OPSLYFLOW, LLC — PRIVACY POLICY
Version 1.0 | Effective Date: March 3, 2026 | Last Updated: March 3, 2026
| Track | Who It Covers | Legal Relationship |
|---|---|---|
| Track 1: Business Customers | Service company owners, admins, field techs who subscribe to Opslyflow | Opslyflow is a data controller — collects and processes account and usage data directly |
| Track 2: End Client Data | Homeowners, tenants, property managers whose info Customers enter into the platform | Opslyflow is a data processor acting on Customer's instructions |
1. INTRODUCTION AND WHO WE ARE
1.1 Opslyflow, LLC ("Opslyflow," "we," "us," or "our") operates a software-as-a-service platform that helps service businesses — including HVAC, plumbing, electrical, and other trades — manage work orders, invoicing, job documentation, customer records, and payments (the "Platform").
1.2 This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with the Platform and our website located at opslyflow.com (the "Site"), and our mobile application available for iOS and Android (the "App"). The App does not currently collect any data beyond what is described in this Privacy Policy for the Platform.
1.3 This Privacy Policy applies to: (a) Customers — business owners, administrators, and employees ("Authorized Users") who create accounts and use the Platform; and (b) Visitors — individuals who visit the Site without creating an account.
1.4 End Client Data. When Customers use the Platform to store information about their own clients ("End Clients"), that data is processed by Opslyflow as a data processor on behalf of the Customer, who is the data controller. End Clients seeking to exercise privacy rights regarding their information should contact the service business that entered their data into the Platform. See Section 8 for details.
2. INFORMATION WE COLLECT
2.1 Information from Customers and Authorized Users
| Data Category | Examples | How We Collect It |
|---|---|---|
| Account Information | Business name, owner name, email address, phone number, business address | Provided at registration |
| Billing Information | Subscription plan selection, billing cycle, payment history | Provided at checkout; payment credentials handled by Stripe |
| Authorized User Profiles | Name, email, role/permission level for each team member | Provided by account administrator |
| Usage Data | Login timestamps, features accessed, pages viewed, session duration, device and browser type, IP address | Collected automatically |
| Support Communications | Emails, chat messages, support tickets, feedback submissions | Provided when contacting us |
2.2 Information Collected Through Platform Use (Customer Data)
| Data Category | Examples | Who Enters It |
|---|---|---|
| End Client Records | Name, address, phone, email of customers' clients | Customer / Authorized Users |
| Job Documentation | Work orders, job notes, service descriptions, photos, estimates, invoices | Customer / Authorized Users |
| Electronic Signatures | Signature images, timestamps, IP addresses, device info | End Clients via Platform |
| Payment Transactions | Transaction amounts, dates, payment method type (tokenized via Stripe) | Processed through Stripe |
We do not currently use third-party analytics, advertising, or retargeting tools. A full cookie disclosure is available in Section 10 and in the separate Cookie Policy.
2.3 Information We Do Not Collect
We do not intentionally collect: Social Security numbers or government-issued ID numbers; financial account credentials; health or medical information; information from individuals we know to be under 18; or sensitive personal characteristics such as race, ethnicity, religion, sexual orientation, or biometric data.
3. HOW WE USE YOUR INFORMATION
3.1 To Provide and Operate the Platform. Create and manage Customer accounts; authenticate Authorized Users; process subscription payments and Platform Fees; store, display, and organize Customer Data and job records; and enable work order, invoicing, and payment features.
3.2 To Communicate with You. Send account confirmation, password reset, and security notification emails; deliver subscription invoices, payment receipts, and billing alerts; send Free Trial conversion reminders; respond to support requests; and send product updates and service communications.
3.3 Marketing Communications. We send marketing emails about new features, promotions, and relevant industry content. You may opt out at any time using the unsubscribe link in any marketing email or by contacting us at admin@opslyflow.com. Opting out of marketing emails does not affect transactional or operational communications.
3.4 To Improve the Platform. Analyze aggregated, de-identified usage data to understand feature adoption and platform performance; identify and fix bugs and technical issues; and develop new features. We do not permit third parties to use Customer Data or End Client data to train AI or machine learning models. Opslyflow reserves the right to use anonymized, aggregated data to improve the Platform, including through machine learning, provided such data cannot be linked to any individual.
3.5 To Process Payments. Process subscription fees through Stripe; facilitate payment transactions between Customers and their End Clients; and manage billing disputes, chargebacks, and refund requests.
3.6 To Ensure Security and Prevent Fraud. Monitor for unauthorized access, abuse, and security threats; enforce our Terms of Service and Acceptable Use Policy; investigate suspicious activity; and maintain the integrity of the Platform.
3.7 To Comply with Legal Obligations. Respond to lawful subpoenas, court orders, or government requests; comply with applicable tax, regulatory, and reporting requirements; and establish, exercise, or defend legal claims.
