Privacy Policy

How TeamFlow collects, uses, and protects your information

Last Updated:

Table of Contents

1. Introduction

Welcome to TeamFlow ("we," "our," or "us"). TeamFlow is a team collaboration and workflow automation platform that enables teams to manage projects, track tasks, communicate in real-time, and automate workflows.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use our services.

By using TeamFlow, you consent to the data practices described in this policy. We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Information We Collect

2.1 Account and Profile Information

Purpose: To create and manage your account, authenticate you, and personalize your experience.

Information Collected:

  • Email Address: Required for account creation, authentication, and communication. We use your email to send you important notifications, account updates, and service-related communications.
  • Display Name: Used to identify you within the platform and in team communications.
  • Profile Picture/Avatar: Optional image that helps team members visually identify you in the platform.
  • Country Code: Optional information used for localization and to provide region-specific features.
  • Contact Information: Optional additional contact details you choose to provide, such as phone numbers or alternative email addresses.
  • Theme Preference: Your choice of light or dark mode for the user interface.
  • Role Information: Your assigned role (Admin, Manager, or Member) which determines your access permissions within teams and projects.

2.2 Google OAuth Authentication Data

Purpose: To provide secure single-sign-on authentication using your Google account, eliminating the need for a separate password.

Information Collected:

  • Google Account Email: Your Google account email address, used for account identification and communication.
  • Name Information: Your full name, given name (first name), and family name (last name) from your Google account.
  • Profile Picture URL: Link to your Google profile picture, used to display your avatar in TeamFlow.
  • Locale Preferences: Your language and regional preferences from Google, used to customize your experience.
  • Email Verification Status: Whether your Google email address has been verified by Google.
  • OAuth Tokens: Encrypted access and refresh tokens that enable secure authentication. These tokens are stored in encrypted form and are never shared with third parties.

OAuth Scopes: We only request the minimum OAuth scopes necessary for authentication (email, profile). We do not access your Google Drive, Gmail, or any other Google services beyond basic profile information.

2.3 Team and Collaboration Data

Purpose: To enable team collaboration, task management, project tracking, and workflow automation.

Information Collected:

  • Team Memberships: Information about teams you belong to, your role within each team, and your relationships with other team members (including reporting manager relationships).
  • Tasks and Projects: All tasks you create, are assigned to, or collaborate on, including task titles, descriptions, priorities, statuses, due dates, and assignment information.
  • Messages and Communications: All messages you send or receive through TeamFlow, including direct messages, channel messages, and comments on tasks. This includes text, images, and file attachments.
  • File Uploads and Attachments: Files you upload, share, or attach to tasks, messages, or projects. This includes documents, images, and other media files.
  • Workflow Configurations: Automation rules, triggers, and actions you create to automate team workflows.
  • Calendar Events: Events, meetings, and reminders you create or are invited to within TeamFlow.
  • Task Updates and Comments: Updates, status changes, and comments you make on tasks and projects.

2.4 Device Permissions and Access

Purpose: To enable specific app features that enhance your collaboration experience.

Permissions Requested:

  • Camera Permission: Requested when you choose to take photos for your profile picture or attach images to messages and tasks. We do not access your camera without your explicit action.
  • Storage Permission: Requested to allow you to upload files, save images, and access documents from your device for sharing with your team. We only access files you explicitly choose to share.
  • Calendar Permission: Requested to sync events, schedule meetings, and set reminders. We only access calendar information you explicitly choose to sync.
  • Microphone Permission: Optional permission requested only if you choose to record voice messages. We do not record audio without your explicit action.
  • Internet and Network State: Required for the app to function and synchronize data with our servers.
Important: All device permissions are optional and requested only when you use features that require them. You can deny any permission and still use the core app functionality. You can revoke permissions at any time through your device settings.

2.5 Technical and Usage Data

Purpose: To ensure app functionality, security, performance optimization, and to provide technical support.

Information Collected:

  • Session Information: Authentication tokens, session IDs, and login timestamps. All tokens are encrypted and stored securely.
  • Device Information: Device type, operating system version, app version, and device identifiers necessary for push notifications and app functionality.
  • Network Information: Network connection status (online/offline) to enable offline functionality and data synchronization.
  • Usage Analytics: Anonymized and aggregated data about how you use the app, such as feature usage patterns, to help us improve the user experience. This data cannot be used to identify you personally.
  • Error Logs: Technical error information to help us diagnose and fix issues. These logs may include device information but do not include personal content.

2.6 Information We Do Not Collect

We do not collect:

  • Your device's location data
  • Your contacts list (unless you explicitly choose to import contacts)
  • Your browsing history or activity outside of TeamFlow
  • Biometric data (except for optional biometric authentication on your device, which is handled entirely by your device's operating system)
  • Payment or financial information (if we add payment features in the future, this will be handled by secure third-party payment processors)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • To create and manage your account
  • To authenticate you and provide secure access to the platform
  • To enable team collaboration, task management, and project tracking
  • To facilitate real-time messaging and communication
  • To process and deliver file uploads and attachments
  • To execute workflow automations you configure
  • To sync calendar events and send reminders
  • To provide offline functionality and data synchronization

3.2 Communication

  • To send you important account and service-related notifications
  • To deliver push notifications for messages, task assignments, and mentions
  • To respond to your inquiries and provide customer support
  • To send you updates about new features, security updates, and service changes (you can opt out of marketing communications)

