Privacy Policy

Last updated: 19 March 2026

1. Who we are

PrioFlow (“we”, “us”, “our”) is an AI-powered sales productivity tool that connects to your existing work tools — email, calendar and CRM — to help you prioritise your day. PrioFlow is operated by its founders. For questions about this policy, contact us at [email protected].

2. What data we collect

Account data

When you sign up we store your name, email address and authentication identifiers provided by your identity provider (Google or Microsoft via AWS Cognito).

Integration data

When you connect a third-party service, we store encrypted OAuth tokens (access and refresh tokens) so we can read data on your behalf. We collect the following from each integration:

  • Google Gmail (readonly) — message metadata: subject lines, sender/recipient addresses, snippets, labels and timestamps. We do not store full email bodies.
  • Google Calendar (readonly) — event titles, start/end times, attendees, meeting links and descriptions.
  • Microsoft Outlook Mail (readonly) — the same metadata as Gmail above, via the Microsoft Graph API.
  • Microsoft Outlook Calendar (readonly) — the same event data as Google Calendar above.
  • HubSpot CRM — contact names, email addresses, company names, deal names, deal stages and deal values.

Usage data

We collect basic analytics (page views, feature usage) to improve the product. We do not use third-party advertising trackers.

3. How we use your data

We use the data we collect to:

  • Build your daily prioritised action list by analysing email signals, calendar events and CRM context.
  • Generate AI-powered meeting summaries and suggested next steps using Amazon Bedrock (Claude). Only meeting metadata (title, attendees, description) is sent to the AI model — never full email bodies or raw message content.
  • Sync data between your connected tools (e.g. logging meeting notes to your CRM) only when you explicitly approve each action.
  • Send you transactional emails (verification codes, password resets).

We do not use your data to train AI models, serve advertising, or build user profiles for sale to third parties.

4. Google API Services — limited use disclosure

PrioFlow’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the minimum scopes necessary: gmail.readonly and calendar.readonly. We never send email, create events or modify your data in Google.
  • We do not use Google user data for serving advertisements, including retargeting, personalised or interest-based advertising.
  • We do not allow humans to read your Google data unless (a) we have your explicit consent, (b) it is necessary for security purposes (e.g. investigating abuse), or (c) it is required by law.
  • We do not transfer Google user data to third parties except as necessary to provide or improve PrioFlow’s user-facing features, to comply with applicable law, or as part of a merger/acquisition with equivalent privacy protections.

5. Data storage and security

  • All data is stored in AWS (eu-west-1, Ireland) using encrypted PostgreSQL (RDS) with TLS in transit.
  • OAuth tokens are encrypted at rest using AWS KMS with a dedicated per-application key.
  • We store email and calendar metadata, not full message bodies. Email snippets are limited to the first few lines.
  • Database credentials are stored in AWS Systems Manager Parameter Store as SecureString parameters.
  • All API traffic is served over HTTPS via AWS API Gateway and CloudFront.

6. Data retention and deletion

We retain your data for as long as your account is active. You can disconnect any integration at any time from the Settings page, which immediately revokes our access and deletes stored tokens for that integration. Synced metadata (emails, calendar events) is retained until you request account deletion.

To request full account deletion and removal of all associated data, email [email protected]. We will process deletion requests within 30 days.

7. Third-party services

We use the following third-party services to operate PrioFlow:

  • AWS (Cognito, RDS, Lambda, S3, CloudFront, KMS, SQS, Bedrock) — authentication, data storage, compute, encryption and AI.
  • Cloudflare — DNS and bot protection (Turnstile).
  • GitHub — source code hosting and CI/CD.

We do not share your personal data or integration data with any other third parties.

8. Your rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for any integration at any time (via Settings → Disconnect).
  • Export your data in a portable format.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact [email protected].

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via a notice in the application. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

If you have questions or concerns about this privacy policy or our data practices, please contact us at [email protected].