Privacy Policy

Last updated: November 20, 2025

1. Introduction

Welcome to ReorderFlow. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website reorderflow.io and use our inventory automation services.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Company Information

Service Provider: ReorderFlow
Website: reorderflow.io
Contact Email: privacy@reorderflow.io

For privacy-related inquiries, data access requests, or to exercise your rights, please contact us at the email address above.

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

  • Contact Us or Book a Call: Name (optional), email address, store URL, monthly revenue range, phone number (if provided)
  • Create an Account: Name, email address, company name, billing information
  • Use Our Services: Shopify store credentials (via OAuth), inventory data, product information, SKUs, supplier mappings, purchase price lists
  • Communicate With Us: Any information you include in messages, support requests, or feedback

3.2 Information Collected Automatically

When you access our website or use our services, we may automatically collect:

  • Technical Data: IP address, browser type and version, operating system, device identifiers, referring website
  • Usage Data: Pages visited, time spent on site, links clicked, features used, access times and dates
  • Cookies and Tracking Technologies: Session cookies, preference cookies (see Section 9 for details)

3.3 Information From Third-Party Sources

We collect information from third-party services you authorize us to access:

  • Shopify: Store inventory levels, product data, variant information, order history, supplier details (accessed via Shopify API with your explicit authorization)
  • Slack: Workspace information, channel data (if you connect Slack for notifications)
  • Email Provider: Delivery status, open rates (if you use email notifications)

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide Our Services: Monitor inventory levels, generate stockout alerts, create purchase order recommendations, send notifications via Slack or email
  • Account Management: Create and manage your account, authenticate users, process payments, provide customer support
  • Communications: Respond to inquiries, send service-related updates, provide technical support, send newsletters (with your consent)
  • Improve Our Services: Analyze usage patterns, conduct research and development, test new features, optimize performance
  • Security and Fraud Prevention: Detect and prevent fraud, abuse, security incidents, and illegal activities
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, or governmental requests
  • Business Operations: Maintain records, conduct internal audits, analyze business metrics

5. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing is necessary to provide our services and fulfill our contractual obligations to you
  • Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, Shopify API access)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention, security), provided your rights do not override these interests
  • Legal Obligation: Processing is necessary to comply with applicable laws and regulations

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

6.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

  • Shopify Inc.: E-commerce platform integration (API access to your store data)
  • Slack Technologies: Communication platform for sending inventory alerts
  • Email Service Providers: Sending email notifications and alerts
  • Cloud Hosting Providers: Data storage and application hosting (Cloudflare, AWS, or similar)
  • Payment Processors: Processing subscription payments and billing
  • Analytics Providers: Website analytics and usage tracking

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2 Business Transfers

If ReorderFlow is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the successor entity. We will notify you of any such change and the choices you may have.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, search warrants)
  • Government or regulatory requests
  • Protection of our rights, property, or safety, or that of others
  • Investigation of fraud, security issues, or technical problems

6.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods:

  • Account Data: Retained while your account is active and for 3 years after account closure (for legal and accounting purposes)
  • Inventory and Service Data: Retained during service usage and for 90 days after termination (to allow data recovery)
  • Contact Form Submissions: Retained for 2 years or until you request deletion
  • Technical and Usage Logs: Retained for 12 months
  • Payment Records: Retained for 7 years (tax and financial compliance)

After the retention period expires, we will securely delete or anonymize your personal information.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format
  • Objection: Object to processing of your information for certain purposes
  • Restriction: Request restriction of processing under certain circumstances
  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis (without affecting prior processing)

8.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, sources, purposes, and third parties we share it with
  • Right to Delete: Request deletion of your personal information (with certain exceptions)
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: ReorderFlow does not sell or share personal information for cross-context behavioral advertising)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (if applicable)
  • Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

Categories of Personal Information We Collect (CCPA Disclosure):

  • Identifiers (name, email, IP address)
  • Commercial information (purchase history, payment information)
  • Internet activity (browsing history, usage data)
  • Professional information (company name, store URL, business data)

We do not "sell" personal information as defined by CCPA. We share information with service providers as described in Section 6.

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at: privacy@reorderflow.io

We will verify your identity before processing your request (to protect your privacy and security). We will respond to your request within 30 days for general requests, or within 45 days for CCPA requests.

You may also designate an authorized agent to make requests on your behalf. We will require written authorization from you to verify the agent's authority.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and enhance your experience.

9.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality (authentication, security, load balancing)
  • Preference Cookies: Remember your settings and preferences (language, region)
  • Analytics Cookies: Help us understand how visitors use our website (page views, traffic sources, user behavior)
  • Performance Cookies: Monitor website performance and identify technical issues

9.2 Third-Party Services

Our website uses the following third-party services that may collect data:

  • Google Fonts: Loads fonts from Google's servers (may collect IP address)
  • Tailwind CSS CDN: Loads CSS framework from external CDN
  • Lucide Icons: Loads icon library from external CDN

9.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies (may affect website functionality)
  • Receive notifications when cookies are set

Browser-specific instructions: Chrome, Firefox, Safari, Edge

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, loss, misuse, alteration, or disclosure:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
  • Access Controls: Strict access controls and authentication mechanisms (role-based access, multi-factor authentication)
  • Secure Infrastructure: Hosting on secure cloud platforms with industry certifications
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Data Minimization: We collect only the data necessary to provide our services
  • Employee Training: Staff trained on data protection and security best practices
  • Incident Response: Documented procedures for responding to security incidents

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers and service providers may be located. These countries may have data protection laws different from your jurisdiction.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Adequacy decisions by regulatory bodies
  • Certifications and frameworks (e.g., EU-U.S. Data Privacy Framework, if applicable)

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@reorderflow.io.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

13. Third-Party Websites and Services

Our website and services may contain links to third-party websites, plugins, or applications (such as Shopify, Slack). We are not responsible for the privacy practices or content of these third parties.

We encourage you to review the privacy policies of any third-party services you access through our platform:

14. Email Communications (CAN-SPAM Compliance)

We comply with the CAN-SPAM Act for commercial email communications. All marketing emails we send include:

  • A clear identification that the message is an advertisement (if applicable)
  • Our physical postal address
  • A clear and conspicuous opt-out mechanism (unsubscribe link)
  • Accurate "From," "To," and "Reply-To" information
  • A relevant subject line that accurately reflects the email content

Unsubscribe: You may opt out of marketing emails at any time by clicking the "Unsubscribe" link at the bottom of any marketing email. We will process your request within 10 business days.

Note: Even if you opt out of marketing emails, we may still send you transactional or service-related emails (account notifications, inventory alerts, purchase order confirmations, billing statements) that are necessary for the services you use.

15. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Currently, there is no uniform standard for recognizing and implementing DNT signals.

At this time, our website does not respond to DNT browser signals or similar mechanisms. If a standard for online tracking is adopted in the future, we will update this policy accordingly.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last updated" date
  • Sending an email notification to the address associated with your account (for significant changes)
  • Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes become effective constitutes your acceptance of the revised Privacy Policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

ReorderFlow Privacy Team

Email: privacy@reorderflow.io

Website: https://reorderflow.io

We will respond to your inquiry within 30 days.