Privacy Policy

AI Workflow Inc. (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI workflow automation platform and related services (the “Service”).

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and password when you create an account. If you sign in via Google or GitHub OAuth, we receive your name, email, and profile picture from those providers.
• Billing Information: Payment details are processed securely by our payment provider, Paddle. We do not store your full credit card number on our servers.
• Workflow Data: The workflows, automations, and configurations you create, including any n8n workflow JSON and associated metadata.
• Communications: Messages you send to our support team, feedback submissions, and survey responses.
• Profile Information: Optional details you add to your profile, such as your organization name or job title.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, credit consumption, workflow executions, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Tracking: We use cookies and similar technologies as described in our Cookie Policy.

1.3 AI-Processed Data

When you use our AI features (workflow generation, AI chat, AI-assisted editing), your prompts and workflow descriptions are sent to third-party AI providers (OpenAI, Anthropic, and Google) for processing. We do not use your workflow data or AI prompts to train AI models. These providers process data according to their own privacy policies and our data processing agreements with them.

2. How We Use Your Information

• Provide the Service: Operate your account, process workflows, execute automations, and manage your credits and subscriptions.
• Improve the Platform: Analyze usage patterns, diagnose technical issues, and develop new features.
• Billing and Payments: Process transactions, send invoices, and manage subscriptions through Paddle.
• Communications: Send account notifications, security alerts, credit balance warnings, and (with your consent) product updates and tips.
• Security: Detect fraud, prevent abuse, and enforce our Terms of Service and Acceptable Use Policy.
• Legal Compliance: Respond to legal requests, enforce our rights, and comply with applicable laws.

3. How We Share Your Information

We do not sell your personal data. We share information only in these circumstances:

• Service Providers: Paddle (payments), AI providers (OpenAI, Anthropic, Google), cloud hosting providers, analytics tools, and email delivery services — all bound by data processing agreements.
• Workflow Sharing: When you share a workflow with another user, they can see the workflow content and your display name and email.
• n8n Integration: Workflows deployed to n8n instances may interact with third-party APIs you configure. We are not responsible for data processed by those external services.
• Legal Requirements: We may disclose information if required by law, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (up to 7 years for financial records). Workflow data and version history are deleted when your account is deleted. Backups containing your data are purged within 90 days.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, secure authentication with hashed passwords, role-based access controls, and regular security audits. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate data via your account settings or by contacting us.
• Deletion: Request deletion of your account and personal data.
• Portability: Export your workflows and data in standard formats (JSON).
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request that we limit how we process your data.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at privacy@aiworkflow.com. We will respond within 30 days.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We use Standard Contractual Clauses (SCCs) and other legally approved transfer mechanisms to ensure your data is protected in accordance with this policy and applicable data protection laws.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact privacy@aiworkflow.com.

9. European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases: performance of a contract (account operation and service delivery), legitimate interests (security, fraud prevention, product improvement), consent (marketing communications), and legal obligations (tax and compliance records). Our Data Protection Officer can be reached at dpo@aiworkflow.com.

10. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@aiworkflow.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: