EFT Flow

Privacy Policy

Effective date: February 26, 2026

Summary: EFT Flow is built as a local-first desktop application. Your payment reports are processed on your computer (not uploaded for processing). We collect only the data needed to operate accounts, licensing, billing, and support.

1) What we collect

  • Account identity: your email address (used for OTP sign-in and licensing).
  • Website form data: contact form details (name, email, company, topic, bank, export source, message), plus IP address and referring page for abuse prevention and context. Submissions are emailed to support; the website does not maintain a separate contact database.
  • Billing data: Stripe customer ID, subscription ID, payment intent ID, plan type, status, and Stripe event IDs (webhook dedupe). We do not store full card numbers.
  • Licensing data: device activations, hashed device identifiers, device tokens (stored as hashes), entitlement status, seat count, paid-through timestamps, and device revoke/last-seen timestamps.
  • Security and audit logs: request IDs, event types, reason codes, success/error codes, IP address, app version, and related org/device/identity IDs. Logs may include limited telemetry metrics.
  • Minimal telemetry (sent by the app when online): app version, OS/platform, license type, blocked actions, and vendor count totals/exports. No payment report contents, vendor names, or banking details are transmitted.
  • Support data: messages you send us and any attachments you choose to provide.

2) Cookies and website data

  • We use functional session cookies to protect forms (CSRF protection) and rate-limit abuse.
  • We do not run third-party analytics or advertising pixels on the marketing site.

3) What we do not collect

  • We do not upload your payment report to our servers for processing.
  • We do not store your bank portal credentials or full card numbers.

4) How we use information

  • Provide and secure your account and licensing
  • Send OTP sign-in codes and license artifacts
  • Process billing and manage subscriptions via Stripe
  • Prevent abuse and keep systems reliable
  • Respond to support and sales requests

5) Data retention

We retain account, licensing, and billing records as needed for legal, tax, and operational requirements. OTP codes are stored only as hashes and expire quickly. Support communications may be retained to improve support quality and continuity.

6) Your choices

  • You can request account deletion by contacting support.
  • You can choose what you share with support (e.g., redacted files).

7) Contact

Privacy questions: support@eftflow.ca