NinjaFlow
Sign inStart free

Legal

Privacy Policy

Last updated · May 24, 2026

1. Introduction

NinjaFlow (“NinjaFlow,” “we,” “us,” or “our”) provides a software-as-a-service platform that helps organizations design, run, and embed workflow automations and customer-facing flows. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

This policy applies to:

  • Visitors to ninjaflow.com and related marketing pages.
  • Users who sign up for and use the NinjaFlow application.
  • End users of workflows or embedded widgets that our customers build with NinjaFlow.

When you use NinjaFlow as part of a workflow built by one of our customers (for example, you submit a form on a customer’s website), that customer is the controller of your personal information and NinjaFlow acts as a processor on their behalf. You should refer to that customer’s own privacy notice for details about how they handle your data.

2. Information We Collect

2.1 Account information

When you create an account we collect your name, email address, password (stored hashed), organization name, role, and billing information.

2.2 Customer content

When you use NinjaFlow you may upload, create, or transmit data through the platform — including workflow definitions, form submissions, files, and connection credentials. We refer to this as “Customer Content.” You retain ownership of Customer Content. We process it only to provide the service to you and on your instructions.

2.3 Usage and device data

We collect information about how you interact with the platform, including pages viewed, features used, IP address, browser type, device identifiers, operating system, and approximate location derived from IP. We use this data to operate, secure, and improve the service.

2.4 Communications

When you contact support, request a demo, or sign up for marketing updates, we collect the contents of your message and any contact details you provide.

2.5 Information from third parties

If you sign in with a third-party identity provider (for example, Google or Microsoft), we receive basic profile information from that provider. If your organization administrator invites you, they may provide your contact details to us on your behalf.

3. How We Use Information

We use information to:

  • Provide, maintain, and improve the NinjaFlow service.
  • Authenticate users and protect against fraud and abuse.
  • Process payments and prevent billing errors.
  • Send service notifications, security alerts, and administrative messages.
  • Respond to your support requests and feedback.
  • Analyze platform usage to inform product decisions.
  • Send marketing communications where you have opted in (you can opt out at any time).
  • Comply with legal obligations and enforce our agreements.

We do not sell personal information, and we do not use Customer Content to train machine-learning models without explicit opt-in.

4. Sharing and Disclosure

We share information only as described below:

  • Sub-processors. We use vetted third-party service providers for hosting, email delivery, customer support, payments, analytics, and similar functions. Each sub-processor is bound by contractual obligations to protect your information. A current list is available on request from [email protected].
  • Within your organization. Account administrators in your organization can see information about other users in the same workspace.
  • Legal compliance. We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers. If NinjaFlow is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify you and any acquirer will continue to honor the commitments in this policy.

5. International Data Transfers

NinjaFlow operates globally and your information may be processed in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

6. Data Retention

We retain account and Customer Content for as long as your account is active and as needed to provide the service. After cancellation, Customer Content is deleted within 30 days unless we are required to retain it for legal, accounting, or security reasons. You can request earlier deletion by contacting us.

Backups and disaster-recovery copies are rotated on a defined schedule and overwritten in the normal course of operations.

7. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information; to object to processing; and to withdraw consent. To exercise any of these rights, contact [email protected]. We will respond within the timeframe required by applicable law.

If you are an end user of a workflow built by one of our customers, please direct your request to that customer first. We will assist them in responding.

8. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, encryption at rest for secrets, role-based access controls, audit logging, and per-organization data isolation. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at [email protected].

9. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember preferences, measure traffic, and analyze how the platform is used. You can control cookies through your browser settings. Disabling some cookies may affect functionality.

10. Children’s Privacy

NinjaFlow is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us so we can delete it.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via the platform or by email at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact Us

Questions about this policy or our privacy practices can be sent to: