1. What We Do
Extraflow provides AI-powered processing that helps you automate your work. Our AI agents can assist with processing the order-to-cash flow of companies across various platforms and communications, multiple ERPs and email, WhatsApp, Slack.
To do this effectively, we need access to certain data but only what's necessary to provide our services.
2. Collected Information
- Account Information: Name, email address, company details, and payment information
- Platform Connections: Email, WhatsApp and your custom systems
- Note on Future Expansion: As we expand our integrations and features, we may process additional types of data from new systems and platforms. We will update this policy and notify you of any material changes to data processing activities.
- Usage data: How you interact with our service
- Device information: Browser type, IP address, operating system
- Performance data: To improve our AI and fix issues
3. Data Uses
- Provide our services: Execute tasks, respond to messages and process documents as instructed
- Improve our AI: Train and refine our models to better serve you
- Maintain and improve service quality: Our engineering team may access your data to debug issues, investigate problems reported by you, and develop new features to improve the service. When we use data for AI model training or improvement.
- Communicate with you: Send service updates, respond to questions, and provide support
- Ensure security: Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations: Meet regulatory requirements and respond to valid legal requests
What We Don't Do
- We don't sell your personal data to anyone
- We don't use your data for advertising to third parties
4. How We Share Information
We work with trusted third-party companies that help us operate our service (cloud hosting, payment processing, analytics). These providers are contractually required to protect your data and only use it for specified purposes.
A complete list of sub-processors is available upon request by contacting our Data Protection Officer.
We may disclose information when required by law, to enforce our terms, protect our rights, or respond to valid legal requests from authorities.
If Extraflow is acquired or merged with another company, your data may be transferred as part of that transaction. You'll be notified of any such change.
5. Data Security
We take security seriously and implement industry-standard measures to protect your data:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Internal Access Controls: Access to customer data is restricted to authorized personnel on a need-to-know basis:
- Engineering Team: Can access data for debugging, quality assurance, and feature development
- Customer Support: Can access data to troubleshoot issues and respond to your inquiries
- Security Team: Can access data to prevent fraud, abuse, and security incidents
- Regular security audits: We continuously test and improve our security measures
- Secure infrastructure: We use reputable cloud providers with strong security practices
However, no system is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security, who gives such a promise is lying.
6. Data Retention
- Active accounts: Data is retained while your account is active and you're using our services.
- After account deletion: We delete or anonymize your data within 90 days, except where we must retain it for legal compliance or legitimate business purposes.
- Backups: Deleted data may persist in backup systems for up to 90 additional days before permanent deletion.
You can request earlier deletion by contacting our Data Protection Officer.
7. Privacy Rights
Depending on where you live, you have specific rights regarding your data:
Global Rights
- Access: Request a copy of the data we hold about you
- Correction: Update or correct inaccurate information
- Deletion: Request that we delete your data (subject to legal obligations)
- Export: Receive your data in a portable format
- Opt-out: Unsubscribe from marketing communications
Additional Rights (GDPR - EU/UK/EEA)
- Object to processing: Oppose certain uses of your data
- Restrict processing: Limit how we use your data
- Withdraw consent: Revoke permission for processing based on consent
- File complaints: File a complaint with your local data protection authority
Additional Rights (CCPA/CPRA - California)
- Collected data: Learn what personal information we collect
- Selling of data: We do not sell personal information
- Non-discrimination: Exercise rights without facing discrimination
Additional Rights (Other Jurisdictions)
If you're in Brazil, Canada, Australia or other jurisdictions with privacy laws, you may have similar rights. Contact us to learn more.
To exercise your rights: Email our Data Protection Officer at legal@wiseverge.com
We'll respond to verified requests within 30 days (or as required by applicable law).
8. International Data Transfers
Extraflow is global. Your data may be processed in Portugal or other countries where our service providers operate.
When we transfer data internationally, we use approved mechanisms to ensure adequate protection:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognizing equivalent privacy protection
- Other lawful transfer mechanisms as appropriate
9. Children's Privacy
Extraflow is not intended for children under 16. We only collect business data, our platform is designed to be B2B. We do not knowingly collect data from children. If you believe we've inadvertently collected information from a child, please contact us immediately, and we'll delete it.
10. Policy Changes
This Privacy Policy may be updated from time to time to reflect changes in our platform, processes or legal requirements. When we make material changes, we'll:
- Update the "Last Updated" date at the top
- Notify you via email or through our service
- Give you the opportunity to review changes before they take effect (where required by law)
Your continued use of Extraflow after changes become effective means you accept the updated policy.
11. Contacts
Data Protection Officer: Our DPO can be reached at legal@wiseverge.com
We're committed to addressing your concerns as quickly as possible.