Your data, your jurisdiction, your rights.

Where your data lives

All customer data on myflow is stored and processed inside the European Union. We do not replicate or move customer data outside the EU as part of normal operations. The only data that crosses the EU border is data you intentionally send to a third-party integration that lives elsewhere (for example, an AI provider's API endpoint or a payments provider) — and we list every such provider on the sub-processors page.

Our role under GDPR

For customer content stored in myflow workspaces — leads, contacts, courses, pages, files, AI prompts — you are the data controller and we are the processor. You decide what to put into myflow and what to do with it; we process it on your instructions.

For data about you as our customer — your account record, billing information, support correspondence — we act as controller. Our privacy notice describes how we handle this.

Data Processing Agreement

We offer a standard GDPR-compliant Data Processing Agreement (DPA), including the EU Standard Contractual Clauses for any onward transfers to non-EU sub-processors. The DPA is available on request — email [email protected] and we'll send a copy you can countersign.

Data subject rights

If your end-users want to exercise their rights under GDPR (access, rectification, erasure, restriction, portability, objection), you handle those requests as the controller. myflow gives you the tools to do that:

• Export of contact and lead data in standard formats.
• Deletion of individual records from the UI.
• Workspace-level deletion at end of contract: 30 days after termination, your data is purged from production. Encrypted backups age out within the retention window described on the resilience page.

If you need our help responding to a complex data subject request, contact [email protected].

What we collect about you

We try to keep this short and predictable. From you as a customer:

• Account information you give us (name, email, company, role).
• Billing information (handled by our payments processor; we don't store card numbers).
• Product telemetry: which features you use, errors you hit, what we need to operate and improve myflow. We use Fathom for privacy-friendly analytics; we do not run cross-site tracking pixels.
• Support correspondence.

We do not sell customer data. We do not share it with advertisers. We use it to run myflow, support you, and meet legal obligations.

Cookies and tracking

myflow's product surface uses cookies for authentication and session management. Marketing surfaces use minimal cookies and a consent banner where required. We do not run advertising trackers by default; any tracker a customer chooses to add to their own myflow-hosted pages is that customer's responsibility under their own privacy policy.

Privacy contact

For any privacy question — DPA, sub-processor change, breach notification, data subject request escalation — email [email protected]. We aim to respond within five business days.