Privacy Policy

Last updated: February 2, 2026

Notiflows ("Notiflows," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our notification infrastructure platform and related services (the "Service"), including our website at notiflows.com.

Notiflows operates from Warsaw, Poland, and processes personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Notiflows is the data controller responsible for your personal data collected through our Service. For data processing activities where we act on behalf of our customers (when delivering notifications to their end users), we act as a data processor, and our customer is the data controller. In such cases, our customer's privacy policy applies to that processing.

Contact details:

Email: legal@notiflows.com

Location: Warsaw, Poland

2. Personal Data We Collect

2.1 Information You Provide

Account Information
When you create an account, we collect your name, email address, company name, and password.
Payment Information
We use third-party payment processors to handle payments. We do not store complete payment card details; we only retain tokenized payment information and billing address.
Communications
When you contact us, we collect the content of your messages, your email address, and any other information you provide.
Content Data
Data you upload or transmit through the Service, including notification content and recipient information.

2.2 Information Collected Automatically

Usage Data
Information about how you interact with our Service, including features used, pages visited, and actions taken.
Device Information
Device type, operating system, browser type and version, and unique device identifiers.
Log Data
IP address, access times, referring URLs, and other standard log information.
Cookies and Similar Technologies
We use cookies and similar tracking technologies to collect information and improve our Service. See Section 7 for more details.

2.3 Information from Third Parties

If you sign up using a third-party service (such as Google or GitHub), we may receive information from that service according to your privacy settings with that service.

3. How We Use Your Personal Data

We process your personal data for the following purposes and legal bases:

3.1 Contract Performance

  • Providing and maintaining the Service
  • Processing transactions and sending related information
  • Managing your account and providing customer support
  • Communicating with you about the Service

3.2 Legitimate Interests

  • Improving and developing our Service
  • Analyzing usage patterns and trends
  • Protecting the security and integrity of our Service
  • Preventing fraud and abuse

3.3 Consent

  • Sending marketing communications (where you have opted in)
  • Using non-essential cookies for analytics and advertising

3.4 Legal Obligations

  • Complying with applicable laws and regulations

4. How We Share Your Personal Data

We do not sell your personal data. We may share your data with:

Service Providers
Third parties that help us operate our Service. Our core infrastructure runs on Amazon Web Services (AWS) and Cloudflare. We also use payment processors and other service providers as needed. These providers are contractually obligated to protect your data.
Business Transfers
In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
Legal Requirements
When required by law, court order, or governmental authority, or to protect our rights, safety, or property.
With Your Consent
We may share your data with other parties when you give us explicit consent to do so.

5. Data Location and International Transfers

EU Data Hosting. Our infrastructure and databases are hosted in the European Union (AWS EU region). Your account data and platform data are stored and processed within the EU.

Notification Delivery. When you use the Service to send notifications to your end users, the notification content and recipient data you provide will be transmitted to the delivery destination. This may involve transfers outside the EU depending on where your recipients are located and which delivery providers are used (e.g., sending SMS to recipients in the United States will route through carriers in that region). You are responsible for ensuring appropriate legal basis for any such transfers to your end users.

For any transfers outside the EEA that we control, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include the duration of our relationship with you, legal obligations, and legitimate business needs.

When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, except where we are required to retain certain data for legal or regulatory purposes.

7. Cookies and Tracking Technologies

We use minimal cookies necessary for the Service to function. We do not use tracking cookies for advertising or cross-site tracking.

Essential Cookies

Required for the Service to function properly, such as maintaining your login session. These cannot be disabled.

Analytics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal data. Plausible is compliant with GDPR, CCPA, and PECR.

Error Monitoring

For authenticated users, we use Sentry to monitor errors and application performance. This helps us identify and fix issues quickly. Sentry may collect technical information such as error messages, stack traces, browser type, and your email address (to help us identify which user encountered an issue).

Session Replay

We may record session replays to help diagnose issues and improve user experience. These recordings capture your interactions with the application (clicks, scrolls, page navigation). All text content is automatically masked and media content is blocked to protect your privacy. Session replays are used solely for debugging and product improvement purposes.

8. Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data in certain circumstances.

Right to Restrict Processing

Request that we limit how we use your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at legal@notiflows.com. We will respond to your request within one month, or inform you if we need additional time.

You also have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email or through the Service.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Notiflows

Email: legal@notiflows.com

Website: notiflows.com

Location: Warsaw, Poland