Privacy Policy
Effective date: June 10, 2026
NeatlyFlow LLC ("we," "us," or "our") operates neatlyflow.com and the NeatlyFlow scheduling platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the practices described here.
1. Information We Collect
Account and Profile Information
When you register, we collect your name, email address, and password (stored as a one-way hash). When you create a company profile, we collect your company name and related settings.
Business Data You Enter
The Service stores data you input, including employee records (names, emails, roles, profile photos), client records (names, contact details, addresses, notes, photos), scheduled events, invoices, clock-in/out records, and company settings. This data belongs to you.
Payment Information
We use Stripe to process payments. We do not store your full credit card number, CVV, or billing details on our servers. Stripe's privacy policy governs how they handle your payment data. We store only a Stripe customer ID and subscription status.
Usage and Technical Data
We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring and to maintain the reliability of the Service. We do not use third-party analytics trackers (e.g., Google Analytics) on the Service.
Communications
If you contact us via the contact form or email, we retain that correspondence to respond to your inquiry and improve our support.
2. How We Use Your Information
- To provide, operate, and maintain the Service
- To process your subscription payments via Stripe
- To send transactional emails (password resets, invoice deliveries, event reminders) via Resend
- To respond to your support requests
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
We do not sell your personal data. We do not use your data for advertising or share it with data brokers.
3. Data Isolation and Multi-Tenancy
Each company account's business data (employees, clients, events, invoices) is stored in a logically isolated database. No company can access another company's data through the Service. Our administrative access to tenant databases is limited to operational necessity (backups, schema updates, incident response).
4. Third-Party Service Providers
We share data with the following service providers solely to operate the Service:
- Stripe — payment processing. Stripe Privacy Policy
- Resend — transactional email delivery (password resets, invoice emails). Resend Privacy Policy
- Hetzner Online — cloud hosting and infrastructure. Your data is stored on servers located in the European Union or the United States.
- Cloudflare — bot protection (Turnstile) on the registration page.
We do not share your data with any other third parties without your explicit consent, except as required by law.
5. Cookies and Local Storage
We use a session cookie to keep you logged in (signed JWT, HTTP-only). We use browser localStorage solely to remember your dark/light mode preference. We do not use advertising cookies or third-party tracking cookies.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, all associated business data is permanently deleted from our systems within 30 days. Server logs are retained for up to 90 days for security and operational purposes.
7. Security
We take security seriously. Measures in place include: passwords hashed with bcrypt (12 rounds), JWT sessions signed with a secret key, HTTPS enforced with HSTS, rate limiting on authentication endpoints, input validation and HTML escaping, and per-tenant database isolation. No security system is perfect — if you discover a vulnerability, please disclose it responsibly to support@neatlyflow.com.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data (available directly in Settings → Delete Account)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing of your data
To exercise any of these rights, contact us at support@neatlyflow.com. We will respond within 30 days.
9. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at support@neatlyflow.com and we will delete it promptly.
10. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@neatlyflow.com.
11. International Users
The Service is operated from the United States. If you are accessing the Service from outside the United States, your data may be transferred to and processed in the United States or the EU (Hetzner infrastructure). By using the Service, you consent to this transfer. We apply the same privacy protections described in this policy regardless of where your data is processed.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. The effective date at the top of this page will always reflect the current version.
13. Contact
For any privacy-related questions or requests, contact us at:
support@neatlyflow.com