Privacy Policy

1. Information We Collect

When you create an account on LineraFlow, we collect personal information such as your name, email address, and assigned role within your organization. This information is necessary to provision your account and manage access to the Service.

As you use the Service, we collect and store the business data you upload, including product catalogs, inventory records, order information, and customer data. This data is stored within your account and is subject to the data isolation protections described in this policy.

We automatically collect usage data such as server logs, feature usage analytics, access timestamps, and IP addresses. This data helps us maintain service reliability, diagnose issues, and improve the platform.

Payment information is processed securely by Stripe, our third-party payment processor. We do not store your credit card numbers, bank account details, or other sensitive financial data on our servers. We retain only transaction identifiers and billing metadata necessary for subscription management.

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

2. How We Use Your Information

We use your information to provide, operate, and maintain the Service, including processing your transactions, managing your subscription, and delivering the features you rely on for your business operations.

We send transactional notifications related to your account and usage of the Service, such as invitation emails, password reset requests, and order confirmations. These communications are delivered through Azure Communication Services and are essential to the operation of the Service.

We analyze aggregated usage patterns to improve platform performance, develop new features, and enhance the user experience. This analysis is performed on anonymized or aggregated data whenever possible.

We use your information to enforce our Terms of Service, prevent fraud or abuse, and respond to support requests and inquiries from you or your organization.

3. Data Storage and Security

All data is hosted on Microsoft Azure infrastructure, utilizing enterprise-grade security controls including encryption in transit (TLS 1.2+) and encryption at rest for all stored data.

Your data is logically isolated within our secure shared infrastructure with isolated accounts. Strict access controls and data isolation rules ensure that each organization's data remains separate and inaccessible to other accounts.

We conduct regular security reviews and follow industry best practices for application security, including input validation, parameterized queries, and principle of least privilege for all system components.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable safeguards.

4. Account Data Isolation

LineraFlow operates as a secure shared platform where each organization ("account") has its own isolated data environment. Your data is logically separated from all other accounts at the application, database, and API layers.

Cross-account access is prevented at multiple security layers, including access controls and data isolation rules. Every request is validated against the authenticated user's account context before any data is accessed or modified.

Account identification is derived from the host domain associated with your workspace. Users can only access data, resources, and configurations within their own account. Attempts to access another account's data are blocked and logged.

5. Third-Party Services

We use Stripe to process subscription payments and manage billing. When you subscribe to a plan, your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy. We receive only confirmation of payment status and transaction identifiers.

Transactional emails (such as user invitations, password resets, and system notifications) are delivered through Azure Communication Services. Only the minimum information necessary to deliver the communication is shared with this service.

When you connect third-party integrations through LineraFlow, data necessary for the integration to function may be shared with the integration provider. You control which integrations are connected, and you can disconnect them at any time through your workspace settings.

Our public marketing website includes a contact form hosted by HubSpot, our customer relationship management provider. When you submit the contact form, the information you enter (such as your name, email, company, and message) is transmitted to HubSpot and is subject to HubSpot's privacy policy. The HubSpot contact form is only present on our marketing pages — using the Service itself does not share data with HubSpot.

6. Data Retention

Your account data and business data are retained for as long as your subscription remains active. We maintain this data to ensure continuity of service and to support your ongoing business operations.

When data is deleted within the Service (such as deactivating a user or removing a product), it is soft-deleted and retained for 30 days before permanent removal. This retention period allows for accidental deletion recovery.

Audit logs are retained in accordance with our retention policy to support compliance, security monitoring, and operational troubleshooting. Audit log retention periods are configured per account.

Upon termination of your subscription, your data will be retained for 30 days to allow for data export. After this period, all account data will be permanently deleted from our systems.

7. Your Rights

You have the right to access the personal data we hold about you. You can view your account information, profile data, and workspace data at any time through the Service's user interface.

You may request correction of any inaccurate personal data. Account profile information can be updated directly through your account settings. For corrections to other data, please contact our support team.

You may request deletion of your personal data, subject to our legal obligations and legitimate business interests. Account deletion requests can be submitted to our support team and will be processed in accordance with our data retention policy.

LineraFlow provides built-in CSV export functionality for your products, orders, customers, inventory balances, and inventory movements. You can use these tools to exercise your right to data portability at any time.

You have the right to object to certain types of data processing. If you wish to exercise this right, please contact us and we will review your request in accordance with applicable data protection laws.

8. Cookies

We use essential cookies that are strictly necessary for the Service to function. These include session authentication cookies that maintain your login state. These cookies are httpOnly and cannot be accessed by client-side scripts.

We do not use third-party advertising cookies or sell any data collected through cookies to advertisers or data brokers.

We may use analytics cookies to understand how the Service is used and to identify areas for improvement. These cookies collect anonymized usage data. You may disable analytics cookies through your browser settings without affecting your ability to use the Service.

Our public marketing pages load a HubSpot script that may set cookies for contact-form attribution and visitor analytics. These cookies apply only when you visit our marketing website — not when you are signed in to the Service. If you decline these cookies through your browser or a consent banner, the contact form may still function but submission analytics may be limited.

9. Children's Privacy

LineraFlow is a business-to-business service designed for use by organizations and their authorized employees. The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13.

If we become aware that we have collected personal data from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal data, please contact us immediately.

10. International Data Transfers

Your data may be processed and stored in the United States or other countries where Microsoft Azure operates data centers. By using the Service, you consent to the transfer of your data to these locations.

We ensure that any international data transfers comply with applicable data protection laws. Where required, we implement appropriate safeguards such as standard contractual clauses to protect your data during cross-border transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated at least 30 days in advance via email or through an in-app notification.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via our support page.