Privacy policy

What data does BetterFlow collect?

User-provided data

• Account details (name, email, company)
• Project and time tracking data
• Leave requests and approvals
• Client information and communications
• User-generated content (comments, notes)

Automatically collected data

• Usage patterns and feature engagement
• Login frequency and session duration
• IP addresses and device information
• Session tokens and authentication data
• Browser type and operating system

Third-party data

• Time tracking data from DeskTime integration
• Payment processor information (Stripe)
• Single Sign-On (SSO) provider data

How does BetterFlow use my data?

• Service delivery: Provide and maintain Platform features
• Communication: Send service updates and notifications
• Improvement: Analyze usage to enhance the experience
• Security: Detect and prevent fraud and abuse
• Compliance: Meet legal and regulatory obligations
• AI analytics: Generate productivity insights (with consent)

How does BetterFlow share data?

Internal sharing

Data is shared within your organization using role-based access controls. Team members access data relevant to their permissions.

External sharing

We share data only with:

• Cloud providers: EU-based data centers for hosting
• Email services: Brevo for transactional emails
• Payment processors: Stripe for billing
• Analytics: Anonymized usage data only
• Law enforcement: When legally required

We never sell your data to third parties.

How long does BetterFlow retain data?

• Active accounts: Data retained for subscription plus 30 days
• Deleted accounts: GDPR-compliant purge within 30 days
• Activity logs: Removed after 30 days automatically
• Financial records: Retained for 7 years per law
• Backups: May contain data for up to 90 days

How does BetterFlow protect my data?

• TLS/SSL encryption for data in transit and at rest
• Role-based access controls (RBAC)
• Regular security audits and penetration testing
• ISO 27001:2013 certified security practices
• Token-based authentication with session management
• Daily encrypted backups in secure locations
• Multi-factor authentication (MFA) support

What are my GDPR rights with BetterFlow?

Under GDPR, you have these rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request permanent removal of data
• Restriction: Limit how we process your data
• Portability: Receive data in machine-readable format
• Object: Opt out of certain processing activities
• Automated decisions: Request human review

To exercise these rights, contact: [email protected]

7. International data transfers

Our primary data centers are in the EU. When data is transferred outside the EU, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Cookies and tracking

We use cookies for essential functionality and optional analytics. See our Cookie Policy for details.

9. Children's privacy

BetterFlow is not intended for users under 16. We do not knowingly collect data from children. If we discover such data, we delete it immediately.

10. Changes to this policy

We may update this Privacy Policy periodically. Material changes will be communicated via email 30 days in advance. Continued use after changes constitutes acceptance.

11. Contact and complaints