Privacy Policy

AutoFloLabs ("we," "our," or "us") provides enterprise-grade AI automation and workflow optimization services. We replace manual workflows with scalable systems. We value the trust you place in us to handle your business logic and data.

This Privacy Policy describes how we collect, use, process, and disclose your information, including personal data and Business System Data, in conjunction with your access to and use of our website and services.

We collect information in three categories: Information you provide, Information collected automatically, and System Integration Data.

1.1 Information You Provide

• Identity Data: Name, email address, phone number, and company details.
• Billing Data: Payment instrument details (processed securely via third-party payment processors).
• Communication Data: Information sent via contact forms, email, or during consultations.

1.2 System Integration Data (Specific to Automation Services)

To fulfill our "Done-For-You" and consulting services, we may collect:

• Operational Credentials: API keys, OAuth tokens, login credentials, and webhook URLs required to integrate your software stack (e.g., Salesforce, Slack, Airtable).
• Workflow Data: Data payloads that pass through the automations we build for you (e.g., lead data, customer records, content text).

1.3 Information Automatically Collected

• Technical Data: IP address, browser type, time zone setting, and operating system.
• Usage Data: Clickstreams, page interaction information, and error logs.

2.1 Service Delivery & Automation

• To architect, build, and maintain automation workflows.
• To authenticate with your third-party software accounts (CRMs, databases) on your behalf.
• To process data through Large Language Models (LLMs) as required by the agreed-upon workflow.

2.2 Artificial Intelligence & Model Training (Crucial)

• Inference Only: Unless explicitly stated in a separate Data Processing Agreement (DPA), we do not use your proprietary business data to train our internal AI models.
• Third-Party Models: Data sent to third-party AI providers (e.g., OpenAI, Anthropic) is subject to their respective API data policies. We configure these integrations to opt-out of training wherever possible by default.

2.3 Business Operations

• To detect and prevent fraud or unauthorized access to our systems.
• To analyze the performance of our internal infrastructure.

We do not sell your data. However, the nature of AI automation requires data transfer to function.

3.1 AI and Infrastructure Sub-Processors

We transmit data to the following categories of third parties to execute workflows:

• AI Model Providers: (e.g., OpenAI, Anthropic) for text/image generation and analysis.
• Automation Infrastructure: (e.g., n8n, Make, Zapier) for workflow orchestration.
• Cloud Hosting: (e.g., AWS, Google Cloud) for server hosting and database storage.

3.2 Professional Advisors & Legal

We may disclose information to our legal, financial, and insurance advisors, or when required by law to comply with a judicial proceeding or court order.

We treat your system credentials with the highest level of security.

• Encryption: API keys and access tokens are encrypted at rest and in transit.
• Least Privilege: Access to your operational credentials is restricted to the specific engineers building your system.
• Secret Management: We utilize industry-standard secrets management protocols to ensure your keys are never hard-coded in plain text.

Note: While we implement robust security measures, no electronic transmission is completely secure. We cannot guarantee the absolute security of data transmitted to us or through the third-party APIs involved in your workflows.

• Client Project Data: Retained for the duration of our active contract + 7 years for legal/tax compliance.
• System Logs: Retained for 90 days for debugging and security auditing.
• Credentials: Revoked and deleted from our systems upon contract termination or at your specific request.

Regardless of your location, we extend these rights to all clients:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations.
• Right to Restrict Processing: Ask us to suspend processing of your data.
• Right to Data Portability: Request transfer of your data to you or a third party.

AutoFloLabs operates globally. Your data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We utilize standard contractual clauses and DPAs to ensure data protection compliance.

For privacy-related inquiries, data deletion requests, or to report a security concern, please contact our Data Protection Officer.

• Email: hello@AutoFloLabs.com
• Phone: +1 (786) 686-7764

Operational Hours (Eastern Standard Time)

We process requests and provide support during the following windows:

• Sunday - Thursday: 9:00 AM – 7:00 PM EST
• Friday: 7:00 AM – 2:30 PM EST
• Saturday: Closed

We aim to acknowledge all privacy-related requests within 48 hours during operational days and resolve substantive requests within 30 days.