Last updated: February 1, 2026
This Privacy Policy describes how Field Flow ("we", "us", "our") collects, uses, and shares information when you use our website (fieldflow.store), web application (fieldflow.team), and native mobile apps (collectively, the "Service").
a) Information you give us. When you create an account we collect your name, email address, company name, optional phone number, and the passwords you set. When you use the Service we collect the content you generate — service reports, drafts, customer names/addresses you enter, equipment photos, inventory items, and user permission settings.
b) Information collected automatically. We log basic request metadata (IP address, timestamp, user agent) for security, rate-limiting, and audit purposes. We also record an immutable audit log of privileged administrative actions (e.g. creating users, changing permissions, granting temporary passwords).
c) Push notification tokens. If you enable push notifications on our mobile apps, we store an anonymous device token so we can send restock alerts and job notifications to the right device.
d) Payment information. We use Stripe to process payments. We do NOT store or see your credit card numbers. Stripe handles all cardholder data under PCI-DSS compliance.
We do not sell your data, rent your email list, or use your business data to train AI models.
We retain your account data for as long as your account is active. If you delete your account, we hard-delete your personal profile within 3 business days (per Apple Guideline 5.1.1(v)). Audit logs and anonymized billing records are retained for up to 7 years for legal and tax compliance.
Company-generated business content (reports, inventory, drafts) belongs to the company. Admins can delete it at any time. If the company is terminated we retain it for 30 days before permanent deletion, in case of accidental cancellation.
We share information only with subprocessors strictly necessary to provide the Service:
We disclose information to law enforcement only when compelled by valid legal process, and we attempt to notify you whenever permitted by law.
We take security seriously. Measures include: HTTPS/TLS in transit, encryption at rest (MongoDB Atlas), bcrypt password hashing, JWT-based session tokens with refresh rotation, brute-force rate limiting, tenant-scoped database queries (you cannot see another company's data even if you try), strict role-based access control, PII masking in server logs, and an immutable audit log. That said, no system is 100% secure — if you notice a vulnerability please email security@fieldflow.team.
You can:
If you are in California, the EU, or the UK you have additional rights under CCPA/GDPR. Contact us at privacy@fieldflow.team to exercise them.
Field Flow is a B2B tool for working adults. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, email us and we'll delete it.
We may update this policy from time to time. Material changes will be communicated via in-app notice or email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
Questions? Reach us at support@fieldflow.team for general inquiries or privacy@fieldflow.team for privacy-specific requests.