Privacy Policy - Gemflow

• Effective date: March 9, 2026

• Last updated: March 9, 2026

Replace all bracketed placeholders (for example BECOME, davidnizard@gemflow.tech, gemflow.tech) before publishing.

1. Who We Are

This Privacy Policy describes how BECOME ("Gemflow", "we", "us", "our") collects, uses, discloses, and protects personal information when providing the Gemflow Dashboard and related services.

• Legal entity: BECOME

• Registered address: 164 RUE DE COURCELLES 75017

• Website: gemflow.tech

• Privacy contact: davidnizard@gemflow.tech

Gemflow is a business application used by merchants and their teams to manage quotes, customer communications, order workflows, analytics, and integrations (including WhatsApp).

2. Scope

This policy applies to:

• Gemflow web application and admin dashboard.

• Related APIs, automations, and integrations.

• Customer communications sent through enabled channels, including WhatsApp.

This policy does not apply to third-party services that merchants independently use outside Gemflow.

3. Personal Information We Collect

Depending on how Gemflow is used, we may process the following categories:

A. Account and Organization Information

• User account identifiers (name, email, role, organization ID).

• Organization profile and business configuration data.

B. Quote, Customer, and Commerce Information

• Customer identifiers and contact details (for example name, email, phone).

• Quote data, product selections, pricing, and order-related details.

• Store/location metadata, shipping or billing information entered by merchants.

C. WhatsApp-Related Information

• Business phone number IDs, WhatsApp Business Account IDs, and template metadata.

• Outbound message logs (template used, recipient phone, send timestamp, provider message ID, status such as sent/delivered/read/failed).

• Webhook event payloads from Meta/WhatsApp used to update message status and operational records.

D. Integrations and Credentials (Merchant Configuration)

• Tokens and configuration needed to connect merchant-selected integrations (for example Shopify, WhatsApp, SMTP, Airtable, analytics tooling).

• We process these credentials only to provide requested integration features.

E. Technical and Usage Data

• Device/browser metadata, timestamps, request metadata, and application logs.

• Product analytics and diagnostic events used to measure reliability and improve service.

F. Support and Communications

• Information you provide when contacting support, including troubleshooting details and related correspondence.

4. How We Collect Information

We collect information:

• Directly from merchants and authorized users.

• From merchant-connected systems and APIs (for example Shopify, Meta/WhatsApp webhooks, Airtable).

• Automatically from app usage, security monitoring, and operational logging.

5. Why We Use Information

We use personal information to:

• Provide and operate Gemflow features.

• Send transactional and operational communications requested by merchants, including WhatsApp template messages.

• Authenticate users, enforce permissions, and maintain tenant isolation.

• Detect, prevent, and investigate abuse, fraud, and security incidents.

• Monitor performance, debug failures, and improve product quality.

• Comply with legal obligations and enforce contractual terms.

We do not sell personal information.

6. Legal Bases (EEA/UK, Where Applicable)

Where GDPR or similar laws apply, we rely on one or more of the following:

• Performance of a contract.

• Legitimate interests (for example security, reliability, product improvement).

• Compliance with legal obligations.

• Consent, where required by law.

7. How We Share Information

We may share information with:

• Infrastructure and hosting providers (for example database and cloud service providers).

• Integration partners enabled by merchants (for example Meta/WhatsApp, Shopify, Airtable, SMTP/email providers, analytics tools).

• Operational service providers supporting logging, monitoring, and support workflows.

• Professional advisors or authorities where legally required.

• Successor entities in connection with a merger, acquisition, or asset transfer (subject to applicable law).

We require processors and vendors to handle data under contractual and security safeguards.

8. WhatsApp and Meta-Specific Disclosures

When a merchant enables WhatsApp:

• Gemflow sends WhatsApp template messages on the merchant’s behalf.

• Message metadata and status updates are received from Meta webhooks and stored for delivery tracking, audit, and support.

• Meta Platforms may independently process data under its own terms and privacy practices.

For Meta App Review, this policy is intended to be publicly accessible at:

• Privacy Policy URL: gemflow.tech/privacy

• Data Deletion Instructions URL: gemflow.tech/privacy#12-data-deletion-and-account-deletion-for-meta-app-review

9. International Data Transfers

Your information may be processed in countries outside your own. Where required, we use appropriate safeguards for cross-border transfers (for example contractual protections and equivalent transfer mechanisms).

10. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, including legal, accounting, tax, security, and dispute-resolution requirements.

Typical retention approach:

• Account and organization records: retained while account is active and for a reasonable period after closure.

• Transactional quote/order records: retained for business and legal recordkeeping requirements.

• WhatsApp message logs and webhook events: retained for operational delivery tracking, audit, and support.

• Technical logs: retained for security and reliability windows, then deleted or anonymized.

We may retain de-identified or aggregated information that does not identify individuals.

11. Security

We apply technical and organizational measures designed to protect personal information, including access controls, role-based permissions, tenant isolation, and monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Data Deletion and Account Deletion for Meta App Review

If you want your personal information deleted (including WhatsApp-related records where applicable), contact us at davidnizard@gemflow.tech with:

• Your name and contact details.

• Organization/store name.

• Relevant phone number and/or quote/message identifiers (if available).

• A clear request description (for example access, deletion, correction).

Our process:

1. We verify requester identity and authority.

2. We confirm scope of deletion request.

3. We process deletion/anonymization where legally permitted.

4. We send completion confirmation or explain any legally required retention.

Target response timeline: within 30 days (or faster where required by law).

13. Your Rights and Choices

Depending on your location, you may have rights to:

• Access personal information.

• Correct inaccurate information.

• Delete personal information.

• Restrict or object to certain processing.

• Request portability.

• Withdraw consent where processing is based on consent.

You may also have a right to lodge a complaint with a supervisory authority.

To exercise rights, contact davidnizard@gemflow.tech.

14. Children

Gemflow is a B2B service and is not directed to children. We do not knowingly collect personal information directly from children.

15. Changes to This Policy

We may update this policy from time to time. We will publish the updated version with a revised "Last updated" date. Material changes will be communicated as required by law.

16. Contact

For privacy questions or requests:

• Email: davidnizard@gemflow.tech

• Postal address: 164 RUE DE COURCELLES 75017

• Website: gemflow.tech