Privacy Policy

1. Who we are

ConsentFlow ("we", "us", or "our") provides AI-assisted consent forms and electronic signature services. This Privacy Policy explains what personal information we collect when you use our website and services at consentflow.app, how we use it, and the rights you have over it.

For the purposes of the EU/UK GDPR, ConsentFlow is the controller of personal data about its account holders (senders), and a processor of personal data about signers and recipients on behalf of those account holders.

2. What we collect

Information you give us

• Account data: name, email address, hashed password, and (for paid plans) billing details processed by our payment provider.
• Document content: the text, prompts, and templates you create or upload, plus the recipient names and emails you send them to.
• Signature data: typed or drawn signatures, signer name, email, and any form-field responses provided by recipients.
• Support communications: messages you send us via chat, email, or forms.

Information collected automatically

• Audit-trail data: IP address, user-agent string, and timestamps for each view, sign, and download event — required to make signed documents legally defensible.
• Usage data: pages viewed, features used, request timing, and error logs.
• Cookies and similar technologies: see Section 10.

Information from third parties

• Google Drive (optional): if you connect your Google account, we receive a refresh token and the ID of the folder you select. We use the limited drive.file scope, which only allows us to create files in folders you have explicitly authorized — we cannot read or modify any other files in your Drive.
• Payment provider: Stripe sends us subscription status, plan, and the last four digits of your card. We never see or store full card numbers.

3. How we use your data

We use personal data to:

• Create, send, sign, and store your consent documents.
• Generate the legally required audit trail for each signature.
• Deliver signed PDFs by email and (if you've connected it) to your Google Drive folder.
• Operate, secure, and improve our services, including debugging and abuse prevention.
• Process payments and manage your subscription.
• Send transactional emails (signature requests, reminders, receipts) and, with your consent, occasional product updates.
• Comply with legal obligations and enforce our Terms of Service.

4. Email communications

We send the following categories of email. For account holders (senders), ConsentFlow is the controller. For people who receive a sender's documents (recipients), we send on behalf of that sender as a processor.

• Magic-link sign-in — sent to account holders on request, to authenticate access. Required to use the Service.
• Signing requests & reminders — sent to the recipients a sender lists on a document. The sender can disable reminders per document, and a recipient can stop further reminders for a document by following the instructions in the email or by replying to it.
• Signed-PDF receipts — sent to all parties when a document is completed. These are transactional records of a contract; they cannot be opted out of without losing the signed copy.
• Billing notices — sent to account holders for receipts, payment failures, and subscription changes. Required to operate a paid account.
• Service announcements — sent occasionally for material changes to the Service, security notices, or legal updates. Required to operate the account.
• Product updates & marketing — only with separate opt-in. You can withdraw consent at any time using the unsubscribe link in any such message or from Settings.

Legal bases (EU/UK GDPR & PECR). Magic-link, signing, receipt, billing, and service-announcement emails are sent on the lawful bases of contract performance and our legitimate interest in operating a service the user requested. Marketing emails are sent only on the basis of prior consent under Article 6(1)(a) GDPR and Regulation 22 of the UK PECR. Recipients of a sender's documents receive emails under the lawful basis the sender has identified for that contact (typically consent, contract, or the sender's legitimate interest in concluding a transaction with the recipient); senders are responsible for that basis under our Terms of Service.

U.S. CAN-SPAM. All emails sent through the Service identify ConsentFlow and the originating sender, describe why the recipient is receiving the message, include ConsentFlow's postal address as technical sender, and offer a way to stop further messages of the same type.

To opt out of marketing, or to request that we stop sending recipient-side reminders for a specific document, email privacy@consentflow.app.

5. Legal bases (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract: to provide the service you signed up for.
• Legitimate interests: to secure our service, prevent fraud, and improve our product.
• Legal obligation: to retain audit-trail records and respond to lawful requests.
• Consent: for non-essential cookies, marketing emails, and optional integrations such as Google Drive. You can withdraw consent at any time.

6. Sharing & subprocessors

We do not sell your personal data. We share it only with the service providers we need to run ConsentFlow:

• Replit — application hosting and database infrastructure.
• Stripe — payment processing and subscription management.
• SendGrid — transactional email delivery.
• Google (Drive API) — only when you explicitly connect a Google account.
• OpenAI / Anthropic — AI generation of document drafts (no training on submitted content).
• Meta — conversion measurement via the Meta Pixel and Conversions API on marketing pages only (see Cookies).

We may also disclose information if required by law, to protect our rights, or in connection with a corporate transaction (e.g. merger or acquisition), in which case we will notify you in advance.

7. Data retention

• Active accounts: we keep your data for as long as your account is open.
• Signed documents and audit trails: retained for the life of your account plus 7 years thereafter, to support the legal enforceability of signatures.
• Closed accounts: non-essential personal data is deleted within 90 days of account closure; signed documents follow the rule above.
• Backups: data may persist in encrypted backups for up to 35 days after deletion.

8. Security

We use industry-standard safeguards to protect your data:

• TLS encryption in transit for all traffic.
• Encryption at rest for our databases and object storage.
• Sensitive tokens (such as Google Drive refresh tokens) are encrypted with a separate application-level key before being written to the database.
• Passwords are stored as salted, slow-hashed digests — never in plain text.
• Role-based access controls and audit logging on internal systems.

No system is perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and the appropriate regulators within the timeframes required by law.

9. Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data ("right to be forgotten"), subject to legal retention requirements.
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@consentflow.app. We will respond within 30 days.

You can also delete most of your data yourself from Settings, or revoke our access to your Google Drive at any time at myaccount.google.com/permissions.

10. Cookies & tracking

We use a small number of cookies and similar technologies:

• Essential: session and authentication tokens. These are required for the service to work and cannot be disabled.
• Analytics: a first-party identifier stored in localStorage to count unique visits to marketing pages.
• Advertising measurement: the Meta Pixel runs only on public marketing pages (home, pricing) to measure ad performance. It is not loaded inside the signing flow or the authenticated app.

You can clear cookies and local storage in your browser settings at any time.

11. International transfers

ConsentFlow is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US and other countries where our subprocessors operate. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent mechanisms to lawfully transfer personal data out of the EEA, UK, or Switzerland.

12. Children

ConsentFlow is not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify account holders by email and update the "Last updated" date at the top of this page. Continued use of the service after the change constitutes acceptance of the updated policy.

14. Contact us

For privacy questions, data requests, or to report a concern, email us at privacy@consentflow.app.