4. LEGAL BASIS FOR PROCESSING
4.1 Contract Performance. We process Customer account information and billing data as necessary to perform our obligations under the Terms of Service.
4.2 Legitimate Interests. We process usage data and analytics for our legitimate interest in improving the Platform, preventing fraud, and ensuring security.
4.3 Legal Obligation. We process data as required by applicable law, including tax reporting and breach notification obligations.
4.4 Consent. We process data for marketing communications based on your consent, which you may withdraw at any time.
4.5 Processor Obligation. We process End Client data on behalf of Customers pursuant to the Terms of Service and any applicable Data Processing Agreement.
5. HOW WE SHARE YOUR INFORMATION
5.1 Service Providers. We share personal information with the following categories of service providers who process data on our behalf:
| Provider | Category | Purpose | Data Shared |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud Hosting | Platform infrastructure and data storage | All Customer Data and account information |
| Stripe | Payment Processing | Subscription billing and transaction processing | Billing info, transaction amounts, payment method tokens |
| Cash App (Block, Inc.) | Payment Processing | Additional payment method for End Client transactions | Transaction amounts, payment method tokens |
| Resend | Email Delivery | Transactional and marketing email delivery | Email addresses, message content, open/delivery metadata |
5.2 Business Transfers. If Opslyflow undergoes a merger, acquisition, asset sale, or similar transaction, personal information may be transferred to the successor entity. We will provide notice before personal information becomes subject to materially different privacy practices.
5.3 Legal Requirements and Safety. We may disclose personal information if we believe in good faith that disclosure is necessary to: (a) comply with a valid legal obligation, subpoena, court order, or government request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the safety of any person.
5.4 With Your Consent. We may share personal information with third parties when you have given us specific consent.
5.5 Aggregated or De-Identified Data. We may share aggregated or de-identified data that cannot reasonably identify any individual for industry reporting or improvement purposes.
5.6 We Do Not Sell or Share for Advertising. We do not sell personal information to third parties. We do not share personal information with third-party advertisers for behavioral advertising or marketing targeting purposes.
6. DATA RETENTION
6.1 Active Accounts. We retain Customer account information and associated Customer Data for as long as a Customer maintains an active subscription.
6.2 Following Termination. After a Customer's subscription ends, Customer Data remains available for export for thirty (30) days (the "Export Window"). Following this window, we delete Customer Data from production systems, except as provided in Section 6.3.
6.3 Exceptions to Deletion. We may retain certain information beyond the standard retention period where: (a) retention is required by applicable federal or Alabama state law; (b) information is necessary to resolve an active dispute, investigation, or legal claim; (c) information has been included in backups that have not yet been purged pursuant to our standard thirty (30) day backup rotation schedule; or (d) de-identified or aggregated data derived from Customer usage is retained indefinitely as it cannot be linked to any individual.
6.4 Electronic Signature Records. E-signature records including metadata and signature images are retained for three (3) years from the date of capture, regardless of subscription status.
6.5 Marketing Contact Data. If a prospect or visitor provides their email for marketing but never becomes a Customer, we retain that information for twenty-four (24) months from the last interaction, after which it is deleted.
| Data Category | Retention Period | Trigger for Deletion |
|---|---|---|
| Customer Account Data | Duration of subscription + 30 days | End of Export Window |
| End Client Records (via Customer) | Duration of subscription + 30 days | End of Export Window |
| Electronic Signature Records | 3 years from capture date | Expiration of 3-year period |
| Payment Transaction Records | 7 years (tax/regulatory compliance) | Expiration of retention period |
| Usage / Analytics Data | Duration of subscription | Account termination |
| Marketing Contact Data | 24 months from last interaction | Expiration of 24-month period |
| Backup Copies | 30 days from backup creation | Standard backup rotation |
7. SECURITY
7.1 Security Measures. We implement commercially reasonable administrative, technical, and physical security measures to protect personal information. Current measures include: encryption of data in transit using TLS; encryption of sensitive data at rest on AWS infrastructure; role-based access controls; secure credential storage with hashed and salted passwords; and incident identification and response procedures.
7.2 No Absolute Guarantee. No security system is impenetrable. We cannot guarantee that unauthorized third parties will never defeat our security measures. You use the Platform at your own risk.
7.3 Your Responsibilities. Customers are responsible for maintaining the confidentiality of account login credentials and for all activities under their accounts. Notify us immediately at admin@opslyflow.com of any unauthorized access.
7.4 Data Breach Notification. In the event of a security breach that compromises personal information, we will notify affected Customers in compliance with the Alabama Data Breach Notification Act (Ala. Code Section 8-38-1 et seq.) and any other applicable state laws. Notification will be provided within forty-five (45) days of discovery, describing the nature of the breach, data affected, and steps being taken.
7.5 Security Certifications. Opslyflow does not currently hold SOC 2, ISO 27001, or other formal security certifications.
