Privacy Policy

ReqFlow Inc. ("ReqFlow," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

Information You Provide

• Account Information: Name, email address, company name, and password when you create an account.
• Profile Information: Job title, team size, and other optional profile details.
• Content: Requirements, documents, and other content you create or upload to our Services.
• Communications: Information you provide when contacting us for support or feedback.
• Payment Information: Billing address and payment method details (processed by our payment provider).

Information Collected Automatically

• Usage Data: How you interact with our Services, including features used and actions taken.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Cookies: We use cookies and similar technologies to maintain sessions and analyze usage.
• Log Data: Server logs including access times, pages viewed, and referring URLs.

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent security incidents
• Personalize and improve your experience
• Train and improve our AI models (with your content, only in anonymized/aggregated form)

ReqFlow uses artificial intelligence to power features like the AI Interviewer, gap analysis, and spec generation. Here's how we handle your data in relation to AI:

• Processing: Your content is processed by AI models to provide our features.
• No Third-Party Training: Your content is never used to train third-party AI models.
• Anonymization: If we use data to improve our models, it is first anonymized and aggregated.
• Opt-Out: Enterprise customers can opt out of data being used for model improvement entirely.

We may share your information in the following circumstances:

• With Your Consent: When you explicitly authorize sharing.
• Service Providers: With vendors who perform services on our behalf (hosting, analytics, payment processing).
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• Legal Requirements: To comply with applicable laws, regulations, or legal process.
• Protection: To protect the rights, property, and safety of ReqFlow, our users, or others.

We do not sell your personal information to third parties.

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• SOC 2 Type II compliance
• Regular backups with geographic redundancy

We retain your information for as long as your account is active or as needed to provide you with our Services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Anonymized and aggregated data may be retained indefinitely for analytics and service improvement purposes.

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain processing of your data.
• Restriction: Request restriction of processing.

To exercise these rights, please contact us at privacy@reqflow.io.

ReqFlow is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our servers are located.

We use appropriate safeguards for international transfers, including Standard Contractual Clauses approved by relevant data protection authorities.

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@reqflow.io
• Address: ReqFlow Inc., 123 Tech Street, San Francisco, CA 94105