Privacy Policy

This Privacy Policy describes how VowFlow handles personal data collected through the service.

We collect the data you provide directly: account info (email, name), organization data (members, commitments, payments), and usage data needed to operate the platform. We do not sell personal data to third parties.

Data is stored on infrastructure operated by Supabase and Vercel, with row-level security enforcing per-organization isolation. Backups are encrypted at rest. Only personnel with operational need access production data.

You can request export or deletion of your organization's data at any time by emailing support. We retain backups for up to 30 days after deletion for disaster recovery.

Members of communities you administer are data subjects under regulations like the GDPR. You are the controller; VowFlow is the processor. We honor verified subject access requests routed through the org administrator.

Privacy questions? Email privacy@vowflow.io.