Privacy Policy

RAS Flow ("we," "our," or "us") operates the RAS Flow platform, including the CRM application, client dashboard, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By accessing or using RAS Flow, you agree to this Privacy Policy. If you do not agree, please discontinue use of the platform.

We collect information in the following categories:

Account Information

• Name, email address, and password
• Organization name and business details
• Authentication data (including third-party sign-in via Google)

Business Data

• Contact and lead information you add to the CRM
• Documents you create (proposals, invoices, agreements, quotes)
• Communication logs and activity records
• Payment and billing information

Automatically Collected Data

• Device information (browser type, operating system, IP address)
• Usage data (pages viewed, features used, timestamps)
• Cookies and similar tracking technologies (see Section 7)

We use the information we collect to:

• Provide, maintain, and improve the RAS Flow platform
• Process documents, payments, and business operations you initiate
• Generate AI-powered content (proposals, emails) based on your data and instructions
• Send transactional emails (document delivery, payment confirmations)
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

RAS Flow is a multi-tenant platform. Each organization's data is strictly isolated:

• Your business data (contacts, documents, payments) is only accessible to members of your organization
• No other organization or user can view, access, or modify your data
• Data isolation is enforced at the application level on every database query
• API keys and credentials you provide are stored encrypted

RAS Flow uses AI services (such as OpenAI and Anthropic) to generate content at your request. When you use AI features:

• Only the data you explicitly include in a generation request is sent to AI providers
• AI providers process your data according to their own privacy policies and data processing agreements
• We do not use your business data to train AI models
• You can choose which AI provider your organization uses in your settings

We do not sell your personal information. We may share data with:

• Service providers — Third-party services that help us operate the platform (e.g., payment processing via Stripe, email delivery, cloud hosting)
• Your clients — When you send documents or communications through the platform, the intended recipients receive that content
• Legal requirements — When required by law, regulation, or valid legal process

We use cookies and similar technologies for:

• Essential cookies — Authentication, session management, and security
• Preference cookies — Remembering your theme and display preferences
• Analytics cookies — Understanding how the platform is used to improve our services (Google Analytics)

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

We implement industry-standard security measures to protect your data, including:

• Encryption of sensitive data at rest and in transit (TLS/SSL)
• Encrypted storage of API keys and credentials
• Role-based access controls
• Regular security assessments

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide services. When you delete your account:

• Your business data will be permanently deleted within 30 days
• Backup copies may persist for up to 90 days before automatic deletion
• We may retain anonymized, aggregated data for analytics purposes
• Data required for legal compliance may be retained as required by law

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability (receive your data in a structured format)
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at the address below.

Your data may be processed in countries outside your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

RAS Flow is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform or sending an email to the address associated with your account. Your continued use of RAS Flow after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: contact@rasflow.io