01Introduction
This Privacy Policy explains how NextFlow CRM Ltd. ("NextFlow", "we", "us") collects, uses, and protects information when you visit nextflowcrm.com or use our products.
We aim to be plain-English about this. If anything below is unclear, write to us at info@nextflowcrm.com and a real person will answer.
02Who we are
Data controller: NextFlow CRM Ltd., a company registered in England & Wales (Co. No. 14829731), with its registered office at Unit 4, Cobalt Park, Newcastle upon Tyne, NE27 7BJ.
For data we process on behalf of our customers (their leads and contacts), we act as a processor - see our Data Processing Addendum.
03What we collect
Information you give us
- Account details - name, email, business name, billing address
- Content you upload - messages, quotes, customer records, files
- Payment details - processed by Stripe, never stored on our servers
Information we collect automatically
- Device + browser metadata, IP address (truncated after 30 days)
- Product usage events - what features you click, error logs
- Aggregate analytics via our first-party event store (no third-party trackers)
04How we use it
We use personal data to operate, maintain, and improve NextFlow. Concretely:
- Provide the product and account-related notifications
- Send transactional emails (receipts, password resets, billing)
- Diagnose problems and prevent abuse
- Build aggregate, anonymous product analytics
- Respond to your support tickets and feedback
We do not sell personal data. We do not use customer content to train AI models.
05Sharing & sub-processors
We share data only with the sub-processors we need to run NextFlow:
- Stripe - payment processing (PCI-DSS Level 1)
- AWS (eu-west-2, London) - hosting and storage
- Postmark - transactional email delivery
- Anthropic - AI suggestion generation (no training on your data)
The full and current list is available on request - email info@nextflowcrm.com.
06Your rights
Under UK GDPR you may request to:
- Access a copy of your personal data
- Correct inaccurate data
- Delete your data (subject to legal retention requirements)
- Export your data in a portable format
- Object to or restrict certain processing
- Withdraw consent at any time
To exercise any of these, email info@nextflowcrm.com. We respond within 30 days.
07Retention
We keep your data for as long as your account is active. When you close your account we permanently delete it within 30 days, except where law requires longer retention (e.g. financial records for 7 years). Backups roll off within 35 days.
08Cookies
We use a single first-party cookie (nf_session) to keep you logged in. We don't use third-party tracking cookies. We don't run advertising trackers.
09Changes to this policy
If we make material changes we'll email account owners and post a notice in-app at least 14 days before they take effect. The version number and effective date at the top of this page are always current.
10Contact
Questions, requests, complaints - write to info@nextflowcrm.com or visit our contact page.
If you live in the UK and are unsatisfied with how we handle your data, you may complain to the ICO.