Privacy Policy

This Privacy Policy explains how Brighterflow (“Brighterflow”, “we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use app.brighterflow.io (“the Platform”), including AI-enhanced workflows, integrations, and connected services.

We are committed to protecting your privacy and handling your data responsibly, in full compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Who We Are (Data Controller)

Brighterflow.io
From: Waddinxveen, The Netherlands
Email: info@brighterflow.io
Website: https://www.brighterflow.io

We act as the Data Controller for all data you provide via the Platform.

2. What We Do

Brighterflow provides an AI-native workflow automation platform that learns from context and assists in optimizing business processes. This includes workflow orchestration, integrations, OAuth connections, and AI-driven features trained on real-time user context (see product overview and workflow automation background ).

3. Personal Data We Collect

We only collect the minimum personal data required to operate the Platform securely and effectively.

A. Account & Authentication Data

Collected when you sign up or log in:

• Name

• Email address

• Profile image (if provided by OAuth)

• Authentication tokens generated by OAuth providers

We do not receive passwords from Google, Microsoft, Facebook or any other OAuth provider.

B. Workflow & Integration Data

When you connect external services to your workflows, we may process:

• API tokens or OAuth tokens (encrypted)

• Data retrieved from or sent to third-party services based on your workflow configuration

• Execution logs and timestamps

• AI decision logs (context used for learning or optimization)

C. Usage Data

For security and improvement:

• IP address

• Browser/device information

• Activity logs within the Platform

• Error logs

• Workflow performance metrics

D. Support Communications

Emails, support conversations, or tickets submitted by you.

4. Data from Third-Party Integrations

Many users connect tools via OAuth (Google, Microsoft, CRM systems, databases, etc.).

When you authorize such connections:

• You explicitly allow Brighterflow to access certain data from that service.

• Access is limited to the scopes you approved.

• You can revoke access at any time via the provider (e.g., Google Security Settings).

Brighterflow never:

• Has access to your external account passwords

• Expands permissions without your approval

• Uses third-party data for advertising

• Shares data between users or organizations

5. How We Use Your Data

We process data only for legitimate, clearly defined purposes:

A. Operating the Platform

• Running workflows and AI automations

• Executing integrations you configured

• Providing context-based AI behaviour
  (As described in the Brighterflow use cases and functionality .)

B. Improving Performance

• Debugging errors

• Enhancing workflow templates

• Optimizing AI behaviour and memory
  (As outlined in AI memory and workflow learning features .)

C. User Communication

• Account notifications

• Security alerts

• Service updates

• Billing messages

D. Security & Fraud Prevention

• Protecting your account from unauthorized access

• Monitoring suspicious activity

• Maintaining system integrity

Brighterflow never sells personal data to third parties.

6. AI Usage & Data Handling

Brighterflow uses AI to power contextual workflow automation. To operate these features:

AI may process:

• Workflow history

• Relevant metadata

• User-provided inputs

• Context used to improve automation quality

AI does NOT:

• Train global or public models on your data

• Share your data outside your account’s context

• Store your data outside our controlled environment

We follow the principles described in our architecture and AI-memory documentation .

7. Legal Basis for Processing (GDPR)

We process personal data under the following legal grounds:

• Contractual necessity – to provide the service

• Legitimate interest – improving stability, preventing abuse

• Consent – when connecting third-party services via OAuth

• Legal obligations – tax and accounting requirements (billing)

8. Data Retention

We retain your data only as long as necessary:

Data TypeRetention PeriodAccount dataUntil account deletionOAuth tokensActive session only / until revokedWorkflow logs30–365 days (depending on plan)AI context/memoryUntil manually removed or workflow deletedBilling data7 years (legal obligation)

You may request deletion of all data at any time.

9. Sharing Your Data

We may share data only with trusted subprocessors, such as:

• Cloud hosting providers

• Database and storage infrastructure

• Email service providers

All subprocessors are GDPR-compliant and bound by data processing agreements.

We never sell or trade personal data.

We only share data with authorities if legally required (e.g., court order).

10. International Data Transfers

If data is transferred outside the EEA, we ensure:

• Standard Contractual Clauses (SCCs)

• Adequacy decisions, or

• Equivalent protections

You can request a list of subprocessors at any time.

11. Your Rights (GDPR)

You can exercise the following rights at any time:

✔ Right of access
✔ Right to rectification
✔ Right to erasure (“right to be forgotten”)
✔ Right to restrict processing
✔ Right to data portability
✔ Right to object
✔ Right to withdraw consent (e.g., OAuth access)

Contact us at privacy@brighterflow.io to submit a request.

12. Security Measures

We implement technical and organizational security measures, including:

• Encrypted storage of OAuth tokens

• HTTPS/TLS for all communications

• Role-based access controls

• Secure infrastructure with audit logs

• Periodic security reviews

We take data protection very seriously, especially given the business-critical workflows our customers run on Brighterflow .

13. Children’s Privacy

Brighterflow is not intended for individuals under the age of 18.
We do not knowingly collect data from minors.

14. Changes to This Policy

We may update this Privacy Policy to reflect new features or legal requirements.

We will notify you via:

• Email

• In-app notification

• Updated “Last Updated” date

Continued use of the Platform after updates means you accept the revised policy.

15. Contact

For privacy questions or GDPR requests:

Brighterflow
Email: info@brighterflow.io
Website: https://www.brighterflow.io