Privacy Policy

Entflow ("we", "us", "our") operates the workflow mapping service at entflow.app ("the Service"). This Privacy Policy explains what data we collect, how we use it, how we store it, and your rights regarding your data.

By using the Service, you consent to the practices described in this policy.

2.1 Data from HubSpot

When you connect your HubSpot portal, we request read-only access to:

• Workflow configurations - names, actions, enrollment criteria, status, and metadata
• Property definitions - property names and types (not property values on CRM records)
• Pipeline and stage metadata - pipeline names, stage labels, and display order
• Marketing email metadata - email names and subject lines (not email content, analytics, or recipient data)
• List metadata - list names and IDs (not list members or contact data)

2.2 Data we do NOT collect

We do not access, collect, store, or process:

• CRM records (contacts, companies, deals, tickets)
• Email content, templates, or analytics
• Form submissions or activity data
• HubSpot user accounts, passwords, or personal information of your team
• Website tracking or analytics data
• Any personally identifiable information (PII) of your contacts or customers

2.3 Authentication data

We store OAuth access tokens and refresh tokens issued by HubSpot to maintain your portal connection. These tokens are encrypted at rest using AES-256-GCM encryption. We also store your HubSpot portal ID and portal name.

2.4 Payment data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials. We store only your Stripe customer ID and subscription ID to manage your plan.

2.5 Usage data

We store data you create within the Service, including canvas elements (sections, shapes, sticky notes, text, connectors), workflow tags, node positions on the map, and custom edges. This data is associated with your portal ID.

2.6 Session data

We use a single httpOnly cookie containing your portal ID to maintain your session. This cookie expires after 30 days. We do not use tracking cookies, analytics cookies, or any third-party cookies.

We use the data we collect exclusively to provide and improve the Service:

• Syncing workflow configurations to build the dependency map
• Detecting conflicts and property collisions between workflows
• Generating changelog entries by comparing workflow snapshots between syncs
• Rendering the visual map with your saved positions and canvas elements
• Enforcing plan limits (workflow count, feature access)
• Processing subscription payments through Stripe

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. We do not use your data for profiling, automated decision-making, or any purpose unrelated to the Service.

Your data is stored in a PostgreSQL database hosted on Neon (neon.tech), a serverless database provider. The application is deployed on Vercel with automatic HTTPS encryption for all data in transit.

Security measures include:

• OAuth tokens encrypted at rest using AES-256-GCM
• HTTPS/TLS encryption for all data in transit
• HttpOnly, secure, SameSite session cookies
• No storage of payment credentials (handled by Stripe)
• Database access restricted to the application layer

We retain your data for as long as your HubSpot portal is connected to the Service. Specifically:

• Workflow data is refreshed on each sync and reflects your current HubSpot configuration
• Workflow snapshots and changelog entries are retained indefinitely to support the diff and changelog features
• Canvas elements, tags, and positions are retained until you delete them or disconnect your portal
• Sync logs are retained for operational monitoring

When you disconnect your HubSpot portal through the Settings page, all data associated with your portal is permanently and immediately deleted from our database. This includes workflows, dependencies, conflicts, canvas elements, tags, positions, changelog entries, snapshots, sync logs, and OAuth tokens.

The Service integrates with the following third-party services:

• HubSpot - OAuth authentication and workflow data access. Subject to HubSpot's Privacy Policy.
• Stripe - Payment processing. Subject to Stripe's Privacy Policy.
• Vercel - Application hosting. Subject to Vercel's Privacy Policy.
• Neon - Database hosting. Subject to Neon's Privacy Policy.

We do not use any analytics, advertising, or tracking services.

You have the right to:

• Access - View your synced data through the Service's interface (dashboard, map, changelog, settings)
• Deletion - Delete all your data by disconnecting your portal in Settings. Deletion is immediate and permanent.
• Portability - Export your workflow map data using the Export feature (PNG, SVG, PDF, CSV)
• Revoke access - Disconnect the Entflow integration from your HubSpot portal at any time, either through Entflow's Settings page or through HubSpot's Connected Apps settings

If you are located in the European Economic Area (EEA), you may also have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has used the Service, please contact us and we will delete their data.

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or how we handle your data, contact us at kirsten@entflow.app.