Last updated: March 2025
We collect your email address when you sign up. For Enterprise accounts, we also store email addresses of end users you track through our API. We collect usage data including email send counts and feature usage to enforce plan limits.
Your email is used to authenticate your account and send transactional emails (receipts, payment failures, system alerts). We do not sell your data to third parties. We do not use your data for advertising.
We use the following third-party services to operate OnboardFlow: Supabase (database and authentication), Resend (transactional email delivery), Stripe (payment processing), and Vercel (hosting). Each processor has their own privacy policy and data processing agreements.
If you connect your Gmail account, your App Password is encrypted using AES-256 before storage and is never accessible in plaintext outside of our servers. We do not access your Gmail inbox.
Your data is retained for as long as your account is active. Upon account deletion, your data is permanently deleted within 30 days. Email open and click tracking data is retained for 12 months.
If you are in the European Economic Area, you have the right to access, correct, or delete your personal data. You may also request data portability or object to processing. Contact us at support@onboardflow.xyz to exercise these rights.
We use session cookies for authentication only. We do not use tracking cookies or third-party advertising cookies.
For privacy questions or data deletion requests, contact us at support@onboardflow.xyz.