Privacy Policy

1.1 Account Information

When you register for SmartFlowCraft, we collect your name, email address, company name, job title, and password. This information is necessary to create and manage your account.

1.2 Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, automation workflows created, API calls made, and time spent on various parts of the service.

1.3 Integration Data

When you connect third-party services (such as Gmail, Shopify, or customer support platforms), we collect and process the data necessary to execute your automation workflows. We only access the minimum data required to perform the requested automations.

1.4 Payment Information

Billing and payment information is processed by our third-party payment processors. We store only the last four digits of your card, expiration date, and billing address for record-keeping.

1.5 Technical Data

We collect IP addresses, browser type and version, device identifiers, operating system, referral URLs, and cookie data to ensure platform security and improve user experience.

2.1 Service Delivery

We use your information to provide, operate, and maintain SmartFlowCraft's automation services, process transactions, and send service-related communications.

2.2 Product Improvement

Aggregated and anonymized usage data helps us understand how customers use our platform, identify areas for improvement, develop new features, and enhance existing automations.

2.3 Security & Fraud Prevention

We analyze usage patterns to detect suspicious activity, prevent unauthorized access, and protect the integrity of our platform and your data.

2.4 Communications

With your consent, we may send product updates, feature announcements, and marketing communications. You can opt out of marketing emails at any time via the unsubscribe link.

2.5 Legal Compliance

We may use or disclose your information when required by law, regulation, legal process, or governmental request.

3.1 Service Providers

We share data with trusted third-party service providers who assist in operating our platform, including cloud infrastructure providers, analytics tools, payment processors, and customer support platforms. These providers are contractually obligated to protect your data.

3.2 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, or ensure user safety.

3.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.1 Active Accounts

We retain your personal data for as long as your account is active or as needed to provide you with our services.

4.2 Account Deletion

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as resolving disputes or preventing fraud.

4.3 Backups

Deleted data may persist in encrypted backup copies for up to 90 days before being permanently purged from our systems.

5.1 Access & Portability

You have the right to request a copy of the personal data we hold about you, in a structured, machine-readable format.

5.2 Correction

You may update or correct inaccurate personal information at any time through your account settings or by contacting us.

5.3 Deletion

You may request deletion of your personal data subject to certain legal obligations. We will respond to deletion requests within 30 days.

5.4 Opt-Out

You may opt out of marketing communications at any time. Note that you may still receive transactional or service-related emails even after opting out of marketing.

5.5 GDPR & CCPA

If you are a resident of the European Economic Area or California, you have additional rights under GDPR and CCPA respectively, including the right to restrict processing and the right to non-discrimination for exercising your privacy rights.

6.1 Technical Measures

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 encryption in transit, SOC 2 Type II compliant infrastructure, and regular penetration testing.

6.2 Access Controls

Access to your data is restricted to SmartFlowCraft personnel on a need-to-know basis. All access is logged and audited.

6.3 Incident Response

In the event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law.

7.1 Essential Cookies

We use strictly necessary cookies to enable core platform functionality such as authentication and session management. These cannot be disabled.

7.2 Analytics Cookies

With your consent, we use analytics cookies to understand how the platform is used and to improve your experience.

7.3 Managing Cookies

You can control cookie preferences through your browser settings or our cookie consent manager. Disabling non-essential cookies may affect certain platform features.

8.1 Gmail Integration

When you connect your Gmail account, SmartFlow Craft accesses the following data solely to provide the Email Triage agent feature: email content (subject line, body, sender, recipients, timestamps), email metadata (labels, thread IDs, message IDs), and your Gmail email address to identify the connected account. This data is used exclusively to read incoming emails for AI analysis, generate draft replies for your review, apply labels to triaged emails, and send replies you explicitly approve.

8.2 Limited Use of Gmail Data

We do not use Gmail data to serve advertisements, build user profiles for advertising, or for any purpose unrelated to the specific Email Triage feature you have enabled. Gmail data is never sold, rented, or shared with third parties except AI model providers (such as OpenAI or Anthropic) strictly for processing your requests under their own data processing agreements. We do not use Gmail data to train or improve AI models.

8.3 Outlook Integration

When you connect your Microsoft Outlook account, SmartFlow Craft accesses email content and metadata for the same purposes described in sections 8.1 and 8.2, using Microsoft Graph API delegated permissions (Mail.ReadWrite, Mail.Send, User.Read). The same Limited Use restrictions apply — your Outlook data is never used for advertising, model training, or any purpose beyond providing the email agent feature.

8.4 AI Processing

Email content processed by SmartFlow Craft agents is transmitted to AI model providers (including but not limited to OpenAI, Anthropic, and Google) solely to generate responses and drafts on your behalf. These providers process data under their respective data processing agreements and are prohibited from using your data to train their models under our agreements with them.

8.5 Revoking Access

You can disconnect your Gmail or Outlook account at any time from the Tools page in your SmartFlow Craft dashboard. Upon disconnection, we delete your stored OAuth tokens immediately. You may also revoke access directly from your Google Account at myaccount.google.com/permissions or your Microsoft Account at account.microsoft.com/privacy.

8.6 Google API Limited Use Policy

SmartFlow Craft's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before changes take effect. Continued use of SmartFlowCraft after changes become effective constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: info@smartflowcraft.com. You may also reach us at: SmartFlow Craft, 2606 Hilliard Rome Rd, Hilliard, OH 43026, United States. Phone: +1 (800) 251-9076.