Privacy Policy
VectorFlow takes a minimal-data posture. We collect what we need to run the Service and the marketing site, retain it for as short a time as we can defend, and never sell personal data. This page tells you exactly what we hold and what your rights are.
1. Who we are
VectorFlow (“VectorFlow”, “we”) is the controller of any personal data we collect about you through this website (vectorflow.sh) and the data we hold about VectorFlow Cloud accounts. For Customer Data submitted to VectorFlow Cloud on behalf of a customer organization, the customer is the controller and VectorFlow is the processor — see the DPA for the processor relationship.
Contact for privacy questions: privacy@vectorflow.sh.
2. Marketing site analytics
The marketing site at vectorflow.sh uses Cloudflare Web Analytics. Cloudflare Web Analytics is cookieless: it does not set any cookie on your browser, does not fingerprint your device, and does not assign a persistent identifier. Cloudflare receives the IP address and HTTP headers it would receive anyway as the CDN terminating TLS, and uses them only to compute aggregate metrics (pageviews, referrers, country-level geography).
Because we use a cookieless analytics provider on the marketing site, we do not display a cookie banner here. The product surface at app.vectorflow.sh and cloud.vectorflow.sh uses different analytics; see section 3.
3. Product analytics
VectorFlow Cloud (the signed-in product) uses PostHog for first-party product analytics: which UI surfaces are used, error rates, feature-adoption funnels. PostHog events carry your account’s organization ID and your user ID and no other personally-identifying field. We do not record pipeline configurations, secrets, or any of your customer’s data through PostHog. PostHog is listed in our published sub-processor list and is bound by a Data Processing Agreement.
You can opt out of product analytics from Settings → Privacy inside the product; opting out disables event collection from that browser session forward.
4. Categories of personal data we hold
- Account data: email, name, hashed password (when a local credential is used), TOTP secret (encrypted), WebAuthn public-key credentials, last sign-in timestamps.
- Organization membership: which org(s) your user is a member of, your role within each org, and configuration you set as an OWNER/ADMIN.
- Audit log: every change made via the product (who did what, when), retained in a hash-chained ledger so tampering is detectable.
- Billing data: handled by Stripe; we hold the Stripe customer ID and the last-four of payment cards Stripe surfaces to us. We do not store full card numbers.
- Support correspondence: when you email us we keep the thread in our helpdesk for at most 24 months.
- Marketing-site analytics: aggregate cookieless metrics from Cloudflare; no per-visitor records.
5. Lawful bases (GDPR / UK GDPR)
We rely on the following lawful bases:
- Performance of a contract — for account data, org-membership data, audit logs, and billing data. We need this data to provide the Service you signed up for.
- Legitimate interests — for product analytics (PostHog) and aggregate marketing-site metrics (Cloudflare), balanced against the minimal-data, cookieless posture described above. You may opt out of product analytics at any time.
- Legal obligation — for accounting records and any data we are required by law to retain after account closure.
- Consent — for sub-processor-change-notice emails (when you subscribe per the sub-processors page); you can withdraw consent from settings.
6. Where personal data is processed
The Service is currently hosted in the European Union (Frankfurt / eu-central-1). Sub-processors that may handle personal data are published at /trust/subprocessors; subscribe there to receive 30 days’ advance notice of any change. Cross-border data transfers rely on Standard Contractual Clauses (or the UK equivalent) where the sub-processor sits outside the UK / EEA.
7. Retention
- Account data: retained for the life of the account; deleted within 30 days of account closure unless we are required to keep it for compliance.
- Audit log: retained for 7 years by default to support compliance use-cases; configurable on Enterprise plans.
- Billing records: 7 years (statutory accounting retention).
- Support correspondence: 24 months.
- Cloudflare Web Analytics: aggregate; no per-visitor retention beyond Cloudflare’s own internal retention window.
- PostHog: as long as you have an active account; deleted within 30 days of account closure.
8. Security
See the Trust & Security overview for our technical and organisational security measures. The summary: per-org KMS-wrapped encryption keys, no operator decryption without an audited break-glass grant the customer OWNER approves in-app, hash-chained audit logs, and a documented sub-processor list.
9. Your rights
If we hold personal data about you, you have the right to:
- Access a copy of the data we hold.
- Correct any inaccurate or incomplete data.
- Erase the data (subject to retention obligations described above). The product UI exposes erase-self under Settings → Privacy; org admins can erase an individual user via the GDPR Art. 17 surface in the org admin settings.
- Restrict or object to processing where we rely on legitimate interests.
- Receive a portable copy of your data in a structured, machine-readable format.
- Lodge a complaint with a supervisory authority (UK ICO or your local EU data-protection authority).
To exercise any of these rights, email privacy@vectorflow.sh. We aim to respond within 14 days.
10. Changes to this policy
We may update this Privacy Policy. The version number and effective date at the top of this page are the source of truth. For changes that materially expand processing, we will notify the email address registered with your account before the change takes effect.
11. Contact
Privacy: privacy@vectorflow.sh
Trust & security: trust@vectorflow.sh