Legal
Privacy Policy
Your privacy is important to us. It is Sysflows Corporation's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://sysflows.com, and other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name and address), your devices, payment details, and even information about how you use a website or online service.
In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
Scope of This Policy
We provide a software-as-a-service platform that our business customers use to operate their own services (for example, IT service management, support, and ticketing). It is important to distinguish two kinds of data:
Data we control. This privacy policy describes how we handle personal information for which we act as the data controller: for example, information about visitors to our website, prospective customers, and the administrators and billing contacts at our business customers, as well as information we collect for our own marketing, security, and business operations.
Customer content we process. When a business customer uses our platform, the data they and their end users submit into their account (such as tickets, messages, attachments, and the personal information of their own users and customers) is "customer content." For customer content, the business customer is the data controller and we act as a data processor / service provider on their behalf. Our handling of customer content is governed by our agreement with that customer (including our Data Processing Addendum), not by this privacy policy. If you are an end user interacting with one of our customers through our platform, please direct privacy questions and rights requests to that customer.
Information We Collect
Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.
"Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
"Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our products and services.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Device Data
When you visit our website or interact with our services, we may automatically collect data about your device, such as:
- Device Type
- Operating System
- Unique device identifiers
- Device settings
- Geo-location data
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
Personal Information
We may ask for personal information (for example, when you create an account, purchase a subscription, sign up for product updates, or contact us), which may include one or more of the following:
- Name
- Job title and company/organization
- Phone/mobile number
- Billing and mailing address
- Account log-in credentials
Sensitive Personal Information
Some of the information we collect (such as precise geolocation data and account log-in or security credentials) may be considered "sensitive personal information" under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, "CPRA"), "sensitive data" under other U.S. state privacy laws, or a "special category" of data under the GDPR.
Where required by applicable law, we will obtain your opt-in consent before processing sensitive data, and we use and disclose sensitive personal information only for purposes permitted by law or otherwise disclosed to you. Where the CPRA applies, you have the right to limit our use and disclosure of your sensitive personal information to those uses necessary to provide the services you have requested. To exercise this right, contact us using the details in the Contact Us section.
Content You Submit Through the Platform
When you use our platform, you and your users may submit content such as tickets, messages, comments, attachments, and configuration data ("content"). This content is associated with the relevant account. We process this content to provide and support the service.
Where this content is submitted within a business customer's account, it is "customer content" and is handled as described in the "Scope of This Policy" section: we act as a processor on the customer's behalf, and the customer's agreement governs. Unlike a public forum or community, content submitted through the platform is not published publicly by us; it is accessible only to the relevant account and to us as needed to operate and support the service, except where you or your account administrator choose to make specific content available to others (for example, a public knowledge-base article).
Transaction Data
Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
Legitimate Reasons for Processing Your Personal Information
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Collection and Use of Information
We may collect personal information from you when you do any of the following:
- Register for an account or set up a trial
- Purchase or renew a subscription
- Configure or use the platform and its features
- Sign up to receive product updates or marketing from us
- Respond to a survey or provide feedback
- Contact our sales or support teams
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform's core features and services
- to enable you to customize or personalize your experience of our service
- to deliver products and/or services to you and to administer your account and subscription
- to contact and communicate with you, including about service, security, and support matters
- for analytics, market research, and business development, including to operate and improve our website, platform, and associated applications
- for marketing, including to send you information about our products and services where permitted (you can opt out at any time)
- for internal record keeping and administrative purposes
- to comply with our legal obligations and resolve any disputes that we may have
- for security and fraud prevention, and to ensure that our service is safe, secure, and used in line with our terms of use
- for technical assessment, including to operate and improve our platform and associated applications
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, If you provide us with your location, we may combine this with general information about currency and language to provide you with an enhanced experience of our site and service.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification. Among these measures, we encrypt personal information at rest and in transit. Our information security program is designed to be aligned with the ISO/IEC 27001 framework.
