Last updated: May 2026

Privacy Policy

1. Introduction

AiFlo ("AiFlo", "we", "us", or "our") is an AI automation platform incorporated and registered in Latvia, with operating offices in the European Union (Riga), the Kingdom of Saudi Arabia (Jeddah), and India (Pune). We build agents that automate work across CRM, WhatsApp, email, HR, and finance for teams in Europe, the Middle East, and Asia.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have under the European Union's General Data Protection Regulation (GDPR) and other applicable laws. It applies to everyone who interacts with us: visitors browsing our website, prospects who submit a demo or contact form, and customers using the AiFlo platform under a subscription.

If you have any questions about this policy or about how your data is handled, please contact our Data Protection Officer at europe@aiflo.app.

2. Information we collect

(a) Information you give us

When you fill out a demo request, contact form, pricing inquiry, or sign up as a customer, you may provide us with the following:

• Name and job title
• Business email address
• Phone number (including WhatsApp number where provided)
• Company name and website
• Region or country of operation
• Team size
• Use case, workflow, or automation goals you'd like AiFlo to handle
• Free-form messages and notes you choose to send us

(b) Information collected automatically

When you submit a form or interact with the AiFlo website, our serverless lead intake endpoint (/api/lead) and platform logs may automatically capture:

• IP address (truncated where possible)
• Browser user-agent string
• Referrer URL
• Page path you submitted from
• Timestamp of submission (submitted_at)
• Standard server diagnostic data needed for security and abuse prevention

(c) Cookies and analytics

We use a deliberately minimal analytics stack. We do not run cross-site tracking pixels and do not sell behavioural data to advertisers.

• Plausible Analytics - privacy-respecting, cookieless aggregate page analytics. No personal data is collected and no fingerprinting is performed.
• PostHog session replay - used only with explicit opt-in consent for product improvement on signed-in customer sessions. You can disable it at any time.
• Strictly necessary cookies - required for security, session management, and load balancing. These cannot be disabled without breaking site functionality.

3. How we use information

We use the information we collect for the following purposes:

• To schedule and deliver product demos you request
• To route inquiries to the right regional team (EU, Gulf, India)
• To onboard, support, and bill paying customers
• To monitor security, detect abuse, and protect the platform
• To improve our product, content, and conversion flows in aggregate
• To meet legal, tax, and regulatory obligations

4. Legal basis (GDPR Article 6)

We process personal data only when we have a valid legal basis under GDPR Article 6:

• Consent - you actively submit a demo, contact, or marketing form, or opt in to optional analytics.
• Legitimate interest - keeping our platform secure, preventing abuse, and improving our service in non-intrusive ways.
• Contract - processing required to deliver the AiFlo service to a paying customer under a signed order form or subscription.
• Legal obligation - record retention for tax, accounting, and lawful requests from competent authorities.

5. Sharing and sub-processors

We never sell personal data. We share it only with vetted sub-processors that help us deliver the service, under written data processing terms aligned with GDPR Article 28:

• Microsoft Azure - primary hosting, storage, and compute infrastructure.
• Vercel - marketing site and serverless function deployment.
• HubSpot - CRM and lifecycle email (only where you have opted in).
• Cal.com - meeting and demo booking (only where you have opted in).

A current list of sub-processors is available on request from europe@aiflo.app.

6. Data retention

• Demo and contact requests - retained for up to 24 months from your last interaction unless you become a customer, after which customer retention rules apply.
• Customer data - retained for the duration of your contract plus 30 days for orderly handover, after which it is permanently deleted.
• Server logs and security telemetry - retained for 90 days, then purged.
• Right to deletion - verified deletion requests are honoured within 30 days, except where retention is required by law.

7. International transfers

AiFlo's primary processing environment is in the European Union, with EU data residency available on request for customer workloads. Where data must leave the European Economic Area (for example, when working with US-based sub-processors), we rely on the European Commission's Standard Contractual Clauses (SCCs) and any supplementary measures required under Schrems II.

8. Your rights

Under GDPR and equivalent laws, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing in specific circumstances
• Receive your data in a portable, machine-readable format
• Object to processing based on legitimate interest
• Lodge a complaint with your national supervisory authority

To exercise any of these rights, email europe@aiflo.app. We respond to verified requests within 30 days.

9. Security

• AES-256 encryption at rest for all customer data
• TLS 1.2 (or higher) for all data in transit
• Role-based access control with least-privilege defaults
• Two-factor authentication mandatory on all admin and engineering accounts
• Daily encrypted snapshots with regional redundancy
• 99.9% uptime SLA on production workloads

10. Children

The AiFlo service is built for businesses and is not directed at, or intended for use by, children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes that affect how we handle your personal data, we will notify customers by email at the address associated with their account, and update the "Last updated" date at the top of this page.

12. Contact

Data Protection Officer: europe@aiflo.app

You can also reach us at any of our offices:

• Latvia (EU HQ) - StartUP House Riga, Lastādijas iela 12-K3, Rīga, LV-1050
• Saudi Arabia (Gulf) - 5 Musrifah Building, Gharnata Street, Jeddah, KSA
• India (Engineering) - Royal Exotica, Office No. 106, Pune – 414048