Privacy Policy

1. Introduction

Autoflowly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered app builder platform.

This policy applies to all information collected through our website, application, and related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and profile details
• Business Information: Company name, industry, business goals, and startup ideas
• Communication Data: Messages with AI agents, support tickets, and feedback
• Payment Information: Billing details, subscription plans (processed by secure third-party providers)
• User Content: Projects, documents, code, and other materials you create or upload

2.2 Information Collected Automatically

• Usage Data: Features used, AI interactions, time spent, and actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Analytics Data: Performance metrics, error reports, and usage patterns
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies

2.3 Information from Third Parties

• OAuth Providers: Profile information from Google, GitHub, or LinkedIn when you use social login
• Integration Partners: Data from connected services you authorize
• Public Sources: Publicly available business information to enhance our services

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Provide AI-powered MVP generation and recommendations
• Process transactions and manage subscriptions
• Generate insights and analytics for your business
• Enable collaboration and project management features

3.2 Service Improvement

• Analyze usage patterns to enhance features
• Train and improve AI models (using anonymized data)
• Develop new features and services
• Conduct research and analytics

3.3 Communication

• Send service updates and notifications
• Respond to support requests
• Provide marketing communications (with your consent)
• Send security alerts and account notifications

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in these circumstances:

4.1 Service Providers

We share data with trusted third-party providers who help us operate our Service:

• Cloud hosting providers
• Payment processors (Stripe)
• Analytics services (with anonymized data)
• Communication tools (email services, customer support)

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or security issues
• Enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with JWT and bcrypt password hashing
• Rate limiting and DDoS protection
• Regular security audits
• Kubernetes pod-level isolation for generated MVPs
• Incident response procedures

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to certain data processing
• Withdraw consent for optional data uses

6.2 Communication Preferences

You can manage your communication preferences by:

• Updating notification settings in your account
• Unsubscribing from marketing emails
• Adjusting cookie preferences in your browser

6.3 Account Deletion

You can request account deletion at any time. We will delete or anonymize your personal data, except where retention is required for legal or legitimate business purposes.

7. Data Retention

We retain your information based on the following criteria:

• Active Accounts: Data retained while account is active
• Deleted Accounts: Personal data deleted within 90 days
• Legal Requirements: Some data retained as required by law
• Anonymized Data: May be retained indefinitely for analytics
• Backups: Deleted from backups within 180 days

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard contractual clauses for EU data transfers
• Adequate data protection measures in all processing locations

9. GDPR Compliance (EU Users)

For users in the European Union, we comply with GDPR requirements:

9.1 Legal Basis for Processing

• Contract: Processing necessary to provide our services
• Consent: For optional features and marketing
• Legitimate Interests: For service improvement and security
• Legal Obligations: To comply with applicable laws

9.2 Additional Rights

EU users have additional rights including data portability, restriction of processing, and the right to lodge complaints with supervisory authorities.

10. California Privacy Rights (CCPA)

California residents have specific rights under the CCPA:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of data sales (we do not sell data)
• Right to non-discrimination for exercising privacy rights

11. Children's Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly.

12. AI and Machine Learning

Our AI system processes your data to generate MVPs and provide recommendations:

• AI processing occurs within secure, isolated environments
• We do not use your data to train models for other users
• You can request AI-generated content about your projects be deleted
• AI decisions can be reviewed by human support staff

13. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy with a new "Last updated" date
• Sending email notifications for significant changes
• Displaying in-app notifications

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

We aim to respond to all privacy requests within 30 days.

15. Cookie Policy

We use cookies and similar technologies:

Types of Cookies

• Essential: Required for service functionality
• Analytics: Help us understand usage patterns
• Preferences: Remember your settings
• Marketing: Used for targeted advertising (with consent)

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.