TeamFlow Software Privacy Policy

Effective Date: August 23, 2025
Last Updated: August 23, 2025

Introduction

TeamFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time-off and team management applications, including both our Atlassian Forge app integration and standalone application.

Information We Collect

Personal Information

  • Name and Email: Required for user account creation and identification
  • Profile Image: Optional profile picture for user identification
  • Role and Organization: Your role within your organization and organizational affiliation
  • Working Hours: Your configured work schedule and availability preferences

Time-Off Data

  • Time-Off Requests: Vacation, sick leave, personal days, and other time-off entries
  • Event Details: Titles, descriptions, dates, duration, and color coding preferences
  • Calendar Settings: View preferences, badge variants, and visible hours configuration

JIRA Integration Data (Forge App Only)

  • JIRA User Information: Name, email, and user ID from your JIRA instance
  • JIRA Work Items: Issue counts and work-related data for context within the application
  • Instance Information: JIRA Cloud ID, instance name, and URL for multi-tenant support

Technical Information

  • Session Data: Login timestamps, session tokens (JWT), IP addresses, and user agent information
  • Usage Analytics: How you interact with calendar views and application features
  • Authentication Tokens: Secure tokens for API access and third-party integrations

Organizational Data

  • Tenant Information: Organization settings, plan type, and configuration preferences
  • Multi-Tenant Isolation: Complete data separation between different organizations

How We Use Your Information

We use the collected information for the following purposes:

Core Functionality

  • Time-Off Management: Process and display time-off requests, manage calendar events
  • Team Collaboration: Show team availability, prevent scheduling conflicts
  • User Authentication: Secure login and session management
  • Data Synchronization: Keep information consistent across different views and devices

Service Improvement

  • Feature Enhancement: Improve existing features and develop new functionality
  • Performance Optimization: Monitor and improve application performance
  • Security: Detect and prevent unauthorized access or suspicious activities

Communication

  • Service Updates: Notify users about important changes or maintenance
  • Support: Respond to user inquiries and provide technical assistance

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

  • Database Services: Neon (PostgreSQL) for secure data storage
  • Hosting Services: Netlify for application hosting and edge functions
  • Atlassian Services: For Forge app integration and JIRA connectivity (Forge app only)

Legal Requirements

  • Legal Compliance: When required by law, court order, or government regulation
  • Safety Protection: To protect rights, property, or safety of our users or others
  • Business Transfers: In case of merger, acquisition, or sale of business assets

With Your Consent

  • Explicit Permission: Any other sharing will require your explicit consent

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • Encryption: All data transmitted using HTTPS/TLS encryption
  • JWT Authentication: Secure token-based authentication system
  • Multi-Tenant Architecture: Complete data isolation between organizations
  • Database Security: Encrypted data storage with access controls

Access Controls

  • Role-Based Access: Users can only access data within their organization
  • Authentication Required: All API endpoints require valid authentication
  • Session Management: Automatic session expiration and secure token handling

Infrastructure Security

  • Serverless Architecture: Netlify Edge Functions with built-in security features
  • Database Isolation: Neon PostgreSQL with connection encryption and access controls
  • Regular Updates: Continuous security updates and monitoring

Data Retention

Account Data

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data may be retained for up to 2 years for reactivation purposes
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion

Time-Off Records

  • Historical Data: Time-off records retained for reporting and compliance purposes
  • Audit Trail: Basic audit information retained for security and troubleshooting

Legal Requirements

  • Compliance: Some data may be retained longer if required by law or regulation
  • Business Records: Certain business records may be retained for accounting or legal purposes

Your Privacy Rights

You have the following rights regarding your personal information:

Access and Portability

  • Data Access: Request copies of your personal information
  • Data Export: Download your time-off data and calendar information

Correction and Deletion

  • Update Information: Correct inaccurate or incomplete personal information
  • Account Deletion: Request permanent deletion of your account and associated data
  • Data Minimization: Request removal of unnecessary personal information

Consent Management

  • Withdraw Consent: Opt out of non-essential data processing
  • Communication Preferences: Control marketing and promotional communications

Exercise Your Rights

To exercise these rights, contact us at support@d-flux.net with your request and identity verification.

Cookies and Tracking

Session Management

  • Authentication Cookies: Secure session tokens for maintaining login state
  • Preference Storage: Local storage of user preferences and settings

Analytics (If Applicable)

  • Usage Analytics: Basic usage patterns to improve application performance
  • No Third-Party Tracking: We do not use third-party analytics or advertising cookies

Third-Party Integrations

JIRA Integration (Forge App)

  • Atlassian Platform: Subject to Atlassian's privacy policy and terms of service
  • Data Syncing: User information synchronized between JIRA and TeamFlow
  • Permissions: Limited to read access for users and work items as specified in app manifest

Service Providers

  • Netlify: Hosting and edge functions - subject to Netlify's privacy policy
  • Neon: Database services - subject to Neon's privacy policy and security standards

Children's Privacy

TeamFlow is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers:

Data Protection Standards

  • Adequate Protection: Transfers only to countries with adequate data protection laws
  • Contractual Safeguards: Standard contractual clauses for international transfers
  • Service Provider Agreements: All service providers must meet our data protection standards

Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Notification Methods

  • Email Notice: Direct notification to registered email addresses
  • In-App Notice: Prominent notice within the application interface
  • Website Update: Updated policy posted with new effective date

Your Continued Use

Continued use of TeamFlow after policy changes constitutes acceptance of the updated terms.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Email: support@d-flux.net
Subject Line: Privacy Policy Inquiry

Response Time

We will respond to privacy-related inquiries within 30 days of receipt.

GDPR Inquiries

For EU residents or GDPR-related inquiries, please use the contact information above.

Compliance

This Privacy Policy complies with:

  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act (US)
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • Atlassian Forge Requirements: Privacy requirements for Forge applications

Last Updated: August 23, 2025
Version: 1.0

This Privacy Policy is effective immediately and supersedes any previous privacy statements.