Privacy Policy

For the account you create, TradeFlow is the controller. For your customers' data that flows through your account (callers, bookings), you are the controller and TradeFlow is your processor, acting on your instructions.

• Account data — your email, business name, trade and settings.

• Operational data — flows, services, availability, bookings, and the phone numbers/SMS your flows handle.

• Customer contacts — names, phone numbers and emails of people who call or book you.

• Payments — deposits are processed by Stripe; we never see or store full card details.

• Technical — minimal logs and an essential session cookie.

To provide the service (contract), to keep it secure and prevent abuse (legitimate interests), and to meet legal obligations. Marketing SMS to your customers relies on your lawful basis and respects STOP/opt-out (PECR).

We use sub-processors to run the service: Supabase (database/auth), Vercel (hosting), Twilio (calls/SMS), Stripe (payments), Anthropic (build-time flow generation), Resend (email), and optionally Google (calendar). We don't sell your data.

We keep account and booking data while your account is active. Abandoned booking-hold PII is scrubbed after 7 days and contact-form messages after 90 days. You can request deletion at any time.

You have the right to access, correct, delete, restrict, port, and object to processing of your data, and to complain to the ICO. To exercise any of these, email us.

Questions or requests: hello@tradeflow.app.