Privacy Policy

Last updated: March 27, 2026

1. Introduction

ProspectFlow ("we", "our", or "us") operates the prospectflow.dev website and SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through our authentication provider (Clerk). If you sign up with Google or another social provider, we receive basic profile information from that provider.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers on our servers. Stripe collects and processes payment information in accordance with their own privacy policy.

Business Data

When you use our prospecting features, we collect and process publicly available business information (business names, addresses, reviews, photos, website content) from public sources to generate websites and outreach materials on your behalf.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, and timestamps. This helps us improve the service.

3. Google Account & Gmail Data

If you choose to connect your Google account, ProspectFlow requests access to the following Google API scopes:

  • Full Gmail access (https://mail.google.com/) — Used exclusively to send outreach emails on your behalf via SMTP. ProspectFlow does not read, scan, index, or store the contents of your inbox or any received messages.
  • Email address (https://www.googleapis.com/auth/userinfo.email) — Used to identify your connected account and display it in the dashboard.
  • Profile information (https://www.googleapis.com/auth/userinfo.profile) — Used to display your name alongside the connected email account.

How We Use Google Data

Google user data is used solely for the purpose of sending outreach emails that you explicitly compose and approve within ProspectFlow. We do not use Google data for advertising, market research, or any purpose unrelated to the email-sending functionality you initiated.

Storage & Retention of Google Data

We store an encrypted OAuth refresh token so we can send emails on your behalf without requiring re-authentication. We do not store email message content, attachments, contact lists, or any other Gmail mailbox data. You can revoke access at any time from your Google Account permissions page, or by disconnecting your email account in ProspectFlow settings.

Sharing of Google Data

We do not share, sell, or transfer Google user data to any third party, except as necessary to transmit your outreach emails through Google's SMTP servers. No human at ProspectFlow reads your Google data unless you explicitly request support assistance.

Compliance

ProspectFlow's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

  • Provide, operate, and maintain our platform
  • Process your transactions and manage your subscription
  • Generate websites and outreach materials for your prospects
  • Send transactional emails (account confirmation, password resets, billing receipts)
  • Analyze usage patterns to improve our features and user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

5. Third-Party Services

We use the following third-party services to operate our platform:

  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Vercel — Hosting and deployment
  • Neon — Database hosting
  • Resend — Transactional email delivery

Each of these services has its own privacy policy governing how they handle data.

6. Cookies and Tracking

We use essential cookies for authentication and session management. We may also use analytics cookies to understand how visitors interact with our website. We use UTM parameters for marketing attribution.

7. Data Retention

We retain your account data for as long as your account is active. Prospect data (generated websites, business information, outreach materials) is retained for as long as you maintain your account. You can delete individual prospects or your entire account at any time.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure database access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Export your data in a portable format
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us at the email address below.

10. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@prospectflow.dev