Legal

Privacy Policy

Last updated: June 6, 2026

Profflow is built in the EU and we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights under GDPR.

1. Who we are

Profflow is a SaaS product built for EU Shopify store owners. Our service is operated from Tallinn, Estonia. If you have any questions about this policy, contact us at privacy@profflow.io.

2. What data we collect

Account data

  • Email address (required to create an account)
  • Name (optional)
  • Billing information (processed by Stripe — we never store card details)

Shopify data

  • Order totals, revenue, and return amounts
  • Shopify transaction and processing fees
  • Store currency and basic store settings

We use read-only Shopify API access. We never access customer personal data, product details, or store settings.

Usage data

  • Pages visited and features used
  • Browser type and device type
  • IP address (anonymised after 30 days)

3. How we use your data

  • To provide and improve the Profflow service
  • To calculate your profit dashboard and cash flow forecast
  • To send you transactional emails (invoices, alerts)
  • To respond to support requests
  • To comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

4. Data storage and security

All data is stored on servers located in the EU (Ireland). We use Supabase with EU data residency. Data is encrypted at rest and in transit using industry-standard encryption.

We retain your data for as long as your account is active. If you delete your account, all data is permanently deleted within 30 days.

5. Your rights under GDPR

As an EU resident, you have the right to:

  • Access — request a copy of all data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing of your data

To exercise any of these rights, email privacy@profflow.io. We will respond within 30 days.

6. Cookies

We use essential cookies to keep you logged in and remember your preferences. We do not use advertising or tracking cookies. See our Cookie Policy for details.

7. Third-party services

  • Stripe — payment processing (their privacy policy applies)
  • Supabase — database and authentication
  • Vercel — hosting and deployment

8. Changes to this policy

We may update this policy from time to time. We will notify you by email if we make significant changes. The date at the top of this page shows when it was last updated.

9. Contact

For any privacy-related questions: privacy@profflow.io