Prodflow
Home

Privacy Policy

How Prodflow collects, uses, and protects your data.

Last updated March 27, 2026

Introduction

Prodflow Inc. ("Prodflow", "we", "us", or "our") operates the Prodflow platform at app.prodflow.co. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile photo through our authentication provider (Clerk). We do not store passwords directly.

Workspace Data

We store the documentation pages, skills, branches, and other content you create on Prodflow. This data belongs to you and your team.

Integration Data

When you connect Slack, GitHub, or Google Docs, we ingest signals (messages, PR events, document changes) to detect when documentation may be outdated. We store metadata and relevant text excerpts — not full message histories.

Usage Data

We collect anonymized analytics (via PostHog) to understand how the product is used. This includes page views, feature usage, and performance metrics. We do not sell this data.

How We Use Your Information

  • To provide the service: Maintaining your documentation, proposing updates, and serving context to your AI tools via MCP.
  • To improve the product: Understanding usage patterns to prioritize features and fix issues.
  • To communicate: Sending transactional emails (account verification, branch notifications) and occasional product updates.

AI Processing

Prodflow uses AI models (OpenAI, Google) to analyze signals and propose documentation updates. Your content is sent to these providers for processing. We do not use your data to train AI models. Each AI provider's data handling is governed by their own privacy policies and our data processing agreements with them.

MCP Context Access

When you connect an AI coding tool (Claude Code, Cursor, etc.) to Prodflow via MCP, that tool can read your published documentation and skills. Access is authenticated via OAuth and scoped to your workspace.

Data Storage and Security

  • Your data is stored in PostgreSQL (hosted by Supabase) with encryption at rest.
  • File uploads are stored in Cloudflare R2.
  • All connections use TLS encryption in transit.
  • We follow the principle of least privilege for internal access.

Data Retention

  • Your workspace data is retained as long as your account is active.
  • When you delete a page or skill, it is permanently removed from our database.
  • If you delete your account, all associated data is removed within 30 days.

Third-Party Services

We use the following third-party services that may process your data:

  • Clerk — Authentication
  • Supabase — Database hosting
  • Cloudflare — CDN, R2 storage, DNS
  • Railway — Application hosting
  • OpenAI / Google — AI model providers
  • PostHog — Analytics
  • Sentry — Error monitoring
  • Knock — Notifications

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your content
  • Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@prodflow.co.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification.

Contact

If you have questions about this Privacy Policy, contact us at privacy@prodflow.co.

Last updated: March 27, 2026