The Proflow ecosystem just expanded. ⚡️ Bring operational discipline directly into your local editor with Tyne for VS Code. [ See How It Works ]
Privacy Policy for Proflow
Effective Date: May 14, 2026
Last Updated: May 21, 2026
Proflow (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, process, and share your information across the Proflow platform, including our website, mobile applications, and integrated services (collectively, the “Service”).
By using Proflow, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect information that you provide directly to us, data generated by your use of the Service, ad information from third-party integrations.
A. Personal & Account Data
Identity Data: Full name, job title, and organization name.
Contact Data: Email address, billing address, and phone number.
Credentials: Encrypted authentication data (we do not store plain-text passwords).
B. Workspace & Functional Data
Operational Content: Tasks, project boards, client records, notes, and internal team communications.
Financial Data: Invoices generated within the platform and billing status (processed via secure third-party providers like Stripe).
C. Integrated Third-Party Data (Google Workspace)
If you choose to connect your Google Account, Proflow accesses specific data via Google APIs to enable core productivity and platform functionality:
Google Profile: Email address and basic profile information to facilitate Single Sign-On (SSO) and account provisioning.
Google Calendar Data: We access, create, and modify calendar events, including titles, time zones, attendee lists, descriptions, and location data to sync workspace timelines.
Google Meet Data: Generation and retrieval of meeting URLs associated with calendar events created on the platform.
Google Gmail Data: We access, read, and process email communications, metadata (including senders, recipients, subject lines, and timestamps), and message attachments to map relevant client correspondence to your project workspaces.
2. Google API Disclosure & Limited Use Requirements
Proflow’s use and transfer of information received from Google APIs to any other app will strictly adhere to the Google API Services User Data Policy, including the strict Limited Use requirements applied to Restricted and Sensitive Scopes.
Specific Use Cases for Google Data:
Synchronization: To provide an integrated view of your workflow by bi-directionally syncing Proflow tasks and project milestones with your Google Calendar.
Automation: To automatically generate and append Google Meet links when a consultation, call, or meeting is scheduled within a Proflow project board.
Availability: To optimize project resource scheduling and prevent cross-team scheduling conflicts by checking your active "Busy/Free" status.
Email Integration: To aggregate, display, and log client emails directly alongside corresponding tasks or workspace client logs, removing the need to switch tools to track historical communications.
Mandatory Prohibitions on Google Data:
No Sale of Data: We never sell, rent, lease, or trade your Google user data or email communications to third parties for any purpose.
No Advertising: We do not use, process, or transfer Google user data (including Gmail or Calendar content) to serve, target, or personalize advertisements.
No AI or LLM Training: We do not use, transfer, or analyze data obtained through Google APIs (including Gmail text, metadata, and Calendar entries) to train, tune, validate, or improve generalized Artificial Intelligence (AI), machine learning architectures, or Large Language Models (LLMs).
No Human Review: Our personnel do not read or view your raw Google calendar entries or email contents unless we have obtained your explicit, documented consent to investigate a specific customer support ticket, it is strictly necessary for security audits (such as abuse prevention), or the data has been fully anonymized and aggregated for internal systems debugging.
3. Legal Basis for Processing (GDPR/CCPA)
We process your data under the following legitimate legal frameworks:
Consent: Where you have given us clear, explicit permission (e.g., opting to link your Google Calendar and Gmail accounts).
Contractual Necessity: To provide, maintain, and execute the workspace and project management services you signed up for.
Legitimate Interests: To ensure secure operations, prevent cross-tenant platform abuse, and provide high-quality engineering and customer support.
4. Data Sharing and Sub-processors
We do not sell, rent, or trade your personal information. We share data only with trusted categories of third-party "Sub-processors" infrastructure operations strictly required to serve the platform:
Cloud Hosting: Maintaining production databases, applications, and object storage infrastructure (e.g., AWS, Google Cloud).
Authentication & IAM: Provisioning and managing secure corporate user logins (e.g., Auth0, Firebase).
Analytics: Visualizing anonymized engagement and performance metrics to diagnose system latency and refine platform UI/UX.
Payment Processing: Processing billing cycles, subscriptions, and corporate invoices securely (e.g., Stripe).
An up-to-date, exhaustive list of our specific enterprise sub-processors can be requested directly from our Privacy Team at any time.
5. Data Security & Technical Measures
We implement strict, industry-standard administrative and physical security protocols to safeguard customer data:
Encryption: Data is systematically encrypted at rest using AES-256 standard and in transit utilizing TLS 1.2 or higher protocols.
OAuth Vaulting: Google OAuth tokens are securely isolated within an encrypted, server-side vault. These private credentials are never exposed to client-side browsers or public networks.
Logical Tenant Isolation: Workspace database architectures enforce strict programmatic separation, ensuring that organizations can never cross-access another tenant’s operational data.
6. Data Retention and Deletion
Active Accounts: We retain your personal and operational workspace data for as long as your corporate account remains active.
Integration Disconnection: If you disconnect your Google Account via platform settings, we immediately terminate active synchronization. All previously synced Google Calendar metrics and Gmail items will be entirely purged from our active databases within thirty (30) days.
Account Deletion: Upon formal invocation of a "Right to Erasure" request, we will delete all corresponding account personal data within 30 days, except where overriding statutory obligations mandate retention (e.g., tax, audit compliance, or financial transaction history).
7. Your Rights and Controls
Depending on your jurisdiction, you possess specific statutory privacy protections, including:
Access & Portability: Requesting an export copy of all structural personal information we hold about you.
Rectification: Dynamically updating incomplete or inaccurate account records.
Withdrawal of Consent: Revoking active third-party synchronizations (such as Gmail or Calendar) instantly at any time via Settings > Integrations.
Objection to Processing: Directing us to limit specific uses of your telemetry or non-essential data.
8. Changes to This Policy
We reserve the right to update this Privacy Policy to align with new service offerings or evolving regulatory frameworks. If material changes are made, we will notify you by sending an alert to your account's primary registration email address or placing a highly visible advisory notice directly within the Proflow software environment.
9. Contact Us
For questions regarding these terms, your platform rights, or to initiate data removal requests, please connect with our dedicated data compliance team:
Proflow Privacy and Compliance Team Email: support@proflowtech.io
