Privacy Policy for Draft & Flow

Effective Date: 21 Dec 2024

Welcome to Draft & Flow, accessible from https://draftandflow.com. Your privacy is critically important to us. This Privacy Policy outlines the types of information that is collected and recorded by Draft & Flow and how we use it.

1. UK General Data Protection Regulation (UK GDPR)

We are a Data Controller of your information, adhering to the principles of the UK GDPR.

Draft & Flow's legal basis for collecting and using personal information depends on the Personal Information we collect and the specific context in which we collect it:

You have given Draft & Flow explicit consent to do so.

  • Processing your personal information is necessary to keep in contract with you.
  • Processing is necessary to comply with legal requirements.
  • Processing is necessary to protect someone’s life.
  • Processing is necessary for legitimate interests pursued by Draft & Flow, provided those interests are not overridden by your rights and interests.

Draft & Flow will retain your personal information only for as long as is necessary for the purposes stated in this Privacy Policy, and as required to comply with our legal obligations and enforce our agreements.

As a resident in the UK, you have specific data protection rights. If you wish to be informed about what Personal Information we hold about you and if you want it to be removed from our systems, please contact us.

2. Information We Collect

We collect minimal personal information, and you will be informed of the specific details at the point of collection.

If you contact us directly, we may receive information about you such as your name, email address, phone number, the content of your message and/or attachments, and any other information you may choose to provide.

If you subscriibe to our email, we will receive your email address and any other information you choose to provide.

3. How We Use Your Information

We use your information, including personal data, for the following purposes:

  • To provide, operate, and maintain our website.
  • To improve, personalize, and expand our website.
  • To understand and analyze how you use our website.
  • To develop new products, services, features, and functionality.
  • To communicate with you for customer service, updates, and promotional purposes.
  • To send you emails.
  • To detect and prevent fraud.

4. Billing Information and Third-Party Payment Processors

In order to purchase products or services from Draft & Flow, we collect billing and payment information. This may include your name, billing address, and payment card details. We use third-party payment processors, namely Stripe and Xero, to handle this information securely.

How Third-Party Payment Processors Use Your Billing Information

  • Stripe: Stripe is a global online payment processor that is trusted by thousands of businesses across the globe. When you make a payment on [Your Website Name], Stripe may collect and process your payment card details. Stripe's use of your personal data is governed by their Privacy Policy, which can be found at Stripe's website.

  • Xero: Xero is an online accounting software for small and medium-sized businesses that also provides functionalities for processing transactions. Xero may handle parts of your billing information for processing payments. For more details on how Xero uses and protects your data, please refer to Xero's Privacy Policy on their website.

Please note that Draft & Flow does not store your payment card details. We only have access to limited information regarding your transactions, which are necessary for customer service, billing disputes, and as required by law.

Security of Your Information

We take the security of your personal and billing information seriously. We implement a variety of security measures to maintain the safety of your personal information when you place an order or access your personal information. Our third-party payment processors use secure socket layer technology (SSL) for transactions and comply with the highest standards of PCI-DSS requirements.