Roastflow
Sign InJoin waitlist

Privacy Policy

Effective date: April 8, 2026

1. Introduction

Roastflow ("we", "us", or "our") operates the Roastflow platform at roastflow.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account we collect your name, email address, and authentication credentials provided through our authentication provider (Clerk). If you connect a Shopify store we also store your Shopify store domain and API access tokens.

Roasting & Business Data

We store data you enter into the platform including roast profiles, roast logs, inventory records, product catalogs, purchase orders, and other operational data related to your coffee roasting business.

Usage Data

We automatically collect information about how you interact with our service, including pages visited, features used, browser type, device information, and IP address.

3. How We Use Your Information

  • Provide, operate, and maintain the Roastflow platform
  • Sync inventory and product data with your connected Shopify store
  • Process and fulfill orders through integrated e-commerce channels
  • Send transactional emails and service notifications
  • Improve and optimize our platform and user experience
  • Respond to customer support requests
  • Detect and prevent fraud or abuse

4. Data Sharing & Third Parties

We do not sell your personal information. We share data only with the following categories of service providers that help us operate the platform:

  • Authentication: Clerk
  • Database & Backend: Convex
  • Hosting: Vercel
  • E-commerce Integration: Shopify (only when you connect your store)
  • AI Services: Anthropic (for AI-assisted features; no personal data is used for model training)

We may also disclose information if required by law, regulation, or legal process.

5. Data Retention

We retain your account and business data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it by law.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to or restrict certain processing activities

To exercise any of these rights, contact us at privacy@roastflow.io.

8. Cookies

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

Roastflow is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@roastflow.io.