8. END CLIENT DATA — YOUR CUSTOMERS' CLIENTS
8.1 Role Clarification. When Customers use the Platform to store information about their End Clients, Opslyflow processes that information as a data processor acting solely on Customer's instructions. The Customer is the data controller responsible for how End Client data is collected, used, and disclosed.
8.2 What We Do with End Client Data. We store, display, and organize End Client data solely to provide the Platform's functionality to the Customer. We do not independently access, use, or share End Client data except as necessary to operate the Platform, comply with applicable law, or respond to Customer instructions.
8.3 What We Do Not Do with End Client Data. We do not: (a) sell End Client data; (b) use End Client data for marketing or advertising purposes; (c) contact End Clients directly except on behalf of and at the instruction of the Customer; or (d) permit third parties to use End Client data for AI or machine learning training.
8.4 End Client Rights. End Clients who wish to access, correct, or delete their personal information should contact the service business (Customer) that entered their data. We will cooperate with Customers as reasonably necessary to assist in responding to such requests.
8.5 Customer's Obligations. Customer is solely responsible for: (a) obtaining all required consents from End Clients before entering their data into the Platform; (b) maintaining a privacy policy governing its relationship with End Clients; (c) responding to End Client data access and deletion requests; and (d) ensuring End Client data is accurate and lawfully collected.
8.6 Electronic Signature Records. E-signature records captured through the Platform are stored on behalf of and for the benefit of the Customer. These records are treated as Customer Data and processed under the same terms as other End Client data, with the additional three (3) year retention period described in Section 6.4.
9. YOUR PRIVACY RIGHTS
9.1 Rights Available. Depending on your state of residence, you may have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you |
| Correction | Request correction of inaccurate or incomplete information |
| Deletion | Request deletion of your personal information, subject to legal retention obligations |
| Portability | Request your data in a structured, machine-readable format |
| Opt-Out of Marketing | Unsubscribe from marketing emails at any time |
| Withdraw Consent | Where processing is based on consent, withdraw it at any time |
9.2 How to Submit a Request. Email: admin@opslyflow.com with subject line "Privacy Rights Request — [Your Name]". We will acknowledge within five (5) business days and respond within thirty (30) days.
9.3 Verification. We will verify your identity before processing any access, correction, or deletion request.
9.4 Non-Discrimination. We will not discriminate against you for exercising privacy rights.
9.5 California Residents. If any Customers are California-based businesses, or if Opslyflow has California-resident Authorized Users, the CCPA as amended by the CPRA may impose additional obligations including specific disclosure requirements and a 'Do Not Sell or Share' mechanism.
9.6 Other State Residents. Residents of Virginia (VCDPA), Colorado (CPA), Texas (TDPSA), and other states with comprehensive privacy laws may have additional rights. We will honor requests to the extent required by applicable law.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 What We Currently Use. Opslyflow currently uses only strictly necessary cookies on the Site and Platform for session management and authentication. A detailed cookie disclosure is available in our separate Cookie Policy at opslyflow.com/cookie_policy.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly Necessary (Opslyflow + Stripe) | Session management, authentication, fraud prevention | No — required for Platform to function |
| Analytics (Google Analytics) | Not currently active; planned for future implementation | N/A |
| Marketing / Retargeting | Not currently in use | N/A |
10.2 Future Changes. If Opslyflow adds third-party analytics tools, advertising pixels, or session recording tools, this Privacy Policy and the Cookie Policy will be updated and customers will be notified before those tools are activated.
10.3 Email Tracking. Transactional and marketing emails are delivered through Resend and may contain a tracking pixel that confirms delivery and open status. You can prevent tracking pixels from loading by disabling automatic image loading in your email client.
10.4 Managing Cookies. You can control strictly necessary cookies through browser settings; however, disabling session cookies will prevent login.
11. CHILDREN'S PRIVACY
11.1 The Platform is intended for use by business operators and is not directed to children under 13. We do not knowingly collect personal information from individuals under 13.
11.2 If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete such information. Contact us at admin@opslyflow.com if you believe this has occurred.
12. LINKS TO THIRD-PARTY SITES
The Site or Platform may contain links to third-party websites. This Privacy Policy does not apply to those properties. We encourage you to review the privacy policies of any third-party sites you visit.
13. CHANGES TO THIS PRIVACY POLICY
13.1 We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders and posted on the Platform at least thirty (30) days before they take effect.
13.2 We will update the "Last Updated" date at the top of this Policy when changes are made.
13.3 Continued use of the Platform after the effective date of a revised Privacy Policy constitutes acceptance of the changes.
13.4 Prior versions of this Privacy Policy are available upon request by emailing admin@opslyflow.com.
14. CONTACT INFORMATION
Opslyflow, LLC
600 Boulevard South SW Suite 104J
Huntsville, Alabama 35802
Email: admin@opslyflow.com
END OF DOCUMENT — Opslyflow, LLC Privacy Policy v1.0