Privacy Policy | KeepFlow

1. Introduction

KeepFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cancellation flow service and related website (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Name (if provided)
Company name (if provided)

2.2 Stripe Connect Data

When you connect your Stripe account via OAuth, we access:

Stripe account ID and basic account information
Customer data relevant to cancellation flows (customer ID, email, subscription status)
Subscription data (plan details, billing cycle, status)
Limited payment data necessary to apply discounts or pause subscriptions

We do not store full credit card numbers, bank account details, or other sensitive financial information. All payment processing is handled directly by Stripe.

2.3 Widget Interaction Data

When your customers interact with the KeepFlow widget, we collect:

Cancellation reason selected
Offer presented and response (accepted/declined)
Timestamp of interaction
Session identifiers

2.4 Usage Data

We automatically collect certain information when you visit our Service:

IP address
Browser type and version
Pages visited and time spent
Referring website
Device information

3. How We Use Your Information

We use the collected data to:

Provide and maintain our Service
Display cancellation flows to your customers
Apply retention offers (discounts, pauses, downgrades) via Stripe
Generate analytics and reports on your dashboard
Calculate revenue saved and churn metrics
Send you important service notifications
Provide customer support
Improve our Service and develop new features
Detect and prevent fraud or abuse

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

Service Providers: Third parties that help us operate our Service (e.g., hosting, analytics, error tracking)
Stripe: To process payments and manage subscriptions on your behalf
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you with our Service. Specifically:

Account data: Retained until account deletion
Widget interaction data: Retained for 2 years for analytics purposes
Stripe connection data: Retained until you disconnect your Stripe account
Audit logs: Retained for 1 year

Upon account deletion, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain it.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS/HTTPS)
Encryption at rest for sensitive data
Regular security assessments
Access controls and authentication
Secure OAuth flows for Stripe integration

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Request limitation of data processing
Right to Data Portability: Request transfer of your data
Right to Object: Object to certain processing activities
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@keepflow.io.

8. California Privacy Rights (CCPA)

California residents have specific rights regarding their personal information under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know whether personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access personal information
Right to equal service and price

We do not sell personal information. To exercise your CCPA rights, contact us at privacy@keepflow.io.

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

Maintain your session and authentication
Remember your preferences
Analyze usage patterns
Improve our Service

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our Service.

10. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Stripe: Payment processing and subscription management -stripe.com/privacy
Vercel: Hosting and deployment
Sentry: Error tracking and monitoring

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@keepflow.io
Support: support@keepflow.io
Website: https://keepflow.io