Privacy Policy

Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how the Operator of QB Flow collects, uses, stores, protects, and discloses information in connection with your use of the Application. This Privacy Policy is incorporated by reference into the Terms of Service and forms part of the binding agreement between you and the Operator.

GEOGRAPHIC SCOPE: THIS PRIVACY POLICY APPLIES SOLELY TO USERS LOCATED IN THE UNITED STATES OF AMERICA. QB FLOW IS NOT DIRECTED TO INDIVIDUALS OUTSIDE THE UNITED STATES. WE DO NOT KNOWINGLY COLLECT PERSONAL INFORMATION FROM NON-U.S. RESIDENTS. IF YOU ARE LOCATED OUTSIDE THE UNITED STATES, DO NOT USE QB FLOW.

This Privacy Policy does not constitute compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s PIPEDA, or any other non-U.S. privacy framework. Non-U.S. users should not rely on this policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Registration Data: Name, email address, username, and password if you create an account;
  • User Inputs and Prompts: Text, schema descriptions, field names, and requirements you submit to generate code;
  • Communications: Messages you send to us via support channels or email;
  • Payment Information (if applicable): Billing details processed through third-party payment processors; we do not store full payment card numbers.

2.2 Quickbase® Token Data

TOKEN STORAGE IS OPT-IN ONLY. BY DEFAULT, QB FLOW DOES NOT STORE YOUR QUICKBASE® USER TOKEN. A token is retained beyond your active session ONLY if you explicitly check the designated opt-in box.

We collect and handle Quickbase® user tokens as follows:

  • In-Session Use (Default): If you provide a token without opting in to storage, it is held only in server memory for the duration of your active session and is purged automatically upon session termination. It is never written to persistent storage.
  • Opted-In Storage: If you explicitly check the “Save my token” (or equivalent) checkbox, your token is stored in encrypted form on QB Flow servers and associated with your account.
  • Purpose Limitation: Whether used in-session or stored, tokens are accessed exclusively to retrieve Quickbase® application schema data (field names, types, table structures, metadata) for the sole purpose of generating contextually accurate code output. Tokens are never used for any other purpose.
  • No Data Access Beyond Schema: Token access is scoped to the minimum required to read application structure. We do not read, retrieve, copy, or store any business records, row-level data, or personal data residing in your Quickbase® application.
  • Deletion: You may delete your stored token at any time through account settings. Upon deletion, the token is removed from all QB Flow storage systems.
  • No Sharing: Your Quickbase® token is never sold, shared, disclosed to third parties, or used for any purpose other than those stated above.

2.3 Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps;
  • Usage Data: Features accessed, code generation requests made, session duration, and interaction patterns;
  • Device Information: Device type and operating system version;
  • Cookies and Local Storage: Session cookies and functional cookies to maintain session state and user preferences (see Section 10).

2.4 Information We Do Not Intentionally Collect

We do not intentionally collect sensitive personal information such as Social Security numbers, financial account numbers, health or medical information, biometric data, or precise real-time geolocation. Do not submit such information through QB Flow.

3. How We Use Your Information

  • Service Delivery: To operate QB Flow and process your code generation requests, including using your token (if provided) to retrieve application schema data;
  • Account Management: To create, maintain, and authenticate your account;
  • Improvement: To analyze usage patterns and diagnose technical issues to improve the Application;
  • Communications: To respond to inquiries and send service-related notifications;
  • Security: To detect, prevent, and respond to fraud, abuse, unauthorized access, and security incidents;
  • Legal Compliance: To comply with applicable legal obligations, court orders, and regulatory requirements;
  • Enforcement: To enforce these Terms and other QB Flow policies.

We do not sell your personal information. We do not use your information, inputs, or Quickbase® token data for advertising, marketing to third parties, or any purpose not described in this Policy.

4. Disclosure of Information

We may disclose your information only in the following limited circumstances:

  • Service Providers: Third-party vendors that assist in operating QB Flow (e.g., cloud hosting, security monitoring), under binding confidentiality and data processing obligations;
  • Legal Requirements: When required by applicable law, subpoena, court order, or legitimate government request;
  • Safety and Security: To protect the rights, property, safety, or security of the Operator, users, or the public, including to prevent fraud or unauthorized access;
  • Business Transfers: In connection with a merger, acquisition, financing, or sale of substantially all assets, subject to customary confidentiality protections, and conditioned on the successor’s agreement to honor this Privacy Policy;
  • With Your Explicit Consent: For any other purpose clearly disclosed to you at the time of collection and affirmatively consented to by you.