To provide sign-in and route each user to the correct account, we maintain a limited central directory of account login identifiers (such as agent email addresses) that is separate from the per-account data stores in which content is held. This central directory is hosted in the United States.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
In general, we determine retention periods using the following criteria: how long your personal information is needed to provide our services; whether you maintain an active account with us; whether we have a legal, accounting, contractual, or reporting obligation to retain it; and whether retention is advisable in light of our legal position (such as applicable statutes of limitations, litigation, or regulatory investigations). Representative retention periods for key categories of data are as follows: account data retained for the duration of the account plus 6 months; transaction and billing records retained for 10 years for tax and accounting compliance; marketing data retained until you unsubscribe; support communications retained for 6 months.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Children's Privacy
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as reasonably possible.
For users between the ages of 13 and 16, where required by applicable law, we will not sell or share their personal information without opt-in consent from the user or, where applicable, their parent or legal guardian. Where the GDPR applies, please also see the age-of-consent provisions in the GDPR section below.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
- a parent, subsidiary, or affiliate of our company
- third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
- our employees, contractors, and/or related entities
- our existing or potential agents or business partners
- credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
- third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
- DigitalOcean: hosting and infrastructure
- Stripe: payment processing
- MailChimp: email and marketing communications
- SalesMate: customer relationship management
Sale and Sharing of Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising or targeted advertising, as those terms are defined under the CPRA and similar U.S. state privacy laws. We have not sold or shared personal information in this manner in the preceding 12 months. We disclose personal information to service providers and processors only as needed to operate and support our services, as described in the "Disclosure of Personal Information to Third Parties" section, and under contracts that restrict their use of that information to those purposes. These statements describe our intentional business practices; any inadvertent or unauthorized disclosure is treated as a security incident and handled under the "Security of Your Personal Information" and "Notification of data breaches" sections, not as a sale or share.
Artificial Intelligence, Automated Decision-Making, and Profiling
Our services include artificial intelligence and machine-learning features that may process customer content and other data to provide functionality such as ticket triage and routing, suggested replies, summarization, and knowledge-base assistance.
We do not use your data, including customer content processed through our AI features, to train our own or any third party's general-purpose or foundational AI models. AI processing is performed solely to deliver the service to you. We use Anthropic as our AI provider. Our use of Anthropic's Claude API is governed by Anthropic's Commercial Terms of Service, under which Anthropic acts as a service provider / processor and does not train its models on the inputs or outputs we send; Anthropic's Data Processing Addendum is incorporated into those commercial terms.
We do not use your personal information to make decisions about you that produce legal or similarly significant effects through solely automated means. Where required by applicable law (including the GDPR and certain U.S. state privacy laws), you have the right to obtain meaningful information about automated processing that does apply to you, to object to or opt out of such processing, and in some cases to request human review. To exercise these rights, contact us using the details in the Contact Us section.
Your Rights and Controlling Your Personal Information
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Downloading of Personal Information: We provide a means for you to download the personal information you have shared through our site. Please contact us for more information.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
How to Exercise Your Rights
You can exercise the privacy rights described in this policy by contacting us at privacy@sysflows.com
Verification: To protect your information, we will take reasonable steps to verify your identity before responding to a request. This may involve asking you to confirm information we already hold about you. We will not use information collected for verification for any other purpose.
Response timing: We will respond to your request within the timeframe required by applicable law, for example, within 45 days for verifiable consumer requests under the CCPA/CPRA, with the possibility of one extension where reasonably necessary and permitted. We will let you know if we need additional time.
Authorized agents: You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof that you gave them signed permission to act for you, and we may require you to verify your own identity directly with us.
Appeals: If we decline to take action on your request, you may appeal our decision where applicable law provides an appeal right (as several U.S. state privacy laws now require). To appeal, contact us at privacy@sysflows.com with "Privacy Rights Appeal" in the subject line. We will respond within the time required by law. If your appeal is denied, you may contact the relevant attorney general or data protection authority.
Use of Cookies
We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to the "Cookies and Pixels" section below for more information.
Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Additional Disclosures for Australian Privacy Act Compliance (AU)
International Transfers of Personal Information
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data Processor
The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of other organizations (known as "data processors"). We, Sysflows Corporation, a Delaware corporation located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.
EU/EEA & UK GDPR Representatives (Article 27)
If you are located in the EU/EEA or the UK and have questions or concerns regarding your personal data, you may contact our appointed GDPR representative:
EU Representative:
Euverify Ltd (Ireland)
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork
T23 AT2P, Ireland
Email: gdpr@euverify.com
UK Representative:
Euverify Ltd (UK)
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
United Kingdom
Email: gdpr@euverify.com
To submit a Data Subject Access Request (DSAR), a data deletion request, or any other GDPR-related inquiry, you may use our representative's secure portal, which also allows you to verify our appointed representative: https://gdpr.euverify.com/verify/9b9b6b80-d2e7-4ed0-a902-693c753eadb3. Requests submitted through this portal are logged and tracked to help ensure a timely response.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian's consent to process your personal information for that specific purpose.
Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:
Consent From You
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. For example, you may consent to receiving marketing communications from us, and you may withdraw that consent at any time by unsubscribing. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Performance of a Contract or Transaction
Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.
Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Your Rights and Controlling Your Personal Information
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Additional Disclosures for California Compliance (US)
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.
To make such a request, please contact us using the details provided in this privacy policy with "Request for California privacy information" in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.
Do Not Track and Universal Opt-Out Signals
Some browsers have a "Do Not Track" (DNT) feature that lets you signal to websites that you do not want your online activities tracked. There is currently no consistent industry standard for recognizing or honoring DNT signals, and at this time we do not respond to browser DNT signals.
Separately, certain browsers and extensions can send a Global Privacy Control (GPC) or similar universal opt-out preference signal. Where required by applicable law, we treat a valid GPC signal as a request to opt out of the sale or sharing of personal information for the browser or device from which it is sent.
We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.
Cookies and Pixels
At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser's capabilities. Where required by applicable law (including for visitors in the EU and UK), we will ask for your consent before setting non-essential cookies, and you can withdraw that consent at any time.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
- Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account.
- Customer records, such as billing address and payment information processed by our payment provider.
- Commercial information, such as subscription and purchase history.
- Internet or network activity, such as your interactions with our website and platform.
- Geolocation data (general location derived from IP address).
- Inferences drawn from the above, such as your likely product interests.
For more information on information we collect, including the sources we receive information from, review the "Information We Collect" section. We collect and use these categories of personal information for the business purposes described in the "Collection and Use of Information" section, including to provide and manage our service.
Right to Know and Delete
If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, please contact us using the details provided in this privacy policy.
Right to Correct and Limit (CPRA)
If you are a California resident, you also have the right to request that we correct inaccurate personal information we maintain about you, and the right to limit our use and disclosure of your sensitive personal information as described in the "Sensitive Personal Information" section. To exercise these rights, contact us using the details provided in this privacy policy.
Shine the Light
If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California's "Shine the Light" with third parties and affiliates for their own direct marketing purposes.
To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code.
Additional Disclosures for Other U.S. State Privacy Laws
Residents of certain other U.S. states, including (among others) Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive consumer privacy laws now in effect, may have rights similar to those described in the California sections above. Depending on your state, these can include the rights to: confirm whether we process your personal data and access it; correct inaccuracies; delete personal data; obtain a portable copy of your data; and opt out of targeted advertising, the sale of personal data, and certain profiling.
Where required by applicable law, we also provide a process to appeal a refusal to act on your request, as described in the "How to Exercise Your Rights" section. The specific rights available to you, and any applicable thresholds or exemptions, depend on your state of residence and the relevant law. To exercise any of these rights, contact us using the details in the Contact Us section.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
Sysflows Corporation
Attn: Privacy Officer
8 The Green #19288
Dover, DE, 19901, United States
privacy@sysflows.com