Autoflows.dev
    Beta
    Book Demo

    Privacy Policy

    Last updated: 11/23/2025

    This Privacy Policy explains how Autoflows.dev ("Autoflows", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use our websites, products, and services (collectively, the "Services"). It also describes your privacy rights and how the law protects you. By using the Services, you agree to the practices described in this Privacy Policy.

    AI Models and Providers

    Important:Operational Risks: Depending on your settings and integrations, AI features may read, write, modify, or delete content in connected systems or post content to external channels at your direction. While we apply safeguards and leverage advances in model alignment to reduce harmful behavior, errors can still occur and may, in rare cases, result in unintended modification, deletion, or disclosure of data. Configure approval workflows, use least-privilege access, and validate actions in staging where feasible.

    Important:Sensitive Data Guidance: Do not include secrets, credentials, or unnecessary special categories of personal data (for example, government IDs, financial account numbers, precise health data) in prompts. If you must process such data, ensure you have a lawful basis, implement minimization and redaction, and limit storage duration.

    Important:Public Sharing: If you enable integrations that publish to public repositories, forums, or social channels, content you submit or outputs you approve may become publicly accessible. Review and sanitize content to prevent posting personal data (PII) or confidential information.

    Important:Autonomous Mode: If enabled, the Services may autonomously build, execute commands, run scripts, modify files, manage infrastructure, or invoke external APIs at your direction and based on your configurations. Autonomous Mode is provided "AS IS" and may make mistakes. You are solely responsible for the outcome of the agent's actions when in autonomous mode. To the maximum extent permitted by law, Autoflows is not liable for any errors or damages arising from or related to Autonomous Mode, including without limitation data loss or corruption, service downtime, security incidents, or unintended disclosures.

    To deliver AI functionality, we may route your prompts, context, and necessary metadata to third-party model providers (for example, providers of large language models). We contractually instruct these providers to use your data solely to provide the requested inference and to implement appropriate security safeguards. We do not permit providers to use your prompts or outputs to train their models, to the extent we can contractually restrict such use. You are responsible for ensuring that you have the rights to include any personal or confidential information in prompts.

    We recommend avoiding unnecessary personal data in prompts where feasible and using redaction or minimization controls if available. Outputs may be probabilistic and could contain errors. You should validate outputs before relying on them.

    Scope

    This Privacy Policy applies to information we process about visitors to our websites, individuals who register for or use our Services, and others who interact with us (for example, by contacting support or participating in marketing programs). This Policy does not apply to information we process on behalf of our customers as their processor where a separate data processing agreement ("DPA") governs. Where required by law, the DPA prevails over conflicting terms in this Policy for customer data.

    Summary of Key Points

    • We collect information you provide, information collected automatically, and information from third parties.
    • We use your information to provide and secure the Services, process transactions, improve and develop features (including AI features), communicate with you, and comply with law.
    • We share information with vendors and service providers, for legal reasons, and in connection with corporate transactions. We do not sell your personal information.
    • We use third-party AI model providers to perform inferences. Customer prompts and outputs are transmitted to these providers as necessary to deliver the Service. We do not permit AI providers to use your prompts or outputs to train their models, to the extent we can contractually restrict such use.
    • We may inspect, review, and use chat histories, prompts, AI-generated code, and outputs for internal testing, research, quality assurance, and AI training purposes, including to train, fine-tune, and improve our models. Where feasible, we use aggregated or de-identified data.
    • You may have rights to access, correct, delete, or port your information, or object to or restrict certain processing, depending on your location.
    • AI features can make mistakes and may generate inaccurate or unsafe outputs. Avoid including unnecessary sensitive or confidential information in prompts and maintain backups/snapshots of important data.
    • Some features may be offered in beta and could contain defects or security vulnerabilities. Use caution and appropriate safeguards before enabling them in production.
    • Depending on your configuration, features may post content to external systems (for example, repos, issue trackers, or forums). Review outputs and destinations to prevent unintended disclosure of personal or confidential information.

    Information We Collect

    We collect the following categories of information:

    • Account and Profile Information: Name, username, password, email address, organization, role, and preferences when you register or update your account.
    • Payment and Billing Information: Payment method details (processed by our payment processors), billing address, tax IDs, and transaction records. We do not store full payment card numbers.
    • Content and Inputs: Prompts, files, datasets, instructions, configurations, and outputs you submit to or generate with the Services, including AI-related inputs/outputs and metadata needed to operate features.
    • Usage Data: Activity logs, feature usage, clickstream, session duration, referrer, pages viewed, date/time stamps, and similar analytics.
    • Device and Network Data: IP address, device identifiers, operating system, browser type, settings, language, crash and diagnostic data, and performance metrics.
    • Cookies and Similar Technologies: We use cookies, SDKs, and web beacons to provide, protect, and improve the Services, remember settings, and measure effectiveness. See "Cookies and Analytics" below.
    • Communications: Emails, messages, and feedback you send us, including support tickets and survey responses.
    • Third-Party Sources: We may receive information from identity providers, analytics providers, public sources, partners, and vendors to support account creation, fraud prevention, and compliance.

