Privacy

Privacy policy

This policy explains how ResponseFlow collects, uses, stores, and protects account information, lead data, connected mailbox data, and billing-related data when you use the platform.

Effective date: April 2, 2026

What we collect

Account details, workspace configuration, connected mailbox tokens, lead/contact records, and operational activity needed to run the service.

What we do not do

We do not sell customer data, and we do not use your workspace data to power unrelated third-party advertising.

How the data is used

To operate intake, outreach, follow-up, reporting, billing, authentication, security, and customer support.

1. Information we collect We may collect account information such as your name, company name, email address, phone number, login credentials, onboarding preferences, dashboard settings, billing identifiers, and workspace configuration details. We may also collect business lead data, call request details, reply classifications, booking status, and other workflow metadata needed to run the service.

2. Connected service data If you connect Google, Microsoft, Stripe, or other third-party services, we may process access tokens, refresh tokens, token expiry data, mailbox message metadata, reply content, payment status, customer IDs, subscription IDs, and webhook events. This data is used only to operate the connected workflow you authorize.

3. Lead and communication data We may store lead names, business names, contact channels, reply state, notes, outreach activity, and pipeline status so the system can route follow-up correctly, prevent duplicate processing, and present accurate reporting inside the workspace.

4. How we use information We use information to create and secure accounts, operate outreach and follow-up workflows, surface dashboard metrics, process billing, investigate incidents, improve reliability, and provide customer support. We may also use aggregated, non-identifying analytics to understand service performance.

5. Security and storage We use encryption and access controls where appropriate, including encryption at rest for sensitive lead and account fields. Security measures reduce risk but no system can guarantee absolute security. Customers remain responsible for securing their own email accounts, payment methods, endpoint devices, and internal access policies.

6. Data retention We retain data for as long as reasonably necessary to operate the service, comply with legal obligations, resolve disputes, enforce agreements, maintain audit trails, and support legitimate customer reporting needs. We may delete or anonymize data when it is no longer needed for those purposes.

7. Sharing and subprocessors We may share data with infrastructure and integration providers required to run the platform, including cloud hosting, email, payment, and analytics services. We do not share customer data with third parties except as needed to provide the service, comply with law, protect rights, prevent fraud or abuse, or complete a transaction you request.

8. Customer responsibilities You are responsible for ensuring you have the right to submit lead data, connect inboxes, configure outreach workflows, and use the service in compliance with applicable privacy, email, marketing, consumer protection, and industry-specific rules.

9. Your choices You may request updates to account information, disconnect integrations, rotate credentials, or ask for support related to access or billing. Some information may still be retained when required for audit, fraud prevention, payment reconciliation, or legal compliance.

10. Contact Privacy, account-data, billing, and security questions should be sent to [email protected]. One monitored operations inbox is used so requests do not get lost between role aliases.