Legal

Privacy Policy

Last updated: April 12, 2026

ContactFlow.ai ("we," "us," or "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights — both as a platform user and as a business deploying AI agents through our Service.

1. Information We Collect

Account & Profile Data

When you sign up, we collect your name, email address, and any workspace details you provide. This is used to create and manage your account.

Usage & Technical Data

We automatically collect:

  • IP address and browser/device information
  • Pages visited and features used within the platform
  • Agent configuration activity (channels, directions, modes selected)
  • Access timestamps and session data

This helps us improve the platform and diagnose issues — it does not identify you personally.

Agent & Conversation Data

When your AI agents handle calls or chats, conversation content may be processed to generate AI responses. This includes the prompts you configure and the messages exchanged during agent interactions. We process this data to deliver the Service, not to profile or sell it.

Contact (CRM) Data

Data you import or collect in the ContactFlow CRM (names, phone numbers, conversation history) is stored on your behalf. You are the data controller for this information and are responsible for ensuring you have the appropriate legal basis to store and process it.

2. How We Use Your Information

  • To provide, operate, and improve the ContactFlow.ai platform
  • To run your AI agents and deliver voice and chat communications
  • To respond to support requests and account inquiries
  • To send service-related notifications (security alerts, billing, updates)
  • To comply with legal obligations

We do not sell your data or use it for advertising.

3. AI & Third-Party Processing

To power AI responses, conversation data is sent to third-party AI providers (currently OpenAI). These providers process data on our behalf under data processing agreements and their own privacy policies.

Voice calls are routed through telephony infrastructure providers. Chat messages via WhatsApp are transmitted through Meta's Business API. By using these channels, data is subject to those providers' applicable terms.

We select third-party providers that maintain appropriate security standards and, where required, sign Data Processing Agreements.

4. Cookies

We use minimal, functional cookies to:

  • Keep you logged in during your session
  • Remember workspace preferences
  • Measure aggregate platform usage (no cross-site tracking)

We do not use advertising or behavioral tracking cookies. You can disable cookies in your browser, though some platform features may not function correctly without them.

5. Data Retention

Account data is retained while your account is active. Conversation logs are retained for a limited period to support debugging and compliance, after which they are deleted or anonymized. You can request deletion of your data at any time (see Your Rights below).

CRM contact data you store is retained until you delete it or close your account, at which point it is purged from our systems within 30 days.

6. Data Sharing

We only share your data when:

  • Required to deliver the Service (e.g., sending a call through our telephony provider)
  • Required by law, court order, or to protect our legal rights
  • You explicitly authorize a specific integration or export
  • In connection with a merger or acquisition — you will be notified if this occurs and your data is transferred

7. Security

We protect your data with:

  • Encrypted data transmission (TLS)
  • Encrypted storage for sensitive fields
  • Role-based access controls within our team
  • Regular security reviews of our infrastructure

No system is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or outdated information
  • Request deletion of your personal data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain processing activities

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Children's Privacy

ContactFlow.ai is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in the platform, third-party integrations, or applicable law. Material changes will be communicated via email or an in-app notice. The "Last Updated" date at the top of this page always reflects the current version.

11. Contact

Questions or concerns about this policy? Reach us at [email protected].