Privacy Policy

This Privacy Policy applies to everyone who interacts with DesignFlow — visitors browsing our website, clients who submit design requests, designers fulfilling those requests, and admins managing the platform.

• Account information. Your name, email, hashed password (or social-login identifier), profile picture, and role (client, designer, admin).
• Subscription & billing data. Plan selection, subscription status and a Stripe customer ID. Card numbers are neverstored on our servers — they are handled directly by Stripe.
• Design request content. Titles, descriptions, categories, priorities, comments, files you upload, and the deliverables our designers produce for you.
• Meeting bookings. The slot you booked, topic, optional message, and whether it was completed or cancelled.
• Activity & notifications. Status changes, comments, deliveries and other actions are stored in activity logs and used to generate in-app notifications for the relevant participants and administrators.
• Technical data. Limited log data such as IP address, browser type, pages visited and timestamps, used for security, debugging and abuse prevention.

• To create and manage your account and authenticate sessions.
• To deliver the Service — routing requests to designers, tracking status, exchanging files, and notifying you of progress.
• To process subscription payments and prevent fraud (via Stripe).
• To send transactional notifications (e.g. delivery ready, comment received, meeting booked or completed).
• To improve the product, debug issues and analyse usage in aggregate.
• To comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use design content you upload to train third-party AI models.

• Youcan see all data tied to your account — your requests, comments, files, bookings and notifications.
• Your assigned designer can see the requests they are working on, the files attached, and any non-internal comments.
• Admins can see all users, requests, deliveries, comments and meetings, in order to operate the platform and provide support.
• Internal notes added by the team are clearly marked and are not shared with clients.

• Stripe— payment processing and subscription management.
• Database & hosting providers— to store and serve your account, requests and uploaded files.
• Email provider— to send transactional emails (e.g. account verification, receipts).
• OAuth providers(e.g. Google) — only when you choose to sign in with them.

Each of these providers is bound by their own privacy and security obligations and only receives the minimum data needed to perform their function.

We use a small number of cookies that are strictly necessary to make DesignFlow work — for example, an authentication cookie that keeps you signed in, and a CSRF token that protects form submissions. We do not use third-party advertising or cross-site tracking cookies.

We keep your account and request data for as long as you have an active account and for a reasonable period afterwards to comply with legal, accounting and dispute-resolution obligations. You can ask us to delete your account at any time (see “Your rights” below); some records (e.g. invoices) may be retained where required by law.

We protect your data with industry-standard practices: encrypted transport (HTTPS), hashed passwords, role-based access controls inside the dashboard, and least-privilege access to production systems. No system is perfectly secure — if we ever discover a breach that affects your data, we will notify you and the appropriate authorities as required by law.

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• delete your account and associated personal data (subject to limited legal retention obligations);
• export your data in a portable format;
• object to or restrict certain processing; and
• withdraw consent where processing is based on consent.

To exercise any of these rights, email hello@designflow.app from the address tied to your account. We will respond within a reasonable timeframe.

DesignFlow operates globally. Your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect international transfers.

DesignFlow is not intended for children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, notify active users by email or in-app message before the change takes effect.

Questions, concerns, or privacy requests? Reach us at hello@designflow.app.