorities
• Compliance with applicable data protection laws
• Technical and organizational security measures

10. Third-Party Services

We may share data with third-party services that help us operate our Service. These services are contractually obligated to protect your information and use it only for specified purposes.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Information

If you have questions or concerns about this Privacy Policy, please contact us at: