Join the Waitlist
Join the Waitlist

Privacy Policy

1) Scope & Roles

This Privacy Policy explains how [Company Legal Name] (“InvolveFlow“) collects and processes personal data when: (i) you visit our websites; (ii) you join the waitlist, sign up, or use the Service as a Customer; and (iii) End Users interact with Customer chatbots through third‑party Platforms. For (i)–(ii), InvolveFlow is Controller. For (iii), InvolveFlow is Processor and Customer is Controller (see DPA at [link to DPA]).

2) Data We Collect

  • Account & Contact Data: name, email, phone, organization, role, billing details.
  • Usage & Device Data: IP address, identifiers, device/browser info, timestamps, pages, events, diagnostics, crash logs, approximate location (city/country).
  • Customer Content & End‑User Data: messages, prompts, responses, files, tags/segments, lead scores, events, opt‑ins/opt‑outs.
  • Marketing Data: preferences, waitlist forms, survey responses, referral sources, campaign identifiers.
  • Cookies & Similar Tech: see Cookies below.

3) Sources

We collect data from you, your organization, your devices, cookies and similar tech, third‑party Platforms, and our service providers.

4) Purposes & Legal Bases (GDPR/UK GDPR)

  • Provide the Service (contract)
  • Security & Abuse Prevention (legitimate interests; legal obligation)
  • Analytics & Service Improvement (legitimate interests; consent where required)
  • Marketing Communications (consent; soft opt‑in for existing customers where permitted)
  • Billing & Compliance (contract; legal obligation)
  • Support & Troubleshooting (contract; legitimate interests)

5) Cookies & Tracking

We use necessary cookies to operate the Service and optional analytics/marketing cookies with consent where required. You can manage preferences via the cookie banner and browser settings. See our Cookie Notice below for details.

6) Sharing & Recipients

We share data with: (i) service providers (hosting, analytics, communications, payments, security); (ii) third‑party Platforms you choose to connect; (iii) resellers/partners where applicable; (iv) authorities where legally required; and (v) in connection with corporate transactions. A current list of sub‑processors is available at [link to Sub‑processors].

7) International Transfers

Where we transfer personal data outside the EEA/UK/Switzerland, we use lawful transfer mechanisms such as the EU/UK Standard Contractual Clauses and additional safeguards as appropriate.

8) Security

We implement technical and organizational measures including encryption in transit, encryption at rest for key data stores, access controls, role‑based permissions, logging, and employee training. No system is 100% secure; please notify us of suspected incidents at security@involveflow.com.

9) Retention

We retain personal data for as long as necessary for the purposes above, then delete or anonymize it, subject to legal/contractual obligations and disaster‑recovery backups. Typical retention: account data for the life of the account + [e.g., 24 months]; logs [e.g., 6–18 months]; support tickets [e.g., 24 months].

10) Your Rights

Subject to law, you may request access, correction, deletion, restriction, portability, and objection to processing. Where processing is based on consent, you may withdraw consent at any time. To exercise rights, contact privacy@involveflow.com. You also have the right to lodge a complaint with your local supervisory authority.

11) End Users of Customer Chatbots

Customers are responsible for providing notice and obtaining consents from End Users. We process End‑User Data on behalf of Customers under the DPA. End Users should contact the relevant Customer to exercise their rights; we will support Customers in fulfilling such requests.

12) Marketing Opt‑Out

You may opt out of marketing emails by using the unsubscribe link or contacting us. We may still send transaction or service notices.

13) Children

The Service is not directed to children under 16 (or the age required by local law). We do not knowingly collect such data. If you believe a child has provided data, contact us to delete it.

14) Automated Decision‑Making

We may provide lead scoring, fraud detection, and routing features. You may request human review or to contest a decision where required by law.

15) Controllers, DPO & Representatives

Controller: [Company Legal Name], [Registered Address]
Email: privacy@involveflow.com
DPO (if appointed): [Name], [Contact]
EU Rep (if outside EU): [Entity/Contact]
UK Rep (if outside UK): [Entity/Contact]

16) Changes

We may update this Policy from time to time. We will post changes here and update the effective date. Material changes may be notified by email or in‑product.

17) California Privacy Notice (CPRA)

If you are a California resident, you have rights to know, delete, correct, and opt out of sharing/sale of personal information, and to non‑discrimination. We do not sell personal information for money, but we may use cookies/advertising partners that constitute “sharing” under CPRA; you can opt out via cookie preferences. Categories collected: identifiers, internet activity, commercial info, geolocation (approximate), inferences. Sources, purposes, and recipients are as described above. Contact privacy@involveflow.com to exercise CPRA rights or use the “Do Not Sell or Share My Personal Information” link where available.