Privacy Policy
Last updated: May 9, 2026
1. Information We Collect
We collect information you provide directly to us, including:
- Account information: Name, email address, company name, industry when you register
- Payment information: Processed securely by Stripe — we never store raw card data
- Usage data: How you use the Service, features accessed, AI interactions
- Lead data: Contact information submitted through audit forms and chat widgets
- Communications: Messages you send us or through the Service
2. How We Use Your Information
- Provide, maintain, and improve the Service
- Process transactions and send billing notifications
- Send onboarding, product updates, and marketing communications (you can opt out at any time)
- Analyze usage patterns to improve features
- Comply with legal obligations
3. Data Sharing
We do not sell your personal data. We share data only with:
- Stripe — payment processing
- Postmark — transactional email delivery
- Neon — database hosting (PostgreSQL)
- Render — application hosting
- OpenAI — AI features (zero data retention policy)
- Cloudflare — CDN and security
All sub-processors are contractually bound to protect your data.
4. AI and Your Data
We do not use your data to train AI models. AI features use OpenAI's API with zero data retention. Your business data stays yours.
5. Data Security
We implement industry-standard security measures including:
- AES-256-GCM encryption for sensitive credentials
- HTTPS/TLS for all data in transit
- Parameterized queries to prevent SQL injection
- Strict environment isolation for AI execution
6. Your Rights
You have the right to:
- Access, correct, or delete your personal data
- Opt out of marketing communications at any time
- Export your data
- Close your account
To exercise these rights, email hello@empireflow.ai.
7. Cookies
We use cookies for authentication (JWT session tokens), UTM attribution tracking, and referral code attribution. We do not use third-party advertising cookies. You can disable cookies in your browser, but core features may not work.
8. Data Retention
We retain your account data for as long as your account is active. Lead and audit data is retained for business analytics. You may request deletion at any time.
9. GDPR / CCPA
If you are in the EU or California, you have additional rights under GDPR and CCPA respectively. Contact us at hello@empireflow.ai to exercise those rights.
10. Contact
Questions about this policy? Email hello@empireflow.ai or visit our Trust & Security page.