We use essential cookies to run this site and optional analytics cookies to understand usage and improve your experience. See our Cookie Policy.

    LEGAL

    Privacy Policy

    Last updated: June 18, 2026

    SpinFlow.ai ("SpinFlow," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit our website, request a discovery meeting, subscribe to our communications, or use any of the custom platforms we build and host on your behalf.

    This policy applies to spinflow.ai, all subdomains, every client platform we operate, and all related services, sales conversations, and marketing channels. By using our website or services, you confirm that you have read and understood this policy.

    Text messaging and mobile data: SpinFlow does not share mobile information, text messaging opt-in data, or consent records with third parties or affiliates for marketing or promotional purposes. This category of data is excluded from all sharing described elsewhere in this policy. SMS aggregators and messaging providers may process this data solely to deliver the messages you have requested.

    1. Information We Collect

    1.1 Information You Provide Directly

    We collect information you actively provide to us, including:

    • Discovery meeting submissions: name, company name, company website, number of software tools used daily, and your biggest frustration with your current setup.
    • Account information: email address, password hash, full name, role, and profile preferences for client portals or admin accounts.
    • Billing details: billing name, billing address, tax identifiers, and payment method tokens (processed by our PCI-compliant payment partners; we never store full card numbers).
    • Communications: emails, chat messages, support tickets, contract documents, and any files you upload or share with us.
    • Newsletter and marketing opt-ins: email address and consent timestamp.
    • Referral partner information: contact details, payout preferences, and tax forms where applicable.

    1.2 Information Collected Automatically

    When you interact with our website or platforms, we automatically collect:

    • Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language.
    • Usage data: pages visited, referring URLs, time on page, click paths, scroll depth, search queries, and interactions with forms or media.
    • Performance and diagnostic data: error logs, load times, and crash reports used to maintain reliability.
    • Cookies and similar technologies: session identifiers, authentication tokens, analytics identifiers, and preference cookies. See our Cookie Policy for full details.

    1.3 Information from Third Parties

    We may receive information about you from analytics providers, advertising platforms, payment processors, identity verification services, public business directories, social media platforms (when you engage with our content), and referral partners who introduce you to us.

    2. How We Use Your Information

    We use the information we collect for the following purposes:

    • Deliver, operate, host, and maintain custom platforms built for our clients.
    • Schedule and conduct discovery meetings, prepare custom proposals, and onboard new clients.
    • Process payments, issue invoices, manage subscriptions, and prevent fraud.
    • Provide customer support, respond to enquiries, and resolve technical issues.
    • Send transactional messages such as receipts, account notifications, security alerts, and service updates.
    • Send marketing communications, newsletters, and product updates where you have opted in.
    • Personalise your experience on our website and platforms.
    • Measure and improve performance through analytics, A/B testing, and user research.
    • Comply with legal obligations, enforce our agreements, and protect the rights, property, and safety of SpinFlow, our clients, and the public.

    3. Legal Basis for Processing (GDPR)

    If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases:

    • Contract: to deliver the services you have requested.
    • Consent: for marketing communications, non-essential cookies, and certain optional features. You can withdraw consent at any time.
    • Legitimate interests: to operate, secure, and improve our business, provided your rights do not override these interests.
    • Legal obligation: to comply with tax, accounting, anti-fraud, and other applicable laws.

    4. Cookies and Tracking Technologies

    We use first-party and third-party cookies, pixels, local storage, and similar technologies to keep you signed in, remember your preferences, measure traffic, and understand how visitors use our site. Categories include strictly necessary, functional, analytics, and marketing cookies. You can manage your preferences at any time through your browser settings or our cookie banner. For full details, see our Cookie Policy.

    5. How We Share Your Information

    We do not sell your personal information. We share data only in the following limited circumstances:

    • Service providers: hosting, infrastructure, email delivery, analytics, payment processing, customer support, and security vendors who process data on our behalf under contractual confidentiality and data protection obligations.
    • Professional advisers: lawyers, accountants, auditors, and insurers when reasonably required.
    • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
    • Legal and safety: to comply with valid legal process, lawful requests from public authorities, or to protect rights, property, or safety.
    • With your direction: when you instruct us to share data with a third party, such as an integration you have authorised.
    • Text messaging opt-in data and consent: never shared, sold, or rented to any third party or affiliate for marketing or promotional purposes. Excluded from every sharing category above.

    6. International Data Transfers

    We operate globally and may transfer, store, and process your information in countries outside your country of residence, including the United States. Where required by law, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent legal mechanisms to protect your data during international transfers.

    7. Data Security

    We implement technical and organisational safeguards designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These include encryption in transit (TLS 1.2 or higher), encryption at rest, role-based access controls, principle of least privilege, multi-factor authentication for administrative access, regular vulnerability scanning, monitored audit logs, and staff training on data handling. No system is completely secure, and we cannot guarantee absolute security.

    8. Data Retention

    We retain personal information only for as long as necessary to fulfil the purposes set out in this policy, comply with our legal, accounting, or regulatory obligations, resolve disputes, and enforce our agreements. Typical retention periods include: discovery meeting submissions for up to 24 months, billing and tax records for up to 7 years, account data for the lifetime of the relationship plus 12 months, marketing data until you unsubscribe, and aggregated or anonymised analytics indefinitely.

    9. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Access: request a copy of the personal data we hold about you.
    • Rectification: request correction of inaccurate or incomplete data.
    • Erasure: request deletion of your data, subject to legal exceptions.
    • Restriction: request that we limit how we process your data.
    • Portability: receive your data in a structured, commonly used, machine-readable format.
    • Objection: object to processing based on legitimate interests or for direct marketing.
    • Withdraw consent: withdraw any consent you previously provided.
    • Lodge a complaint: file a complaint with your local data protection authority.

    To exercise any of these rights, email privacy@spinflow.ai. You can also manage marketing preferences directly via our Opt-In and Opt-Out pages.

    10. California Privacy Rights (CCPA / CPRA)

    California residents have additional rights under the CCPA and CPRA, including the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate information, the right to opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioural advertising), and the right to non-discrimination for exercising these rights. To make a request, contact privacy@spinflow.ai.

    11. Marketing Communications

    We will only send marketing emails to people who have opted in. You can opt in to specific channels using our Opt-In page, and you can unsubscribe at any time using the link in any marketing email or by visiting our Opt-Out page. Transactional messages (billing, security, account, and service notifications) are not subject to opt-out and are required to operate the services you use. For SMS specifically, you opt in through our web form, you can reply STOP to any text to unsubscribe at any time, and you can reply HELP for assistance. Message frequency varies and message and data rates may apply.

    12. Children's Privacy

    Our services are intended for businesses and individuals aged 18 or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal data, please contact us so we can promptly delete it.

    13. Third-Party Links and Services

    Our website and platforms may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any personal data.

    14. Automated Decision-Making and AI

    We use AI-assisted tools to power features such as chat, analytics, content generation, and workflow automation. These systems support human decision-making and do not produce legally significant decisions about you without human review. Where AI processing involves your personal data, we apply the same security and confidentiality standards described in this policy. Learn more about our approach to AI.

    15. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice (such as a banner or email). Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

    16. Contact Us

    For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

    SpinFlow.ai - Privacy Team
    Email: privacy@spinflow.ai
    General: hello@spinflow.ai