Privacy Policy
Version 2026-01-04
This Privacy Policy describes how Reeflow Inc. ("Reeflow," "we," "us," or "our") collects, uses, and shares personal information when you access the Reeflow Console, visit our website, or otherwise interact with us directly (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this Policy. If you are using the Service on behalf of an organization, you represent that you are authorized to accept this Policy on behalf of that organization.
Important Notice
This Privacy Policy applies to Platform Users (employees and authorized individuals who access the Reeflow Console directly) and visitors to our website.
This Policy does not apply to:
- Customer Data - the data stored in data sources you connect to Reeflow. We access your data sources solely to execute queries and do not permanently store your Customer Data (except for optional caching you control).
- Embedded Users - end users who interact with analytics embedded in your applications. You are the data controller for your Embedded Users, and your privacy policy governs their data. Our role as data processor is described in our Terms of Service.
1. Information We Collect
1.1 Account Information
When you create an account or use the Service, we collect:
- Name and email address
- Company name and job title
- Authentication information (processed by our authentication provider, which may include passwords, SSO tokens, or other authentication credentials depending on your sign-in method)
- Billing information and payment details (processed by our payment provider)
- Profile preferences and settings
1.2 Usage and Diagnostic Data
We automatically collect information about how you use the Service:
- Features used and user interactions within the Console
- Session duration and frequency of use
We use error and performance monitoring tools (such as Sentry) to improve the Service. These tools may collect:
- Error occurrences, stack traces, and diagnostic information
- Performance metrics (page load times, API response times)
- Device and browser context when errors occur
- User identifiers to correlate errors with your account (for support purposes)
1.3 Device and Technical Information
We collect technical information when you access the Service:
- IP address and approximate location (city/country level)
- Browser type and version
- Operating system
- Device type and screen resolution
- Referring URL and pages visited on our website
2. How We Use Your Information
2.1 To Provide the Service
We use your information to deliver and operate the Service:
- Authenticate your access and manage your account
- Execute queries against your connected data sources
- Enforce security rules and access controls you configure
- Process payments and manage subscriptions
- Provide customer support
2.2 To Improve the Service
We use aggregated and diagnostic data to enhance your experience:
- Analyze usage patterns to improve features and performance
- Identify and fix bugs and technical issues
- Develop new features and functionality
- Conduct research and analytics (in aggregate form only)
2.3 To Communicate With You
We use your contact information to keep you informed:
- Send transactional emails (account confirmations, password resets)
- Notify you of service updates, maintenance, and security alerts
- Provide billing notifications and invoices
- Send product announcements and newsletters (with your consent)
- Respond to your support requests and inquiries
2.4 To Protect the Service
We use your information to maintain security and compliance:
- Detect and prevent fraud, abuse, and security threats
- Enforce our Terms of Service
- Comply with legal obligations
3. How We Share Your Information
3.1 Service Providers (Sub-processors)
We share information with third-party service providers who assist us in operating the Service. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
Our current sub-processors include:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | United States |
| Clerk | Authentication services | United States |
| Loops | Email communications | United States |
| Neon | Database hosting | United States |
| Sentry | Error monitoring | United States |
| Stripe | Payment processing | United States |
| Tinybird | Usage analytics | United States |
We will notify you of any material changes to our sub-processors by updating this page.
3.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Subpoenas, court orders, or other legal process
- Requests from government or regulatory authorities
- To protect the rights, property, or safety of Reeflow, our users, or others
- To investigate suspected fraud, abuse, or violations of our Terms
3.3 Business Transfers
If Reeflow is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
3.4 With Your Consent
We may share your information in other circumstances with your explicit consent.
3.5 What We Never Share
We will never:
- Sell your personal information to third parties
- Share your data source credentials with anyone
- Provide access to your information for advertising purposes
4. Data Retention
4.1 Account Data
We retain your account information for as long as your account is active. Upon account deletion, we will delete or anonymize your personal information within 90 days, except:
- Billing and transaction records: Retained for 7 years to comply with tax and accounting obligations
- Communications related to disputes: Retained until the dispute is resolved plus any applicable statute of limitations period
- Data required by legal process: Retained as required by subpoena, court order, or regulatory obligation
4.2 Usage Data
Usage data and analytics are retained in aggregate form for service improvement purposes. Individual usage logs are retained for up to 1 year for troubleshooting and security purposes.
5. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
5.1 General Rights
All users can:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Data portability: Request your data in a machine-readable format
- Opt-out: Unsubscribe from marketing communications at any time
5.2 European Economic Area (EEA) and UK Residents
If you are in the EEA or UK, you have additional rights under GDPR:
- Right to restrict processing
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time
- Right to lodge a complaint with your local data protection authority
Our legal bases for processing include contract performance, legitimate interests (service improvement, security), legal compliance, and consent where applicable.
5.3 California Residents
Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the right to:
- Know what personal information is collected and how it's used
- Delete personal information
- Opt-out of the "sale" or "sharing" of personal information
- Non-discrimination for exercising privacy rights
We do not sell your personal information or share it for advertising purposes.
Global Privacy Control: We recognize Global Privacy Control (GPC) signals as a request to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Because we do not sell or share personal information for advertising, no additional action is required.
Categories of Personal Information (California Notice at Collection)
| Category | Collected | Disclosed for Business Purposes |
|---|---|---|
| Identifiers (name, email, IP address) | Yes | Yes (service providers) |
| Customer records (company, billing details) | Yes | Yes (payment providers) |
| Commercial information (subscription and billing activity) | Yes | Yes (payment providers) |
| Internet or network activity (usage, device, logs) | Yes | Yes (analytics and security vendors) |
| Approximate geolocation (city/country) | Yes | Yes (analytics and security vendors) |
| Professional or employment-related information (job title) | Yes | Yes (service providers) |
Sensitive personal information: We do not intentionally collect sensitive personal information such as precise geolocation, government identifiers, or biometric data. Authentication credentials are processed by our authentication provider; we do not receive or store your passwords.
5.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@reeflow.io. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
6. International Data Transfers
Reeflow is based in the United States, and your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- EU-U.S. Data Privacy Framework (where applicable)
- Other lawful transfer mechanisms as appropriate
7. Cookies and Tracking
7.1 Cookies We Use
Our website and Service use cookies and similar technologies:
- Essential cookies: Required for the Service to function, including authentication, security, and user preferences
- Analytics cookies: Help us understand how users interact with the Service
Where required by law, we will obtain your consent before placing non-essential cookies.
7.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. Most browsers allow you to:
- See what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
8. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@reeflow.io, and we will take steps to delete such information.
9. Changes to This Policy
We may update this Policy from time to time. We will notify you of material changes by:
- Posting the updated Policy on our website with a new version number
- Sending an email notification to the address associated with your account
- Displaying a notice within the Service
We encourage you to review this Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Policy or our data practices, please contact us:
- Privacy inquiries: privacy@reeflow.io
- Security issues: security@reeflow.io
- General inquiries: hello@reeflow.io
For data protection matters in the European Union, you may also contact your local Data Protection Authority.