Privacy Policy

At D2CFlow, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Phone number
• Organization name and business details
• GST number (if applicable)
• Billing information

1.2 Usage Data

We automatically collect information about how you use our platform:

• Login times and IP addresses
• Features and pages accessed
• Device and browser information
• Error logs and performance data

1.3 Business Data

As an operations management platform, we process business data on behalf of our customers. This may include:

• Customer names and contact information
• Order details and history
• Product information and inventory data
• Invoice and payment records

Important: We process this data as a data processor on behalf of business owners who are the data controllers.

2. How We Use Information

We use collected information to:

• Provide and maintain our services
• Process transactions and send billing notifications
• Send order updates and notifications
• Improve our platform and develop new features
• Provide customer support
• Ensure security and prevent fraud
• Comply with legal obligations

3. Data Storage and Security

3.1 Storage

Your data is stored on Supabase (PostgreSQL) infrastructure with:

• Encrypted data at rest and in transit
• Regular automated backups
• SOC 2 compliant data centers

3.2 Security Measures

We implement security measures including:

• SSL/TLS encryption for all data transmission
• Permission-based access controls
• Row-level security for data isolation
• Regular security audits
• Audit logging for all data access

4. Data Sharing

4.1 Third-Party Service Providers

We share data with trusted third parties who help us operate our platform:

• Razorpay: Payment processing
• Interakt: WhatsApp notifications
• Resend: Email delivery
• Supabase: Database and authentication
• Vercel: Hosting and infrastructure

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests from public authorities.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account closure:

• Account data is retained for 30 days for recovery
• Billing records are retained for 7 years for tax purposes
• Business data can be exported before account closure

6. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Export: Request your data in a portable format
• Restriction: Request limitation of data processing

To exercise these rights, contact us at privacy@d2cflow.com.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

8. Multi-Tenant Data Isolation

Our platform uses multi-tenant architecture with Row-Level Security (RLS). This ensures complete data isolation - your organization's data is only accessible to users within your organization. No other organization can access your business data.

9. International Data

Our primary operations are in India. If you access our services from outside India, your data may be transferred to and processed in India.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top indicates when changes were made.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@d2cflow.com
• Address: D2CFlow, India