Privacy Policy

Introduction

This privacy policy explains how CleanFlow collects, uses, and protects your personal information when you use our cleaning management platform and services.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Norwegian Personal Data Act, and the ePrivacy Directive.

Data Controller

What Data We Collect

Account Information

When you register for CleanFlow, we collect:

• Name and email address: For account creation and communication
• Company/organization name: To set up your organization account
• Phone number: For account security and support (optional)
• Job title and role: To provide appropriate access levels

Building and Cleaning Data

When you use CleanFlow to manage cleaning operations, we collect:

• Building information: Names, addresses, floor plans, room details
• Task data: Cleaning tasks, schedules, completion status
• Time tracking: Work hours, task duration, attendance
• Quality data: Inspections, deviations, photos, comments
• Team data: Team assignments, user roles, department structure

Technical Data

• Device information: Browser type, device type, operating system
• Usage data: Pages visited, features used, time spent (anonymous)
• IP address: For security, fraud prevention, and regional analytics

Waitlist Data

If you join our waitlist before registering:

• Name, company, email, phone: To contact you about CleanFlow
• IP address and browser info: For spam prevention

Cookies and Tracking Technologies

Strictly Necessary Cookies

These cookies are essential for the platform to function and do not require consent:

• Authentication cookies: Keep you logged in and verify your identity (Supabase Auth)
• Session cookies: Maintain your session while using the application
• Security cookies: Protect against CSRF attacks and unauthorized access

These cookies are first-party cookies from cleanflow.no and are deleted when you log out or close your browser.

Analytics (Cookie-Free)

We use Vercel Analytics to understand how our platform is used:

• No cookies used - Vercel Analytics is completely cookie-free
• Anonymous data only - No personally identifiable information collected
• No IP addresses stored - Users identified by anonymous hash
• GDPR compliant - No consent required
• No cross-site tracking - Data used only for aggregated statistics

Vercel Analytics helps us improve the platform by showing which features are used most, but cannot identify individual users or track them across websites.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract performance (GDPR Art. 6(1)(b)): Processing necessary to provide CleanFlow services
• Legitimate interest (GDPR Art. 6(1)(f)): Security, fraud prevention, and service improvement
• Consent (GDPR Art. 6(1)(a)): Marketing communications (you can withdraw anytime)
• Legal obligation (GDPR Art. 6(1)(c)): Compliance with accounting and tax laws

How We Use Your Data

We use your information to:

• Provide and maintain the CleanFlow platform
• Manage your account and authenticate your access
• Process and store your cleaning management data
• Send service notifications and updates
• Provide customer support
• Improve our services and develop new features
• Ensure security and prevent fraud
• Comply with legal obligations

We will NOT: Sell your data, use it for advertising, or share it with third parties for marketing purposes without your explicit consent.

Data Sharing and Third Parties

We only share your data with trusted service providers necessary to operate CleanFlow:

• Supabase (Database & Auth): EU-hosted, GDPR-compliant infrastructure
• Vercel (Hosting & Analytics): Cookie-free analytics, GDPR-compliant

All service providers are bound by data processing agreements (DPAs) and comply with GDPR requirements.

Data Storage and Security

How Long We Keep Your Data

Active Accounts

While your account is active, we retain your data to provide the service.

After Account Deletion

• Personal data: Deleted within 30 days
• Backups: Removed from backups within 90 days
• Legal requirements: Some data may be retained for accounting/tax purposes (7 years)
• Anonymized data: Aggregated statistics may be retained indefinitely

Waitlist Data

Waitlist information is kept until:

• You request deletion
• You register for CleanFlow (data migrated to your account)
• 12 months after public launch, if you haven't registered

Your Rights (GDPR)

Under GDPR and Norwegian privacy law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data ("right to be forgotten")
• Data portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Withdraw your consent at any time
• Complain: Lodge a complaint with Datatilsynet (Norwegian Data Protection Authority)

To exercise any of these rights, contact us at admin@cleanflow.no

Contact Us

If you have any questions about this privacy policy or how we handle your data:

Supervisory Authority

If you believe we are not handling your data correctly, you can file a complaint with:

Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page will reflect when changes were made. Significant changes will be communicated via email to waitlist members.