Introduction

ClientFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our client management and payment tracking service. Our primary data processing occurs in the European Union (Frankfurt, Germany), ensuring strong data protection standards.

Information we collect

Information You Provide

  • Account info (email, name, profile picture via OAuth)
  • Customer data (names, phone numbers, emails)
  • Payment records (amounts, dates, statuses)
  • Communication content (templates, notes)

Automatic Collection

  • Device info (browser type, operating system)
  • Usage data (pages visited, features used)
  • IP address (for security & fraud prevention)
  • Cookies (session management, preferences)

How we use your information

Service Delivery

Providing client management, payment tracking, and reminder features

Account Management

Creating and managing your account

Communication

Sending service-related notifications

Security

Protecting against fraud and unauthorised access

Improvement

Analysing usage to improve our services

We will NEVER sell your personal data to third parties.

Data sharing

We share data with trusted service providers who help operate our service:

ProviderPurpose
iyzicoPayment processing
GoogleAuthentication (OAuth)
ResendEmail delivery
WhatsApp (Meta)Message delivery (Pro)

Your rights (GDPR & CCPA)

GDPR Rights (EU Users)

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Data portability (export)
  • Restrict processing
  • Object to processing

CCPA Rights (California)

  • Know what data we collect
  • Delete your data
  • Opt-out of data sale (we don't sell)
  • Non-discrimination

To exercise your rights, visit Settings or contact us at contact@clientflow.centre

KVKK Rights (Turkish Users)

Personal Data Protection Law No. 6698

If you are located in Turkey, you have the following rights under the Personal Data Protection Law (KVKK):

  • Learn whether your personal data is processed
  • Request information about processing if data is processed
  • Learn the purpose of processing and whether data is used accordingly
  • Know third parties to whom data is transferred domestically or abroad
  • Request correction if data is incomplete or inaccurate
  • Request deletion or destruction of data under Article 7
  • Object to results of automatic data processing that are against you
  • Claim compensation for damages due to unlawful processing

Data Controller

ClientFlow acts as the data controller for your personal data. For KVKK-related inquiries, contact us at contact@clientflow.centre.

VERBIS Registration

As required by KVKK, ClientFlow is registered with the Data Controllers Registry (VERBIS) maintained by the Personal Data Protection Authority.

To exercise your KVKK rights, contact us at contact@clientflow.centre with your request. We will respond within 30 days as required by law.

International data transfers

Our primary data processing occurs in the European Union (Hetzner, Frankfurt, Germany). When data is transferred outside the EU/EEA, we ensure appropriate safeguards:

EU-US Data Privacy Framework (DPF)

For transfers to US-based sub-processors certified under the DPF, including Google Cloud and Cloudflare.

Standard Contractual Clauses (SCCs)

For transfers to sub-processors not covered by an adequacy decision or DPF certification.

Adequacy Decisions

We rely on EU Commission adequacy decisions where applicable.

You can request information about the specific safeguards used for any particular transfer by contacting us.

Data retention

We retain your data for as long as your account is active. Here are our retention policies:

Data TypeRetention
Account dataIndefinite (preserved)
Customer recordsIndefinite (preserved)
Payment historyIndefinite (preserved)
Audit logs2 years minimum

Children's privacy

ClientFlow is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

Security

We implement industry-standard security measures

Your data is protected with professional-grade security.

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • OAuth 2.0 authentication
  • Regular security audits
  • PCI DSS compliant payment processing

Complaint procedures

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.

European Union

Local Data Protection Authority

EU residents can file complaints with their country's DPA.

Turkey

KVKK (Personal Data Protection Authority)

Turkish residents can file complaints at kvkk.gov.tr

United Kingdom

Information Commissioner's Office (ICO)

UK residents can contact the ICO at ico.org.uk

California, USA

California Attorney General

California residents can contact the AG for CCPA violations.

We prefer to resolve concerns directly. Please contact us first at contact@clientflow.centre before escalating to authorities.

Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email and/or a prominent notice on our platform before the changes take effect. We encourage you to review this policy periodically. Your continued use of the service after any changes constitutes acceptance of the updated policy.

Current version: 1.2

Contact us

Privacy Inquiries

contact@clientflow.center

Data Protection Officer

contact@clientflow.center

Related documents

Terms of ServiceDistance Sales AgreementDelivery & ReturnsData Processing AgreementCookie PolicySecurity