Privacy Policy

1. Information We Collect

When you create a GCFlow account, we collect your name, email address, company name, phone number, and payment information (processed by Stripe). When you use the platform, we collect project data, vendor information, documents, and usage analytics.

2. How We Use Your Information

We use your information to provide the GCFlow service, process payments, send transactional emails (via Brevo), store documents (via AWS S3), and improve our platform. We do not sell your personal data to third parties.

3. Data Storage & Security

Your data is stored on AWS infrastructure (RDS for databases, S3 for documents) in the US-East-1 region. All connections use TLS 1.3 encryption. Documents are accessed via presigned URLs with time-limited access. Passwords are hashed using bcrypt.

4. Third-Party Services

We use the following third-party services: Stripe for payment processing, AWS for hosting and storage, Brevo for transactional emails, and CloudFront for content delivery. Each service has its own privacy policy.

5. Cookies

We use essential cookies for authentication (session cookies). We do not use third-party tracking cookies or advertising cookies. Our session cookies are httpOnly and secure.

6. Your Rights

You can access, update, or delete your personal data from your account settings. You can export your data at any time. To delete your account entirely, contact support@gcflow.co.

7. Data Retention

We retain your data for as long as your account is active. After account deletion, we retain data for 30 days before permanent deletion. Backups may retain data for up to 90 days.

8. Contact

For privacy questions, contact us at support@gcflow.co.