Phloz
Start free

Privacy Policy

Last updated: April 23, 2026

This Privacy Policy explains how Phloz ("we", "us") collects, uses, and shares information about you when you use our website and Service.

Draft notice. This page is a placeholder written for the foundation scaffold. Final Privacy Policy will be published before the first paying customer is onboarded and will be reviewed by counsel. Questions in the meantime: privacy@phloz.com.

1. Information we collect

Account data:email, name, workspace name, billing information (processed by Stripe; we don't store card numbers).

Content data: anything you put into Phloz — clients, tasks, messages, tracking map entries, files.

Usage data: pages visited, features used, event logs. We use Google Analytics 4, Google Tag Manager, and PostHog for product analytics.

Cookies: authentication session cookies (required) and analytics cookies (optional, governed by your consent where required by law).

2. How we use information

To provide the Service, authenticate you, process payments, send transactional emails, improve the product, detect abuse, comply with law.

3. Sharing

We share data only with sub-processors necessary to provide the Service: Supabase (hosting + auth + database), Vercel (hosting), Stripe (payments), Resend (transactional email), Sentry (error monitoring), PostHog (analytics). A full sub-processor list is available on request.

We never sell your data.

4. Data location and transfers

Data is stored in the US (Supabase, Vercel). If you are in the EU or UK, data transfers rely on Standard Contractual Clauses.

5. Data retention

We retain account data for as long as your workspace is active and for 30 days after cancellation (to allow exports). After that, data is deleted or anonymised. Analytics logs are retained for 26 months.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your data. Email privacy@phloz.com to exercise any of these rights.

7. Security

Phloz uses row-level security (RLS) for tenant isolation, ECC P-256 JWT signing, Stripe for payments, and encrypted transport (TLS) for all traffic. Security is an ongoing program — SOC 2 is on the roadmap.

8. Children

Phloz is not directed to children under 16 and we do not knowingly collect data from them.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-app notice.

10. Contact

Questions? Email privacy@phloz.com.