Privacy Policy
Last updated June 2026
This Privacy Policy explains how Upflio Workspace, Inc. (“Upflio”, “we”, “us”) collects, uses, and protects information when you use our website and product (the “Service”). By using the Service, you agree to the practices described here.
1. Information we collect
- Account information — your name and email address when you join the waitlist or create an account, and authentication details if you sign in with a provider such as Google.
- Workspace content — the tasks, files, documents, messages, tickets, and other content you and your team create, and the client records you add.
- Billing information — if you subscribe to a paid plan, payment is handled by our payment processor; we store limited billing metadata (plan, status), not full card numbers.
- Usage and device data — logs, approximate location derived from IP, browser type, and diagnostic data needed to operate, secure, and improve the Service.
- Cookies — strictly-necessary cookies for authentication and session management.
2. How we use your information
- To provide, maintain, and improve the Service.
- To authenticate you and keep your account and data secure.
- To communicate with you about your account, early access, support, and important changes.
- To process payments and manage subscriptions.
- To comply with legal obligations and enforce our terms.
We do not sell your personal information.
3. Service providers (subprocessors)
We share data only with vendors that help us run the Service, under agreements requiring them to protect it and use it only on our instructions. These currently include:
- Stripe — payment processing and subscription billing.
- Resend — delivery of transactional and notification emails.
- Google — optional single sign-on (OAuth) authentication.
- Our hosting provider — infrastructure that stores and serves your data.
4. Data retention
We keep your information for as long as your account is active or as needed to provide the Service. When you delete your account or content, we remove it from our active systems within a reasonable period, except where we must retain it to meet legal obligations.
5. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights — or ask any privacy question — through our contact page. If you are in the EU/UK, our lawful bases for processing are performance of our contract with you, your consent, and our legitimate interests in operating the Service.
6. Data security
We protect your data with encryption in transit, scoped access controls, and per-workspace isolation. See our Security page for more detail. No method of transmission or storage is 100% secure, but we work hard to protect your information.
7. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
8. International transfers
Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.
9. Changes to this policy
We may update this policy from time to time. We’ll post the new version here and update the date above; significant changes will be communicated to you.
10. Contact us
Questions about this policy or your data? Reach us through the contact page.