Free plan available·25 AI-generated answers per month — no credit card, no setup needed.Start free
SecureFlow logoSecureFlow
Note: These legal documents are provided in good faith for transparency. They are not a substitute for advice from a qualified attorney. If you have questions about your rights or obligations, consult qualified counsel.

Privacy Policy

Last updated: April 11, 2026

This Privacy Policy describes how SecureFlow(“we,” “us,” or “our”) handles information when you use our website (the “Site”) at https://secureflow.tech and when you use the SecureFlowhosted platform (the “Service”). We operate the Service on your behalf and are responsible for protecting the content you upload and the accounts you create.

1. Who this applies to

This policy applies to visitors of the Site and to users who register accounts and use the Service. If you access the Service through an employer or customer, their privacy policy may also apply.

2. Information we process

Depending on how you interact with us, we may process:

  • Account data: email address, password hash (we never store your password in plain text), optional company name, and timestamps related to registration and login. Google OAuth users share their Google email and name only.
  • Content you upload: files and text you submit to the knowledge vault or questionnaires (e.g., policies, spreadsheets). This may include personal data if you include it in those files.
  • Technical data: standard server logs (IP address, user agent, and request timestamps) to operate and secure the Service.
  • Cookies: we use a strictly necessary HTTP-only session cookie to keep you signed in. We do not use third-party advertising cookies.

3. How we use information

We use the information above to:

  • Provide, secure, and improve the Service;
  • Authenticate users and prevent abuse;
  • Generate AI-assisted draft answers using our AI provider (OpenAI);
  • Send billing-related communications via Stripe (for paid plans);
  • Comply with law where required.

We do not sell your personal information.

4. AI and third-party processors

SecureFlow uses OpenAIto generate embeddings and draft answers. Document text and question content is sent to OpenAI at request time only, solely to produce the AI output. We do not train foundation models on your content. Review OpenAI's privacy policy and enterprise terms for your compliance obligations.

5. Legal bases (EEA/UK visitors)

Where the GDPR or UK GDPR applies, we rely on contract (to provide the Service), legitimate interests (security and product improvement), and where applicable consent.

6. Retention

We retain account data and uploaded content until you delete it or delete your account. You can request deletion at any time by contacting us.

7. Security

We implement reasonable technical measures including password hashing, HTTP-only session cookies, TLS encryption in transit, and workspace isolation. No method of transmission or storage is 100% secure.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details below. You may also lodge a complaint with your local supervisory authority.

9. International transfers

Your data may be processed in countries outside your own (including the US, where OpenAI operates). We rely on standard contractual clauses or other lawful transfer mechanisms where required.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information.

11. Changes

We may update this Privacy Policy as the product evolves. We will post the new date at the top and, where appropriate, provide additional notice.

12. Contact

For privacy-related requests, email contact@secureflow.tech.

See also our Terms of Service and Disclaimer.