Privacy Policy

Last Updated: January 2025

Effective Date: This Privacy Policy explains how Doone Flow ("we," "our," or "us") collects, uses, discloses, and safeguards your information when you use our workflow automation platform and services (the "Service").

1. Introduction

Doone Flow is committed to protecting your privacy. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and profile information
  • Organization Information: Organization name, settings, and configuration
  • Workflow Data: Workflows, triggers, actions, and execution data
  • Integration Credentials: Encrypted API keys and authentication tokens for third-party services
  • Contact Data: Contact information stored in workflows and CRM integrations
  • Communication Data: Support requests, feedback, and other communications

2.2 Automatically Collected Information

  • Usage Data: How you interact with the Service, features used, and time spent
  • Technical Data: IP address, browser type, device information, and operating system
  • Log Data: Server logs, error logs, and system performance data
  • Cookies and Tracking: We use cookies and similar tracking technologies (see Section 7)

2.3 Third-Party Integrations

When you connect third-party services (e.g., Twilio, Salesforce), we may receive data from those services in accordance with their privacy policies and your authorization.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our Service
  • Account Management: To create and manage your account, process payments, and send service-related communications
  • Workflow Execution: To execute your workflows and process automation tasks
  • Customer Support: To respond to your inquiries and provide technical support
  • Security: To detect, prevent, and address security issues and fraudulent activity
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service
  • Analytics: To analyze usage patterns and improve our Service (aggregated and anonymized data)
  • Marketing: To send promotional communications (with your consent, and you may opt-out at any time)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including payment processing (Stripe), email delivery (AWS SES), analytics and monitoring services, and cloud infrastructure providers. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to comply with legal processes, protect our rights, prevent fraud, or respond to government requests.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Sensitive data (API keys, passwords) are encrypted at rest and in transit
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Audits: Security assessments and penetration testing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information in accordance with our data retention policy, except where we are required to retain it for legal purposes.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: To understand how users interact with our Service
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access and Portability: Request access to your personal information and a copy of your data in a portable format (GDPR Article 15, 20)
  • Correction and Deletion: Request correction of inaccurate information or deletion of your personal information (GDPR Article 17, CCPA)
  • Objection and Restriction: Object to processing of your personal information or request restriction of processing (GDPR Article 18, 21)
  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
  • Opt-Out: Opt-out of marketing communications and certain tracking technologies

To exercise these rights, please use our and select "Privacy Inquiry" as the subject, or use the data export/deletion features in your account settings.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, and other legally recognized transfer mechanisms.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, sending an email notification, or displaying a notice in the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us using our and select "Privacy Inquiry" as the subject.

14. Supervisory Authority

If you are located in the European Economic Area (EEA) and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.