Privacy Policy

Last updated: June 14, 2026

This Privacy Policy describes how EnforcedFlow (“we”, “us”, or “our”) collects, uses, and protects information when you use our services at enforcedflow.com and app.enforcedflow.com (the “Service”).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and billing information necessary to provide the Service.

Usage Data

We collect information about how you use the Service, including feature interactions, log data, IP addresses, and browser/device information for security and service improvement purposes.

Google Calendar Data

When you connect your Google account to enable the calendar availability feature, we request the following permissions from Google:

  • Google Calendar (read-only): We read your calendar’s free/busy availability — specifically, the times when you are busy — to determine your availability for lead assignments. We do not read the titles, descriptions, attendees, or any other details of your calendar events.
  • Google account email address: We use your email address to identify and link your Google account to your EnforcedFlow agent profile.

2. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Service
  • Determine agent availability for round-robin lead assignment
  • Send transactional emails (e.g. account confirmations, calendar disconnection notices)
  • Respond to support requests
  • Comply with legal obligations

Use of Google Calendar Data

Google Calendar data (free/busy information and your email address obtained via Google OAuth) is used solely to determine your availability for lead routing within EnforcedFlow. Specifically:

  • We check whether you have calendar conflicts during a proposed assignment time
  • We store your OAuth access and refresh tokens to query availability on your behalf
  • We do not read event titles, descriptions, or attendee lists
  • We do not use calendar data for advertising or marketing purposes
  • We do not sell, transfer, or disclose Google user data to third parties except as required to operate the Service (e.g. our hosting infrastructure)
  • We do not allow humans to read your Google Calendar data except where strictly necessary for security, legal compliance, or with your explicit permission

This use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements.

3. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Infrastructure providers (e.g. hosting, databases) who process data on our behalf under confidentiality obligations
  • Legal requirements: If required by law, court order, or to protect the rights and safety of EnforcedFlow, our users, or the public

We do not share Google user data with any third party for purposes unrelated to providing the Service.

4. Data Retention

  • Account data is retained for as long as your account is active or as needed to provide the Service
  • Google OAuth tokens are retained while your Google Calendar connection is active. They are deleted immediately when you disconnect your calendar from within EnforcedFlow or revoke access via your Google account
  • Free/busy query results are not persistently stored; availability is queried in real time at the time of assignment evaluation

You may request deletion of your data at any time by contacting us or by deleting your account.

5. Google Account Access and Revocation

You may disconnect your Google Calendar from EnforcedFlow at any time through the Agent Portal calendar settings page. You may also revoke EnforcedFlow’s access to your Google account at any time through your Google Account permissions page.

Upon revocation or disconnection, we will delete your stored OAuth tokens and cease querying your calendar.

6. Data Security

We implement appropriate technical and organisational measures to protect your information, including encrypted storage of OAuth tokens, HTTPS for all data in transit, and access controls limiting who can access user data within our systems.

7. Your Rights

Depending on your location, you may have rights to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Withdraw consent at any time (where processing is consent-based)

To exercise these rights, contact us at contact@enforcedflow.com.

8. Cookies

We use cookies and similar technologies to maintain your session, remember preferences, and analyse usage. You can control cookies through your browser settings, though disabling them may affect Service functionality.

9. Third-Party Services

The Service integrates with third-party services including Google (Calendar API), Stripe (payments), and Postmark (transactional email). These services operate under their own privacy policies. We recommend reviewing those policies.

10. Children’s Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The “Last updated” date at the top of this page reflects when the policy was last revised.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

EnforcedFlow
Email: contact@enforcedflow.com
Address: 1 Soljak Place, Auckland, New Zealand