Privacy Policy

1. Introduction

WorkFlux ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent installation and integration platform at workflux.ai (the "Service").

We are SOC 2 Type II certified and HIPAA compliant, ensuring enterprise-grade security and data protection for all our customers.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, company name, phone number, job title
• Payment Information: Billing address, payment method details (processed securely through our PCI-compliant payment processor)
• Business Information: Industry type, team size, integration requirements, workflow details
• Communications: When you contact us, we collect the content of your messages, support tickets, and consultation requests
• Implementation Data: Configuration settings, API credentials, integration preferences

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent, click patterns, search queries
• Device Information: IP address, browser type, operating system, device type, screen resolution
• Performance Data: Error logs, system performance metrics, API response times
• Cookies and Similar Technologies: Session cookies, preference cookies, analytics cookies (see Section 7)

2.3 Information from Third Parties

• Integration Partners: When you connect third-party services (Salesforce, Epic, Shopify, etc.), we receive necessary data to enable integrations
• Authentication Providers: If you use SSO (Google, GitHub), we receive basic profile information

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve our AI agent installation and integration services
• Process your transactions and manage your account
• Configure and deploy AI agents according to your specifications
• Provide customer support and respond to your inquiries
• Send transactional communications (deployment updates, system alerts, billing notifications)

3.2 Service Improvement

• Analyze usage patterns to improve Service functionality and user experience
• Conduct research and development for new features
• Monitor and analyze Service performance and reliability
• Detect, prevent, and address technical issues and security vulnerabilities

3.3 Marketing and Communications

• Send you marketing communications about new features, updates, and offers (with your consent)
• Personalize your experience and provide relevant content
• Conduct surveys and gather feedback

3.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and protect our legal rights
• Prevent fraud, abuse, and security threats
• Respond to legal process and government requests

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Cloud Infrastructure: AWS, Google Cloud Platform (for hosting and data storage)
• Payment Processing: Stripe (PCI-compliant payment processor)
• Analytics: Google Analytics, Mixpanel (usage analytics with anonymized data)
• Customer Support: Intercom, Zendesk (support ticket management)
• Email Services: SendGrid, Mailchimp (transactional and marketing emails)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Business Transfers

If WorkFlux is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

• Comply with applicable laws and regulations
• Respond to valid legal process (subpoenas, court orders)
• Protect the rights, property, or safety of WorkFlux, our users, or the public
• Detect, prevent, or investigate fraud, security issues, or illegal activities

4.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

5. Data Security

We implement industry-leading security measures to protect your information:

5.1 Technical Security

• Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA) required for all accounts
• Network Security: Firewalls, intrusion detection systems, DDoS protection
• Vulnerability Management: Regular security audits, penetration testing, and vulnerability scanning
• Secure Development: Security code reviews, dependency scanning, automated security testing

5.2 Organizational Security

• SOC 2 Type II Certification: Independently audited security controls, annual compliance reviews
• HIPAA Compliance: Business Associate Agreements (BAA) available for healthcare customers
• Employee Training: Regular security awareness training, background checks for all employees
• Incident Response: 24/7 security monitoring, documented incident response procedures

5.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours in compliance with GDPR and applicable laws.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active, plus 90 days after account closure (for backup and recovery)
• Transaction Records: Retained for 7 years to comply with financial and tax regulations
• Usage Logs: Retained for 90 days for security and troubleshooting purposes
• Marketing Data: Retained until you unsubscribe or request deletion
• Support Communications: Retained for 3 years for quality assurance and dispute resolution

You may request early deletion of your data by contacting us at privacy@workflux.ai.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and Service functionality (cannot be disabled)
• Analytics Cookies: Help us understand how you use our Service (Google Analytics with anonymized IPs)
• Preference Cookies: Remember your settings and preferences (theme, language, dashboard layout)
• Marketing Cookies: Track conversions and measure advertising effectiveness (only with consent)

7.2 Cookie Management

You can manage cookies through your browser settings. Note that disabling cookies may limit Service functionality.

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 GDPR Rights (EU/EEA)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 CCPA Rights (California)

• Right to Know: Request disclosure of data collected, used, and shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

8.3 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@workflux.ai
• Data Request Portal: workflux.ai/data-request (coming soon)

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

9. International Data Transfers

WorkFlux is based in the United States. If you access our Service from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries.

For EU/EEA users, we comply with GDPR requirements for international transfers:

• EU Standard Contractual Clauses (SCCs) with all service providers
• Adequacy decisions recognized by the European Commission
• Additional safeguards as required by applicable law

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@workflux.ai, and we will delete it promptly.

11. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

12. California "Do Not Track" Disclosure

Our Service does not respond to "Do Not Track" signals. However, you can manage cookies and tracking through your browser settings as described in Section 7.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to your registered email address
• Updating the "Last Updated" date at the top of this policy

Continued use of our Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Jurisdiction-Specific Provisions

15.1 European Union / EEA

Data Controller: WorkFlux Inc. is the data controller for personal information processed in connection with our Service.

Legal Basis for Processing:

• Contract performance (to provide our Service)
• Legitimate interests (to improve and secure our Service)
• Legal compliance (to meet regulatory requirements)
• Consent (for marketing communications and optional features)

EU Representative: Coming soon as we expand into the EU market.

15.2 United Kingdom

For UK users, we comply with the UK GDPR and Data Protection Act 2018. You have the same rights as outlined in Section 8.1.

UK Representative: Coming soon as we expand into the UK market.

15.3 Canada

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have rights similar to those outlined in Section 8.

15.4 Australia

For Australian users, we comply with the Privacy Act 1988 and Australian Privacy Principles (APPs).