We will never sell, rent, or trade your personal information or Quickbase® token data to any third party for their commercial purposes.

5. Data Retention

Personal information is retained only as long as necessary to fulfill the purposes in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Specifically:

  • Account data is retained for the duration of your active account plus a reasonable post-closure period as required by law;
  • In-session tokens are purged upon session termination and are never written to persistent storage;
  • Opted-in stored tokens are retained until you delete them through account settings or until your account is terminated;
  • Usage logs may be retained for up to twenty-four (24) months for security and operational purposes;
  • Backup copies of data may persist for a reasonable period following deletion from active systems.

6. Security

We implement commercially reasonable technical and organizational security measures to protect your information, including encryption of stored tokens, access controls, and secure transmission protocols. However, no internet transmission or electronic storage system is completely secure. We cannot guarantee absolute security and are not liable for security breaches caused by circumstances beyond our reasonable control.

In the event of a data breach affecting your personal information or stored tokens, we will notify affected users as required by applicable U.S. state breach notification laws.

YOU ARE RESPONSIBLE FOR THE SECURITY OF YOUR OWN ACCOUNT CREDENTIALS AND FOR ANY ACCESS TO YOUR QUICKBASE® APPLICATION THAT RESULTS FROM UNAUTHORIZED USE OF YOUR USER TOKEN. If you believe your token has been compromised, you should immediately revoke it within the Quickbase® platform and delete it from QB Flow.

7. Your Rights and Choices

7.1 Access and Correction

You may request access to or correction of your personal information by contacting us through the Application’s support channel. We will respond to verified requests within a reasonable time.

7.2 Deletion

You may request deletion of your account and associated personal data. Deletion of stored Quickbase® tokens may be performed directly through account settings at any time. Full account deletion requests will be processed within thirty (30) days. We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

7.3 State-Specific Privacy Rights

Depending on your state of residence, you may have additional rights under applicable state privacy law:

  • California Residents: Under the CCPA and CPRA, you may have the right to know, delete, correct, and opt out of the sale or sharing of personal information. To submit a request, contact us through the Application. We do not sell personal information.
  • Virginia Residents: Under the CDPA, you may have rights to access, correct, delete, and opt out of certain processing activities.
  • Colorado, Connecticut, Texas, Oregon, Montana, and other states: You may have similar rights under your state’s applicable comprehensive privacy statute.

We will respond to and honor verified state privacy rights requests as required by applicable law.

7.4 Token Opt-Out

You may withhold your Quickbase® token at any time by simply not providing it. Token provision is optional. Not providing a token may limit QB Flow’s ability to generate application-specific output, but core generator functionality remains available without a token for generic code generation.

8. Children’s Privacy

QB Flow is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we discover that we have collected information from a minor without appropriate parental consent, we will delete it promptly. If you believe we have collected information from a minor, contact us immediately.

9. Third-Party Links and Services

QB Flow may contain links to Quickbase, Inc.’s platform or other third-party websites and services. We are not responsible for the privacy practices, content, or security of any third-party sites. Clicking a third-party link is done at your own risk. The presence of a link does not imply endorsement by QB Flow.

10. Cookies and Tracking Technologies

  • Strictly Necessary Cookies: Required for QB Flow to function (e.g., session authentication, CSRF protection);
  • Functional Cookies: Enable user preferences and session persistence;
  • Analytics Cookies: Help us understand usage patterns to improve the Application;
  • No Advertising Cookies: We do not use cookies for targeted advertising or cross-site tracking.

You may control cookie settings through your browser. Disabling strictly necessary cookies may impair Application functionality.

11. Do Not Track

Some browsers send “Do Not Track” (DNT) signals. QB Flow does not currently alter its data collection practices in response to DNT signals, as no uniform DNT standard exists. We will revisit this as standards develop.

12. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Material changes will be communicated by posting the updated policy within the Application and updating the Effective Date. Your continued use of QB Flow after the updated policy takes effect constitutes your acceptance of the revised policy.

13. Contact

For questions or requests regarding this Privacy Policy or your personal data, contact us through the support or contact mechanism provided within the QB Flow Application. We will make reasonable efforts to respond within thirty (30) days of receiving a verified request.