Skip to main content
Back to Home

Privacy Policy

Last updated: March 11, 2026

MyFlowio ("we", "our", or "us") operates the website https://myflowio.com and associated mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, and company name when you register.
  • Business Data: Customer records, quotes, invoices, jobs, schedules, and other business documents you create within the Service.
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers on our servers).
  • Communications: Messages you send through the Service, including email content and notes.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, and interactions with the Service.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.

1.3 Information from Third-Party Services

When you connect third-party services (such as Google), we receive limited information as described in the sections below.

2. Google User Data

MyFlowio integrates with Google services in the following ways. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 Google Sign-In (Firebase Authentication)

  • Data accessed: Your name, email address, and profile photo from your Google account.
  • Purpose: To create and authenticate your MyFlowio account so you can securely log in without needing a separate password.
  • Storage: Your name, email, and profile photo URL are stored in our Firebase database to identify your account.
  • We do not access your Google password, contacts, Gmail messages, Google Drive files, or any other Google data beyond basic profile information.

2.2 Google Calendar Integration (Optional)

  • OAuth scope: https://www.googleapis.com/auth/calendar.events
  • Data accessed: Calendar events (title, date/time, description, location) from your Google Calendar.
  • Purpose: To display your Google Calendar events alongside your MyFlowio schedule and to sync new events you create in MyFlowio to your Google Calendar.
  • Storage: OAuth tokens (access token and refresh token) are stored encrypted in our database to maintain the connection. Calendar event data is fetched in real time and is not permanently stored on our servers.
  • This integration is optional. You choose to connect it from the Settings > Integrations page, and you can disconnect at any time.

2.3 How We Use Google Data

  • Google user data is used only for providing and improving the MyFlowio Service features described above.
  • We do not use Google user data for advertising purposes.
  • We do not sell, rent, or share Google user data with third parties, except as necessary to provide the Service (e.g., Firebase infrastructure).
  • We do not use Google user data to train AI or machine learning models.
  • We do not allow humans to read your Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (investigating abuse), or (c) it is required to comply with applicable law.

2.4 Revoking Google Access

You can revoke MyFlowio's access to your Google data at any time:

  • Google Calendar: Go to Settings > Integrations in MyFlowio and click "Disconnect Google Calendar." This immediately revokes our access and deletes stored OAuth tokens.
  • Google Sign-In: Visit your Google Account Permissions page and remove MyFlowio from the list of connected applications.
  • Account Deletion: You can request full deletion of your account and all associated data by contacting support@myflowio.com.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process payments and subscriptions through Stripe
  • Send transactional emails (invoices, quotes, appointment reminders)
  • Sync your schedule with Google Calendar (if connected)
  • Provide AI-powered features (description rewriting, document analysis)
  • Improve the Service and develop new features
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Google Firebase: Authentication, database (Firestore), file storage (Cloud Storage), hosting, and serverless functions.
  • Google Calendar API: Optional calendar sync (see Section 2.2).
  • Stripe: Payment processing for subscriptions and invoices. Stripe receives payment details directly; we do not store credit card numbers. See Stripe's Privacy Policy.
  • Resend: Transactional email delivery (invoices, quotes, notifications).
  • AI Services (Groq, OpenAI, Google Generative AI, Anthropic): Used for AI-powered features such as description rewriting and document analysis. Only the text you explicitly submit for AI processing is sent to these services. We do not send your personal information or full account data to AI providers.
  • Vercel: Web application hosting and deployment.
  • Sentry: Error monitoring and application performance tracking. Sentry may receive anonymized error logs but not your personal business data.
  • Google Analytics / Tag Manager: Anonymous usage analytics to understand how users interact with the Service.

Each third-party service has its own privacy policy governing how it handles your data.

5. Data Storage & Security

  • Your data is stored on Google Cloud infrastructure (Firebase) with encryption at rest and in transit (TLS 1.2+).
  • Authentication tokens are stored securely and are not accessible to other users.
  • We use Firestore Security Rules and server-side authentication to ensure users can only access data within their own company.
  • API routes are protected by Firebase Authentication, rate limiting, and CSRF protections.
  • We regularly review and update our security practices.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Account data: Retained for as long as your account is active or as needed to provide the Service.
  • Business documents: Quotes, invoices, jobs, and customer records are retained until you delete them or request account deletion.
  • Google Calendar tokens: Deleted immediately when you disconnect the integration or delete your account.
  • Usage logs: Retained for up to 90 days for security and debugging purposes, then automatically deleted.
  • After account deletion: We delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., payment transaction records may be kept for up to 7 years for tax/legal compliance).

7. Data Sharing

We do not sell your personal data. We share data only in these circumstances:

  • Service providers: With third-party services listed in Section 4, solely to operate the platform.
  • Team members: Within your company account, data is shared with team members based on their assigned role and permissions.
  • Customers: When you send a quote, invoice, or appointment to a customer, the relevant document data is shared with them.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred (you would be notified beforehand).

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your personal data.
  • Restriction: Request restriction of processing of your personal data.
  • Withdraw consent: Withdraw consent for optional features (e.g., Google Calendar integration) at any time.

To exercise any of these rights, contact us at support@myflowio.com. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • The right to know what personal data we collect, use, and disclose.
  • The right to request deletion of your personal data.
  • The right to opt out of the "sale" of personal data. We do not sell personal data.
  • The right to non-discrimination for exercising your privacy rights.

To submit a CCPA request, email support@myflowio.com with the subject line "CCPA Request."

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, your personal data is processed under the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for.
  • Consent: For optional integrations like Google Calendar, which you explicitly enable.
  • Legitimate interests: For security, fraud prevention, and Service improvement.
  • Legal obligation: For compliance with applicable laws.

Your data is stored on Google Cloud servers located in the United States. By using the Service, you consent to the transfer of your data to the U.S. We rely on Google's data processing agreements and standard contractual clauses for cross-border transfers.

11. Cookies

We use cookies and similar technologies for:

  • Essential cookies: Authentication session tokens required for the Service to function.
  • Analytics cookies: Google Analytics to understand usage patterns (anonymized).

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

12. Children's Privacy

MyFlowio is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will delete it promptly. If you believe a child has provided us with data, please contact us at support@myflowio.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through an in-app notification or email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Privacy Policy — MyFlowio | MyFlowio