Back to Home

Last updated: April 2026

Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in via OAuth providers (Google, GitHub), we receive your profile information from those services.

Company Information

Company registration details including name, address, tax ID, VAT number, billing email, and logo as provided by Company Administrators.

Usage Data

Projects, tasks, milestones, comments, activity logs, and all content you create within the Service. We also collect metadata such as IP addresses, browser type, device information, and access timestamps.

Payment Information

Payment processing is handled by Razorpay. We do not store credit card numbers or bank account details. We receive transaction IDs, payment status, and billing amounts from Razorpay.

2. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To process subscriptions and payments.
  • To send transactional emails (invitations, notifications, billing alerts).
  • To provide AI-powered features (data is sent to configured AI providers for processing).
  • To improve the Service through analytics and usage patterns.
  • To enforce our Terms of Service and prevent fraud.
  • To comply with legal obligations.

3. Data Storage

Your data is stored in PostgreSQL databases hosted on secure cloud infrastructure. Sensitive data (API keys, secrets) is encrypted using AES-256-GCM before storage. Database backups are encrypted and retained according to our backup policy.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • AI Providers: Task and project data sent to configured AI services (OpenAI, Anthropic) for AI features, processed per their privacy policies.
  • Payment Processor: Razorpay processes payment transactions under their own privacy policy.
  • Email Providers: Configured email services (AWS SES, Postmark, SMTP) for transactional emails.
  • Legal Requirements: When required by law, court order, or government request.

5. Cookies

We use essential cookies for authentication (session tokens) and security. We do not use third-party advertising or tracking cookies. Authentication cookies are HTTP-only and secure.

6. Your Rights

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Update or correct inaccurate personal data via your profile settings.
  • Deletion: Request deletion of your account and associated data.
  • Data Portability: Export your data in standard formats before account deletion.
  • Withdrawal of Consent: Withdraw consent for non-essential data processing at any time.

7. Data Retention

Active account data is retained for the duration of the account. Upon account deletion or company removal, data enters a 30-day grace period during which it can be recovered. After 30 days, data is permanently deleted. Payment records and invoices are retained for 7 years as required by Indian tax regulations.

8. Digital Personal Data Protection Act, 2023 (India)

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. We process personal data based on consent and legitimate interests. You have the right to grievance redressal as provided under the DPDP Act. Our Data Protection Officer can be reached at [email protected].

9. Security

We implement industry-standard security measures including encryption at rest and in transit, multi-factor authentication, role-based access control, regular security audits, and incident response procedures.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification. The updated policy will be effective upon posting on this page.

11. Contact

For privacy-related inquiries, contact our Data Protection Officer at [email protected].

© 2026 ProjectFlow PMS. All rights reserved.

TermsPrivacyRefundPayment