Last updated: April 27, 2026 This Privacy Policy describes how Capoflow, LLC (“Company,” “we,” “us,” or “our”) collects, uses, and shares information when you use our business management platform (“Service”). By using the Service, you agree to the collection and use of information as described in this Privacy Policy. When you use the Service to manage your business data (e.g., customer records, invoices, quotes), Capoflow acts as a data processor on your behalf. You remain the data controller for any personal data you enter into the Service about your customers or contacts. This Privacy Policy governs the information we collect about you as a user of the Service; it does not govern how you collect, use, or disclose your own customers’ data, which is your responsibility.

1. Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, business name, and billing information when you create an account
• Business Data: Customer records, quotes, invoices, expenses, work items, and other data you enter into the Service
• Communications: Messages you send to us or through the Service
• Payment Information: Payment card details processed by our third-party payment processor

iOS In-App Purchase Data

When you subscribe to Capoflow through the iOS application, Apple In-App Purchase processes your transaction. As part of that process, Apple provides us with limited transaction metadata required to activate and maintain your subscription, including:

• A signed transaction receipt (a JSON Web Signature issued by Apple) used to verify the legitimacy of the purchase
• Apple-issued transaction identifiers (transaction ID and original transaction ID) used to track renewals and prevent duplicate processing
• The product identifier of the subscription tier you purchased
• The subscription environment (sandbox or production) and the purchase, renewal, expiration, and (if applicable) revocation timestamps
• An app-account token (a UUID we generate that is bound to your Capoflow account) so we can match the Apple transaction to the correct account

We do not receive your Apple ID, name, email address, payment card details, billing address, or any other personal information from Apple as part of this process. Apple retains your payment information; Capoflow does not. We use this transaction metadata solely to (a) activate and maintain your subscription entitlement, (b) keep your subscription status in sync with Apple’s servers via App Store Server Notifications, and (c) preserve an audit trail of subscription events for support and accounting purposes. This data is not used for advertising and is not sold or shared with third parties.

Information from Third-Party Integrations

When you connect third-party services (such as Intuit QuickBooks), we collect data from those services that you authorize us to access, which may include:

• Customer and contact information
• Invoice and payment records
• Transaction history
• Business financial data

You control which integrations are connected and may disconnect them at any time.

Information Collected Automatically

• Usage Data: Pages viewed, features used, and actions taken within the Service
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, and referring URLs
• Cookies: We use cookies and similar technologies to operate and improve the Service

2. How We Use Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send administrative messages and updates
• Respond to your requests and provide support
• Analyze usage to improve features and user experience
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

We do not sell, rent, or share your personal information or business data with third parties for their own marketing purposes or for monetary or other valuable consideration.

3. How We Share Information

We may share information in the following circumstances:

Service Providers

We share information with third-party vendors who perform services on our behalf, such as:

• Cloud hosting and infrastructure (e.g., Supabase, Vercel)
• Payment processing (e.g., Stripe for web subscriptions; Apple Inc. for iOS In-App Purchase subscriptions)
• Email delivery (e.g., Resend)
• Analytics services

These providers are contractually obligated to use your information only to provide services to us.

Third-Party Integrations

When you connect third-party services like QuickBooks, we share data with those services as necessary to maintain the integration. Your use of third-party services is governed by their respective privacy policies.

Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of the Company, our users, or others.

Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

With Your Consent

We may share information for other purposes with your explicit consent.

4. Third-Party Integrations

Intuit QuickBooks

If you connect your QuickBooks account, we access your QuickBooks data to provide synchronization features. This may include:

• Reading customer, invoice, and payment data
• Writing data to your QuickBooks account when you initiate sync operations

We access only the data necessary to provide the features you use. You can disconnect QuickBooks at any time through your account settings, which will stop future data access. Our use of information received from QuickBooks APIs adheres to Intuit’s developer policies.

Other Integrations

We may offer integrations with other third-party services. Each integration will clearly describe what data is accessed and how it is used before you connect.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account termination, we may retain certain information as required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements). You may request deletion of your data as described in Section 7.

6. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users within a reasonable timeframe and, where required by applicable law, notify the relevant authorities.

7. Your Choices and Rights

Access and Update

You can access and update your account information through your account settings.

Data Deletion

You may request deletion of your account and associated data by contacting us at contact@capoflow.ai. Upon request, we will delete your data within thirty (30) days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements. Certain data may also be retained in encrypted backups for a limited period as part of our standard disaster-recovery process; such backup data is automatically purged on a rolling schedule.

Disconnect Integrations

You can disconnect third-party integrations at any time through your account settings. Disconnecting an integration stops future data synchronization but does not automatically delete previously synced data.

Cookies

Most browsers allow you to control cookies through settings. Disabling cookies may affect Service functionality.

Marketing Communications

We only send promotional or product update emails if you have opted in during account registration. You may opt out at any time by following the unsubscribe instructions in those messages or by contacting us at contact@capoflow.ai. Transactional emails related to your account and Service usage (such as invoices, password resets, and security notifications) are not affected by marketing preferences.

8. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

9. International Users

The Service is operated in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

10. SMS Text Messaging

Capoflow sends transactional SMS text messages on behalf of businesses using our platform. These messages include invoice notifications, payment receipts, quote notifications, statement notifications, and appointment reminders. SMS messaging is provided through Twilio, Inc., our third-party messaging provider. Data We Collect. We process phone numbers provided by businesses for the sole purpose of delivering transactional SMS notifications. We also store SMS delivery status, opt-in and opt-out status for each phone number, and consent records including when and how consent was obtained. SMS/Mobile Privacy. Your phone number is used solely for delivering transactional notifications. Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We do not use phone numbers to send marketing, promotional, or advertising messages. Opt-Out. You can opt out of SMS notifications at any time by replying STOP to any message. Once you opt out, no further SMS messages of any kind will be sent to your number. To re-subscribe, reply START. For help, reply HELP or contact us at contact@capoflow.ai. Message Frequency and Rates. Message frequency varies based on your service interactions. Message and data rates may apply depending on your mobile carrier and plan.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the “Last Updated” date. For material changes, we may require you to review and re-accept the updated policy before continuing to use the Service. If you do not accept the updated policy, you may discontinue use of the Service.

12. Contact Us

For questions about this Privacy Policy, to exercise your data rights, or for any other inquiries, contact us at: contact@capoflow.ai