    How We Use Information

    We process information for the following purposes:

    • Provide, maintain, and improve the Services, including troubleshooting, security, and support.
    • Process transactions, manage subscriptions, billing, and account administration.
    • Operate AI features by sending prompts and context to model providers for inference and returning outputs to you.
    • Research and develop new features and improvements, including evaluating model quality and safety, using aggregated and/or de-identified data where possible.
    • Communicate with you about service updates, security alerts, and administrative messages; and with your consent or as permitted by law, send marketing communications.
    • Protect the Services, our users, and the public, including detecting, investigating, and preventing security incidents, abuse, and fraud.
    • Comply with legal obligations, enforce agreements, and resolve disputes.

    Legal bases for processing under the EU/UK GDPR include performance of a contract (Article 6(1)(b)), legitimate interests (Article 6(1)(f)), consent (Article 6(1)(a)) where applicable, and compliance with legal obligations (Article 6(1)(c)).

    Use of Chat Histories and AI-Generated Content for Research and Training

    We may inspect, review, and analyze chat histories, prompts, AI-generated code, and other outputs generated through your use of the Services (collectively, "Interaction Data") for internal testing, research, quality assurance, and development purposes. This includes, but is not limited to:

    • Training, fine-tuning, and improving our AI models and algorithms;
    • Building and refining training datasets and evaluation benchmarks;
    • Conducting research to enhance model performance, safety, and alignment;
    • Analyzing usage patterns to develop new features and improve service quality;
    • Testing and validating system behavior and detecting edge cases or failure modes.

    Where feasible, we will use aggregated, de-identified, or anonymized data for these purposes. However, in some cases, we may need to review identifiable Interaction Data to understand context, debug issues, or conduct detailed analysis. We implement appropriate safeguards to limit access to authorized personnel and protect the confidentiality of your information.

    Our use of Interaction Data for these purposes is based on our legitimate interests in improving the Services and advancing AI technology (Article 6(1)(f) GDPR), subject to appropriate safeguards for your rights. If you have concerns about this use, you may contact us to exercise your rights or object to processing as described in the "Your Privacy Rights" section below.

    Pre-Release/Beta Features

    Certain features may be offered in alpha/beta or otherwise pre-release form. Such features may not be fully tested and may contain defects or security vulnerabilities. They are intended for evaluation and feedback and may be modified or discontinued at any time.

    You should not rely on beta features for processing highly sensitive or regulated personal data unless necessary and with appropriate safeguards (including staging environments, additional approvals, and monitoring). Maintain current backups and/or snapshots for any important data that could be affected by actions initiated through the Services.

    Cookies and Analytics

    We and our service providers use cookies and similar technologies for authentication, remembering preferences, analytics, and improving the Services. You can control cookies via your browser settings and, where applicable, via in-product controls. Disabling cookies may impact functionality.

    How We Share Information

    • Service Providers and Subprocessors: Vendors that help us provide the Services (e.g., hosting, storage, AI inference, analytics, customer support, billing, email). We require appropriate contractual and security commitments.
    • Legal and Safety: Where required by law or where we believe disclosure is necessary to protect rights, safety, or prevent fraud or abuse.
    • Business Transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets. We will continue to protect information consistent with this Policy or provide notice of changes.

    We do not sell your personal information or share it for cross-context behavioral advertising as those terms are defined under applicable privacy laws.

    Data Retention

    We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data and our legal obligations. Where feasible, we aim to minimize retention and use aggregation or de-identification.

    Security

    We implement administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

    You are also responsible for configuring and maintaining appropriate security controls in your environment, including least-privilege access for integrations, approval workflows for AI-initiated actions, and verified backups/snapshots and rollback plans for critical systems.

    International Data Transfers

    We may transfer, store, and process information in countries other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses for transfers from the EEA/UK/Switzerland and ensure that recipients offer an adequate level of protection.

    Your Privacy Rights

    Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. You may also have the right to withdraw consent where processing is based on consent. To exercise your rights, contact us at the email below. You may also have the right to lodge a complaint with a supervisory authority.

    • EU/UK Individuals: You have rights under the GDPR/UK GDPR, including data portability and the right to object to processing based on legitimate interests.
    • California Residents: We comply with the CCPA/CPRA. We do not sell personal information or share it for cross-context behavioral advertising. You may request access, deletion, or correction as permitted by law.

    Children's Privacy

    The Services are not directed to children under 13 (or other age as defined by local law). We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it.

    Third-Party Links and Services

    The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies.

    Changes to this Policy

    We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. Material changes will be effective when posted unless otherwise stated.

    Contact Us

    If you have questions, requests, or complaints about this Privacy Policy or our practices, contact us at support@autoflows.dev.