Legal

Privacy Policy

This policy explains how Rateflow handles information when businesses and their authorized users use the Rateflow platform, client portals, integrations, and support channels.

Last updated: June 8, 2026

Important distinction for customer data

Rateflow is a business-to-business service. A subscribing company generally controls the client, prospect, employee, and business records it places in Rateflow. Rateflow processes that information to provide the service on the company's behalf. Questions about records entered by a Rateflow customer may need to be directed to that customer first.

1. Scope and roles

This Privacy Policy applies to Rateflow's website, application, client-facing portals, integrations, and support communications. It does not govern third-party products or websites that have their own privacy policies.

For information Rateflow collects about account holders, website visitors, and support contacts for its own business purposes, Rateflow acts as the business or controller. For information a customer submits or connects to the platform, Rateflow generally acts as a service provider or processor for that customer.

2. Information we collect

Depending on the features used, Rateflow may collect or process:

  • Account and company information: names, business email addresses, phone numbers, company details, user roles, login and authentication information, branding, and account preferences.
  • Client and prospect records: company and contact details, notes, tasks, activity history, forwarded emails, messages, documents, and files.
  • Quotes and commercial records: rates, quote contents and versions, rate sheets, quote status and viewing activity, invoice and volume data, payment-status information when available, and related business records.
  • Portal and acceptance records: portal messages, attachments, accepted names, acceptance timestamps, IP addresses, and quote view counts.
  • Calendar and integration data: connected-account email addresses, calendar events, event attendees, meeting links, integration identifiers, authorization scopes, encrypted access credentials, and synchronization state.
  • Meeting and AI feature data: temporary meeting audio, transcripts, summaries, action items, and content submitted to extraction, classification, drafting, or analysis features.
  • Technical and security data: IP address, browser and device information, authentication and session data, error information, timestamps, and records needed to prevent abuse and secure the service.
  • Support communications: information included in emails, requests, reports, and other communications with Rateflow.

3. Sources of information

We receive information:

  • Directly from users, customers, client-portal users, and support contacts.
  • From authorized users within the same subscribing company.
  • From documents, emails, and business records submitted to the service.
  • From connected services when a user authorizes an integration.
  • Automatically through essential cookies, local storage, logs, and security controls.

4. How we use information

Rateflow uses information to:

  • Provide, operate, authenticate, maintain, and improve the service.
  • Create and manage quotes, client records, rate sheets, portals, invoices, and workflows.
  • Connect and synchronize authorized third-party services.
  • Transcribe meetings and provide requested AI-assisted features.
  • Send service, account, quote, support, and security communications.
  • Protect accounts, investigate misuse, enforce agreements, and comply with law.
  • Understand product performance and plan improvements using business and service data.

Rateflow does not use Google user data or customer content for advertising, and does not use it to determine creditworthiness or make lending decisions.

5. Google user data

When a user connects Google Calendar, Rateflow requests the user's identity and email information and permission to access calendar events. Rateflow uses that access to display relevant meetings in Rateflow and, when the user uses synchronization features, create, update, or delete calendar events on the user's behalf.

Rateflow stores the connected account email, granted scopes, calendar and event identifiers, synchronization state, and encrypted OAuth access and refresh tokens needed to maintain the connection. Rateflow shares instructions and event data with Google only as needed to perform actions requested through the connected features.

A user may disconnect Google Calendar from Rateflow settings. Rateflow will make a best-effort request to revoke access at Google and delete the stored connection credentials. A user can also revoke access through their Google Account.

Rateflow's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. AI, transcription, and automated features

When a user chooses an AI-assisted or transcription feature, Rateflow sends the content needed to perform that request to providers that process it for Rateflow. Current providers may include Anthropic for AI-assisted processing and Deepgram for transcription.

AI output may be incomplete or inaccurate. Users should review output before relying on it or sharing it. Customers must not submit information to these features unless they have the legal right and any required consent to do so.

Recording and transcription laws vary. The customer and the user starting a recording are responsible for providing notices and obtaining all consent required by the laws that apply to every participant.

7. How we disclose information

Rateflow may disclose information:

  • To authorized users and client-portal users as directed by the subscribing company and controlled by account permissions.
  • To service providers that host, secure, communicate, transcribe, analyze, or otherwise support the service. Current providers may include Supabase, Netlify, Resend, Anthropic, and Deepgram.
  • To connected services, such as Google Calendar or an accounting platform, when a user authorizes the connection or requests an action.
  • To professional advisers, auditors, insurers, and transaction advisers subject to appropriate duties.
  • When required by law, legal process, or a valid government request, or when reasonably necessary to protect rights, safety, security, and the integrity of the service.
  • In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to applicable legal requirements.

Rateflow does not sell personal information and does not share personal information for cross-context behavioral advertising. Rateflow does not currently use advertising cookies or permit third parties to track users across unaffiliated websites for advertising.

8. Cookies and browser signals

Rateflow uses essential cookies and local storage for authentication, security, account context, and requested product functionality. Blocking these technologies may prevent parts of the service from working.

Because Rateflow does not currently sell or share personal information for behavioral advertising, browser Do Not Track and Global Privacy Control signals do not change Rateflow's current practices. If Rateflow begins an activity for which the law requires honoring such a signal, Rateflow will do so as required and update this policy.

9. Retention

Rateflow retains information for as long as reasonably needed to provide the service, maintain business and security records, comply with law, resolve disputes, and enforce agreements. Retention depends on the type of information, why it was collected, customer instructions, legal requirements, and technical backup cycles.

Meeting audio uploaded through Rateflow's native recorder is temporary and is deleted after the transcription provider retrieves it or after a failed transcription attempt. Transcripts, summaries, customer content, and business records may remain in the account until deleted, no longer needed, or subject to a configured retention routine.

Deletion requests may not remove information immediately from backups or records that Rateflow must retain for legal, security, fraud-prevention, or legitimate business purposes.

10. Security

Rateflow uses reasonable administrative, technical, and organizational measures designed to protect information. Measures currently include account authentication, role and company-based access controls, encrypted Google OAuth tokens, private storage where appropriate, and time-limited file access links.

No online service can guarantee absolute security. Customers are responsible for managing authorized users, using strong credentials, reviewing permissions, and promptly reporting suspected unauthorized access.

11. Privacy rights and choices

Depending on where a person lives and which laws apply, they may have rights to request access to, correction of, or deletion of personal information; obtain a portable copy; restrict or object to certain processing; or receive information about collection and disclosure practices.

To submit a request, email hello@rateflow.app with the subject "Privacy Request" and identify the relevant account or company. Rateflow may need to verify identity and authority before completing a request. Authorized agents may submit requests where permitted by law, but Rateflow may require proof of authorization and direct verification with the individual.

Rateflow will respond within the period required by applicable law and will not unlawfully discriminate against a person for exercising a privacy right. If the requested information is controlled by a Rateflow customer, Rateflow may direct the request to that customer or assist the customer in responding.

12. United States processing and children

Rateflow is operated in the United States. Information may be processed in the United States and other locations where Rateflow's service providers operate, subject to applicable safeguards and law.

Rateflow is intended for business users and is not directed to children under 13. Rateflow does not knowingly collect personal information directly from children under 13. Contact Rateflow if you believe a child has provided personal information.

13. Changes and contact

Rateflow may update this policy as the service and legal requirements change. The updated policy will be posted here with a revised date. If a change materially affects how Rateflow uses information already collected, Rateflow will provide additional notice or obtain consent where required.

Questions, privacy requests, and complaints may be sent to hello@rateflow.app. For general help, visit the Support page.