Privacy Policy

Last updated: August 29, 2025

1. Introduction

GAflow Analytics, Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our banking analytics services. We understand the sensitive nature of financial data and implement bank-grade security measures to protect your information.

2. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide, including:

  • Name, email address, and contact information
  • Job title and company information
  • Account credentials and authentication data
  • Payment and billing information (processed securely through Stripe)
  • Communications and support interactions

Analytics and Usage Data

We collect data about how you use our service, including:

  • Website visitor analytics and user behavior data
  • Conversion funnel and customer journey data you track
  • Usage statistics and feature utilization
  • Performance metrics and system logs
  • Device information and browser data

Technical Information

  • IP addresses and location data
  • Browser type and version
  • Operating system information
  • Referring URLs and page interactions
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our banking analytics services
  • Process transactions and manage your account
  • Improve and personalize your user experience
  • Analyze usage patterns and optimize our platform
  • Communicate with you about your account and our services
  • Provide customer support and respond to inquiries
  • Send marketing communications (with your consent)
  • Comply with legal obligations and banking regulations
  • Detect and prevent fraud and security threats

4. Banking Data and Financial Information

Special Protections for Banking Data: We understand that financial institutions handle sensitive customer data. GAflow implements additional security measures for banking clients:

  • All data is encrypted in transit and at rest using AES-256 encryption
  • We maintain SOC 2 Type II compliance and undergo regular security audits
  • Data processing agreements (DPAs) are available for enterprise clients
  • We support on-premises deployment for highly regulated institutions
  • Customer data is logically separated and never shared between institutions
  • We comply with GLBA, PCI DSS, and other applicable financial regulations

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating our service
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: When you have given explicit consent for sharing
  • Security: To protect the rights, property, or safety of GAflow, our users, or others

We never sell your personal data and will not share banking or financial data without explicit consent or legal requirement.

6. Data Security

We implement comprehensive security measures including:

  • End-to-end encryption for all data transmission
  • Regular security assessments and penetration testing
  • Multi-factor authentication and access controls
  • 24/7 security monitoring and incident response
  • Employee security training and background checks
  • Data backup and disaster recovery procedures
  • Secure data centers with physical security measures

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze website traffic and user behavior
  • Provide personalized content and advertisements
  • Measure the effectiveness of our marketing campaigns
  • Enhance security and prevent fraud

You can control cookies through your browser settings. For more details, see our Cookies Policy.

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Account data is typically retained for the duration of your subscription plus 7 years for financial records. Analytics data may be retained longer in aggregated, anonymized form. You may request deletion of your personal data at any time, subject to legal and regulatory requirements.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and adequacy decisions. For EU users, we comply with GDPR requirements for international data transfers.

10. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request restriction of processing under certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal: Withdraw consent for processing based on consent

To exercise these rights, contact us at privacy@gaflow.io.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

12. Third-Party Services

We integrate with trusted third-party services including:

  • Stripe: Payment processing (see Stripe's privacy policy)
  • Google Analytics: Website analytics and user behavior tracking
  • SendGrid: Email delivery and communications
  • AWS: Cloud hosting and data storage services

Each service has its own privacy policy governing the collection and use of your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Information

If you have any questions about this Privacy Policy, please contact us:

  • Email: privacy@gaflow.io
  • Data Protection Officer: dpo@gaflow.io
  • Address: GAflow Analytics, Inc.
  • General inquiries: support@gaflow.io

For Banking Clients: We offer enhanced data protection agreements, on-premises deployment options, and additional compliance certifications for financial institutions. Contact our enterprise team for more information.

GDPR Notice: For users in the European Union, we comply with GDPR requirements and provide additional rights and protections as outlined in this policy.