Privacy policy

We collect the data we need to run the service you signed up for: your account details, the project data you put into AgencyFlo, and a small amount of usage data so we can keep the product working.

We don’t sell your data. We don’t use it to train external AI models. We don’t share it with advertisers. If you leave, you can take it with you and we’ll delete what we hold.

AgencyFlo Ltd, registered in England and Wales, is the controller of personal data described in this policy. For Customer Content you submit through the platform on behalf of your own clients, AgencyFlo acts as a processor and the terms of our Data Processing Agreement apply.

Account data: name, work email, company, role, and password hash. You provide this when you sign up.

Customer content: the project, time, client, document, and financial data you put into AgencyFlo. You own this; we host it on your behalf.

Usage data: pages visited, features used, errors encountered. We use this to improve the product and diagnose issues.

Device data: browser type, IP address, approximate location. Standard server logs.

Communications: emails you send us and our replies, plus any in-product feedback you submit.

Providing and maintaining the Service.

Authenticating you, securing your account, and detecting fraud or abuse.

Sending operational messages (billing receipts, security alerts, product updates).

Improving the Service: understanding which features are useful, which are confusing, which are broken.

Complying with legal obligations.

We don’t sell your personal data.

We don’t share Customer Content with third parties for their own purposes.

We don’t use your Customer Content to train AI models that are made available to other customers.

We use a small set of trusted sub-processors to deliver the Service (for hosting, transactional email, analytics, and customer support). Each is contractually bound to handle your data only on our instructions and to standards at least as strict as our own.

The current list of sub-processors is available in the Data Processing Agreement.

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards including Standard Contractual Clauses or equivalent mechanisms.

Account data: for the life of your account, plus a short period after closure for legal and accounting purposes.

Customer content: until you delete it, or until your account is closed and the export window expires.

Usage data: typically up to 24 months in identifiable form, then aggregated.

Backups: rolling 30-day retention, then automatically expired.

You can access, correct, export, or delete your personal data at any time. Most of this is available directly from your account; for anything else email privacy@agencyflo.ai.

If you’re in the UK or EEA, you have additional rights under the UK GDPR / GDPR, including the right to lodge a complaint with your local data protection authority.

We use a small number of cookies to keep you signed in and to understand how the Service is used. We don’t use advertising cookies. Where required by law, we ask for consent before setting non-essential cookies.

The Service is not directed to anyone under 18 and we don’t knowingly collect data from minors. If you believe we have, email us and we’ll delete it.

If we make material changes, we’ll let you know by email or in-app at least 30 days before they take effect. The version history is published in our changelog.

Privacy questions go to privacy@agencyflo.ai. Everything else: hello@agencyflo.ai.