Privacy Policy

1. Introduction

EmodeFlow, located at 1111B S Governors Ave #93153, Dover, DE 19904, United States ("we," "us," or "our") operates the website emodeflow.com and its online platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and profile details when you create an account.
• Workspace Data: Business name, logo, industry, country, and workspace settings.
• Business Data: Contacts, leads, proposals, quotes, contracts, tasks, scheduling information, and digital business card content that you enter into the Service.
• Payment Information: Billing address and payment method details. Payment processing is handled by third-party processors; we do not store full credit card numbers.
• Communications: Messages you send through our support system, feedback, and correspondence.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, clicks, session duration, and interaction patterns.
• Device Information: Browser type, operating system, device type, screen resolution, and language settings.
• Log Data: IP address, access times, referring URLs, and error logs.
• Location Data: Approximate geographic location derived from your IP address (used for locale detection and service optimization).
• Cookies and Similar Technologies: See Section 8 (Cookie Policy) below.

2.3 Information from Third Parties

• Authentication Providers: If you sign in via Google or another third-party provider, we receive your name, email, and profile picture.
• Calendar Integration: If you connect Google Calendar, we access calendar events solely to enable scheduling features.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions, billing, and subscription management.
• Send transactional emails (account verification, password reset, billing receipts).
• Provide customer support and respond to inquiries.
• Personalize and improve your experience.
• Power AI features (proposal generation, contract clause drafting, image generation) — see Section 4.
• Monitor usage patterns to detect abuse, fraud, and security threats.
• Comply with legal obligations and enforce our Terms of Service.
• Send product updates and marketing communications (with your consent; you may opt out at any time).

4. AI Features and Data Processing

Our Service includes AI-powered features such as proposal generation, contract clause drafting, content writing, and image generation. These features are powered by third-party AI providers.

• When you use AI features, the text or instructions you provide are sent to our AI providers for processing.
• We do not use your business data, contacts, or content to train AI models.
• AI-generated content (proposals, clauses, images) is created on-demand and belongs to you.
• Our AI providers process data under strict data processing agreements and do not use your inputs for their own model training.
• AI outputs may not always be accurate. You are responsible for reviewing and verifying all AI-generated content before use.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: Third parties that help us operate the Service (hosting, payment processing, email delivery, analytics, AI processing). These providers are contractually obligated to protect your data.
• Within Your Workspace: Other members of your workspace can access shared business data (contacts, proposals, contracts) based on their role and permissions.
• Legal Requirements: When required by law, subpoena, court order, or governmental request.
• Protection of Rights: To protect the rights, property, or safety of EmodeFlow, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

• Active account data is retained for as long as your account is active.
• After account deletion, we retain your data for up to 30 days to allow recovery, after which it is permanently deleted.
• After a free trial expires without plan selection, data is retained for 30 days before deletion.
• Billing records and transaction logs may be retained for up to 7 years as required by tax and financial regulations.
• Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for analytics and service improvement.

7. International Data Transfers

Our Service is hosted on infrastructure located in the United States and Europe. If you access the Service from outside these regions, your information may be transferred to, stored, and processed in countries other than your own.

We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, and rely on adequacy decisions where available.

8. Cookie Policy

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website. These collect anonymous usage data.
• Preference Cookies: Remember your settings such as theme preference and locale.

We do not use advertising cookies or third-party tracking cookies. You can manage cookie preferences through your browser settings.

9. Your Rights

9.1 For All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete personal information.
• Delete your account and associated data.
• Export your data (contacts, proposals, contracts) in standard formats.
• Opt out of marketing communications at any time.

9.2 European Economic Area (EEA) / UK — GDPR

If you are in the EEA or UK, you additionally have the right to:

• Object to or restrict the processing of your personal data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with your local data protection authority.

Our legal bases for processing under GDPR are: performance of a contract, legitimate interests, consent, and legal obligation.

9.3 California — CCPA / CPRA

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information.
• Non-discrimination for exercising your privacy rights.

9.4 Other Jurisdictions

We respect privacy rights under applicable laws worldwide, including but not limited to Canada's PIPEDA, Australia's Privacy Act, Brazil's LGPD, and other local regulations. If your jurisdiction provides additional rights, please contact us and we will accommodate your request.

10. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Row-Level Security (RLS) ensures workspace data isolation — users can only access data within their own workspace.
• Authentication is handled via secure session tokens with automatic expiration.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security reviews and monitor for vulnerabilities.
• Our infrastructure is hosted on SOC 2 compliant providers.

While we strive to protect your information, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at security@emodeflow.com.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@emodeflow.com.

12. Third-Party Services

Our Service integrates with or relies on the following categories of third-party services:

• Cloud Hosting: Third-party cloud infrastructure providers.
• AI Processing: Third-party AI providers.
• Analytics: Anonymous usage analytics.
• Calendar: Google Calendar (when connected by user).
• Video: Zoom (when connected by user for scheduling).

Each third-party service has its own privacy policy. We encourage you to review the privacy policies of any third-party services you connect to through our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification.

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: support@emodeflow.com
• Address: 1111B S Governors Ave #93153, Dover, DE 19904, United States
• Website: emodeflow.com

We aim to respond to all privacy requests within 30 days.