Skip to main content

Privacy Policy

Version
1.0.0
Effective date
2026-01-01

This document is provided as a template. Review with legal counsel before production use.

Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use the AACFlow platform. We act as a data controller for account and billing information, and as a data processor for Content you submit through the Service.

Data we collect

We collect: (a) account information such as name, email, and hashed credentials; (b) workspace and subscription metadata; (c) technical data such as IP address, user agent, and usage logs; (d) Content you submit to the Service; (e) support communications.

We do not collect sensitive categories of personal data unless strictly necessary to provide the Service.

How we use data

We use personal data to: operate and secure the Service; authenticate and authorize access; process payments; provide customer support; send service-related notifications; detect fraud and abuse; improve the product; and comply with legal obligations.

Where legally required, we rely on contract, legitimate interests, consent, or legal obligation as our basis for processing.

How we share data

We share personal data with: (a) subprocessors such as cloud hosting and email providers bound by data-protection agreements; (b) LLM and integration providers that you enable in your workflows; (c) authorities when required by law.

We do not sell personal data.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or export your personal data, and to object to or withdraw consent for certain processing. You can exercise most rights directly in your account settings or by contacting privacy@aacflow.example.

Cookies and similar technologies

We use cookies and similar technologies for authentication, security, preferences, and analytics. See our Cookie Policy for details and to manage your preferences.

Data retention

We retain personal data for as long as your Account is active and for a reasonable period afterwards to comply with legal, accounting, or reporting obligations. Workspace Content is retained according to your Subscription plan and deleted or anonymized upon termination.

Security

We apply administrative, technical, and organizational safeguards including encryption in transit, encryption at rest for sensitive data, access controls, logging, and periodic security review. No system is perfectly secure; you should also protect your credentials.

International transfers

If we transfer personal data outside your jurisdiction, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. A list of subprocessors and their locations is available on request.

Children's privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can delete it.

Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-product notice, and we will request renewed consent where required by law.

Contact the data protection team

Questions or requests can be sent to privacy@aacflow.example. You may also lodge a complaint with your local data-protection authority.