Privacy Policy

We respect your privacy. This policy is designed to be readable and to reflect common expectations for a B2B SaaS platform. It is not tailored to every jurisdiction; where local law grants you additional rights, those rights apply alongside what we describe here.

We may collect the following categories of information:

• Account and profile data — such as name, email address, organization name, role, and authentication identifiers when you register or are invited to a workspace.
• Billing data — such as billing contact details and payment-related metadata processed by our payment providers (we do not store full payment card numbers on our servers).
• Service and technical data — such as IP address, device and browser type, approximate location derived from IP, timestamps, cookies or similar technologies where applicable, and diagnostic logs needed to operate and secure the Service.
• Customer content — workflow definitions, code, configuration, integration settings, and similar data you submit to run automations. This may include metadata about third-party systems you connect. Secret values you store in our credential vault are encrypted; we do not use them for training unrelated models or for advertising.
• Communications — messages you send us (for example, support requests) and related correspondence.

We use information to:

• provide, maintain, and improve the Service;
• authenticate users, enforce security, and prevent abuse;
• process transactions and send administrative messages (including billing and legal notices);
• provide customer support and respond to inquiries;
• monitor reliability, debug issues, and develop aggregated or de-identified analytics;
• comply with law, enforce our terms, and protect rights and safety.

Where the EU/UK General Data Protection Regulation or similar laws apply, we rely on appropriate legal bases such as: contract (to provide the Service you requested); legitimate interests (for security, product improvement, and internal operations, balanced against your rights); consent where required (for example, certain cookies or marketing); and legal obligation where we must retain or disclose data by law.

We do not sell your personal information. We share information only as described in this policy, including with:

• Service providers who assist us (for example, hosting, databases, email delivery, analytics, payment processing, and security tooling), subject to confidentiality and processing terms.
• Integrations you configure — when your workflows call third-party APIs, those providers receive data according to your setup and their policies, not as a “sale” by us.
• Legal and safety — when required by law, legal process, or to protect rights, safety, and integrity of the Service, our users, or the public.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and configuration; backup copies may persist for a limited period after deletion. You may request deletion of certain data where applicable law allows.

We implement technical and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we encourage you to use strong credentials, limit access within your organization, and review integration permissions regularly.

Depending on your location, you may have rights to access, correct, delete, or export personal data we hold about you; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the details below. We may need to verify your request.

Marketing communications, where we send them, will include a way to opt out. Essential service and transactional emails may continue as needed to operate your account.

We may process and store information in countries other than where you live, including the United States. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

The Service is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised policy with an updated “Last updated” date and, where changes are material, provide additional notice as appropriate. Continued use of the Service after the effective date constitutes acceptance of the updated policy where permitted by law.

For privacy-related questions or requests, contact us through the channels published on our website or in your account settings. Please include enough detail for us to evaluate and respond to your request.