3.3 Security and Safety

  • To detect, prevent, and address security threats and fraudulent activity
  • To verify your identity and prevent unauthorized access
  • To enforce our Terms of Service and protect the rights and safety of our users
  • To comply with legal obligations and respond to legal requests

3.4 Improvement and Analytics

  • To analyze usage patterns and improve our services
  • To develop new features and functionality
  • To optimize app performance and fix technical issues
  • To conduct research and analytics (using anonymized, aggregated data)

3.5 Personalization

  • To customize your experience based on your preferences (theme, language, etc.)
  • To personalize content and recommendations
  • To remember your settings and preferences

4. Data Sharing and Disclosure

We respect your privacy and do not sell your personal information. We may share your information only in the following circumstances:

4.1 Within Your Teams

Your team members can see:

  • Your display name, profile picture, and role within shared teams
  • Tasks, projects, and messages you create or are assigned to within shared teams
  • Files you upload or share within team contexts
  • Your activity and contributions within team workspaces
Note: You control which teams you join and what information you share within each team. Private messages are only visible to you and the recipient.

4.2 Service Providers

We may share information with trusted third-party service providers who help us operate our services:

  • Cloud Storage Providers: To store files and attachments (e.g., AWS S3, Google Cloud Storage)
  • Hosting and Infrastructure: To host our servers and databases
  • Analytics Services: To analyze app usage (using anonymized data)
  • Push Notification Services: To deliver push notifications (e.g., Firebase Cloud Messaging)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal processes, such as court orders or subpoenas
  • Government requests or regulatory requirements
  • Protection of our rights, property, or safety, or that of our users
  • Investigation of potential violations of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols
  • At Rest: Sensitive data, including passwords and OAuth tokens, is encrypted before storage in our databases
  • Local Storage: Data stored locally on your device is encrypted using Android's secure storage mechanisms

5.2 Authentication Security

  • JWT (JSON Web Tokens) with secure token expiration and refresh mechanisms
  • OAuth tokens stored in encrypted form
  • Password hashing using bcrypt with industry-standard algorithms
  • Secure token storage using Android Keystore for sensitive credentials

5.3 Access Controls

  • Role-based access control to ensure users only access data they're authorized to see
  • Regular security audits and access reviews
  • Limited access to personal data by our employees, only as necessary for service provision

5.4 Infrastructure Security

  • Secure server infrastructure with regular security updates
  • Database security measures including connection encryption and access controls
  • Regular security monitoring and threat detection
  • Incident response procedures for security breaches
Important: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

  • Access Your Data: You can view and access your personal information through your account settings
  • Data Export: You can request a copy of your data in a machine-readable format

6.2 Modification and Updates

  • Update Profile: You can update your display name, profile picture, contact information, and preferences at any time through your account settings
  • Edit Content: You can edit or delete tasks, messages, and files you create (subject to team permissions)

6.3 Deletion

  • Delete Account: You can request deletion of your account and personal data. We will delete your account and personal information, except where we are required to retain it for legal or legitimate business purposes
  • Delete Content: You can delete individual tasks, messages, and files you create
Note: When you delete your account, your personal information will be removed, but content you've shared with teams (such as messages or tasks) may remain visible to other team members as part of the team's collaborative history. We will anonymize your contributions where possible.

6.4 Permission Controls

  • You can revoke device permissions (camera, storage, calendar, microphone) at any time through your device settings
  • You can unlink your Google account from TeamFlow through your account settings (if you have an alternative authentication method)
  • You can opt out of push notifications through your device or app settings

6.5 Communication Preferences

  • You can opt out of marketing emails while still receiving important service-related communications
  • You can control notification preferences for different types of activities (messages, task assignments, mentions, etc.)

6.6 Exercising Your Rights

To exercise any of these rights, please:

  • Use the settings and controls available in the TeamFlow app
  • Contact us using the information provided in the "Contact Us" section below

We will respond to your request within 30 days, subject to applicable law.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Account Information: Retained while your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
  • Team and Collaboration Data: Retained as long as the team or project exists, or until you delete specific content. Deleted content is permanently removed from our systems within 30 days.
  • OAuth Tokens: Retained while your Google account is linked. Tokens are automatically refreshed and old tokens are securely deleted.
  • Session Data: Session tokens expire according to our security policies. Expired sessions are automatically deleted.
  • Analytics Data: Anonymized analytics data may be retained for longer periods for research and improvement purposes.

We may retain certain information for longer periods if required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes.

8. Children's Privacy

TeamFlow is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. International Data Transfers

TeamFlow may store and process your information in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer your information internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by data protection authorities
  • Compliance with applicable data protection laws
  • Implementation of security measures consistent with this Privacy Policy

By using TeamFlow, you consent to the transfer of your information to countries outside your country of residence.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending you an email notification (if you have provided an email address)
  • Displaying a prominent notice in the app

Your continued use of TeamFlow after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

TeamFlow Privacy Team

Email: privacy@teamflowapp.com
Through the TeamFlow app: Settings → Help & Support

We will respond to your inquiry within 30 days.

For Users in the European Economic Area (EEA):

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

For Users in California:

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of the sale of personal information (we do not sell your personal information).

Back to Home