Privacy Policy
Last updated: March 2025
Ponaflow ("we", "our", or "us") operates ponaflow.com and provides a platform for building and hosting no-code flows. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.
1. Data we collect
Builder account data: When you use the Ponaflow builder (app.ponaflow.com), we store your workspace configuration, project content, and domain settings. Authentication is handled by Clerk; we store the user identifier (Clerk user ID) and username you provide.
End-user data (authenticated projects): When you enable authentication on a project, visitors sign in via Clerk. We receive and may process user identifiers and email addresses for access control (e.g. whitelists). Clerk processes sign-in/sign-up data under its own privacy policy.
Technical data: We use Cloudflare and Netlify for hosting. These services may log IP addresses, request headers, and similar technical data for security and operations.
2. Purpose and legal basis
We process data to provide the Ponaflow service (hosting, authentication, workflow execution), improve the platform, and comply with legal obligations. Our legal bases include contract performance, consent (where applicable), and legitimate interests.
3. Data processors
We use the following sub-processors. Each has a Data Processing Agreement (DPA) available:
- Clerk — Authentication
- Netlify — Hosting
- Cloudflare — API and CDN
4. Retention
We retain builder state and project content for as long as your account is active. You may delete data by unpublishing projects or removing content. Logs and technical data are retained according to our processors' policies and legal requirements.
5. Your rights
You have the right to access, rectify, erase, restrict processing, data portability, and to object. See our Your rights page for details on how to exercise these rights.
6. Breach notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law, and notify affected individuals when the risk is high. For more information, contact security@ponaflow.com.
7. Cookies
We use cookies and similar technologies as described in our Cookie Policy.
8. Contact
For privacy-related questions or to exercise your rights, contact us at privacy@ponaflow.com.