Privacy Policy

‍1. Who We Are and Scope of This Policy 

‍
1.1 Who We Are
ExperienceFlow.AI‍
San Francisco, California, USA
‍
You can contact us about privacy at: connect@experienceflow.ai

We’ve written this Policy to be as clear as possible about how we handle information, so you can make informed choices.
‍

‍1.2 Scope of This Policy
‍This Policy covers personal information we collect:

• When you visit, browse, or interact with the Website‍
• When you submit forms (e.g.,contact, demo requests, event registrations)
• When you engage with marketing communications that link to this Policy

‍

This Policy does not apply to:

• Data we process in our capacity as a service provider/processor for enterprise customers using our AI products and services. That processing is governed by separate contracts (e.g., NDA’s, service agreements, data processing agreements).
• Third-party websites, apps, or services that we do not control.

‍

‍2. Information We Collect
‍We collect personal information from and about you in several ways.
‍

‍2.1 Information You Provide to Us

• Contact Information: Name, business email address, phone number, company name, job title/designation, country/region.
• ‍Business & Use-Case Information: Details about your company, industry sector, areas of interest, and use-case requirements.
• ‍Communications: Content of messages and forms you submit (e.g., demo requests, partnership inquiries, support questions, feedback, survey responses, event/webinar registrations).
• ‍Preferences: Your marketing and communication preferences, including newsletter sign-ups and opt-in/opt-out choices. 

‍

‍2.2 Information Collected Automatically
‍When you use the Website, we and our service providers may automatically collect:
‍

• ‍Usage Data: Pages visited, features used, time and date of visits, referring/exit URLs, clickstream, and interactions with specific elements on the Website.
• ‍Device & Technical Data: IP address, browser type and settings, device identifiers, operating system, language, approximate location (based on IP), and similar technical information.
• ‍Cookies & Similar Technologies: Cookies, pixels, tags, and scripts that help us recognize your browser, understand how you use the Website, and improve functionality and performance. See Section 10 (Cookies & Tracking Technologies) for more details. 
  ‍

‍2.3 Information from Third Parties

‍We may receive information about you from:

• ‍Business partners and resellers (e.g., joint marketing or sales activities).
• ‍Marketing and CRM platforms/B2B Databases used for contact information, email automation, event management, and lead scoring.
• ‍Publicly available sources, such as professional networking sites and business directories.

We may combine this information with data we collect directly from you, in accordance with this Policy.

‍

‍3. How We Use Personal Information
‍We use personal information for the following purposes, and we aim to describe these uses in a clear, truthful, and non-deceptive way:
‍

‍Operating and Securing the Website

• To operate, maintain, and improve the Website and its features.
• To monitor and protect the security, integrity, and availability of our systems and data.

‍

‍Responding to You and Managing Relationships

• To respond to your inquiries, demo requests, support questions, and other communications.
• To manage our relationships with prospects, customers, partners, and vendors.

‍

‍Marketing and Business Development

• ‍To send you information about ExperienceFlow products, features, events, research, and insights, consistent with your preferences.
• To conduct account-based and B2B marketing, including segmenting communications by company size, industry, or role.
• You can opt out of marketing at any time (see Section 8).

‍

‍Analytics and Service Improvement

• ‍To analyze Website usage and engagement, understand what content and features are most useful, and improve navigation and user experience.
• To generate aggregated statistics that help us make business and product decisions. AI-Related Improvement (Website Context)‍
• We may use de-identified or aggregated information derived from Website interactions to help improve the performance, robustness, and safety of our AI-powered features and services.
• We do not use Website visitor information to make decisions that produce legal or similarly significant effects about you based solely on automated processing. Security, Fraud Prevention, and Legal Compliance‍
• To detect, investigate, and prevent fraudulent, harmful, or illegal activities.
• To comply with applicable laws, regulations, legal processes, and requests from authorities.
• To enforce our agreements and protect our rights and the rights of others.

We do not use manipulative or deceptive design practices (“dark patterns”) to obtain consent, make you share more data than you intend, or make it unreasonably difficult to exercise your privacy choices.‍

‍

4. AI-Specific Practices and Role Distinctions

Because ExperienceFlow is an enterprise AI company, it is important to distinguish between different types of data and roles:

‍

4.1 Website Data (Covered by This Policy)

This Policy covers:

• Personal information about Website visitors and business contacts (e.g., contact forms, demo requests, newsletters).
• High-level analytics about how visitors use the Website.

We may use de-identified or aggregated Website-derived data to help improve our products and AI models at a broad level (for example, understanding feature interest trends by industry). We do not intend to identify you personally within model outputs based solely on your Website interactions.

‍

4.2 Customer and End-User Data (Covered by Contracts)

For our AI products and services:

•  We generally act as a service provider/processor for our enterprise customers.
• Customer and end-user data processed in those services (including any use in AI workflows) is governed by the applicable service agreement and data processing terms, not this Policy.
• Those contracts define how we may and may not use that data, including any restrictions on using it for training or improving our models.

4.3 AI Claims and Transparency

We aim to:

• Describe our AI capabilities truthfully and without overstatement.
• Avoid making unsubstantiated or misleading AI-related claims (for example, about accuracy, autonomy, or results).
• Be clear about whether AI is used in a product and, where relevant, what its limitations are.

‍

5. How We Share Personal Information

We do not sell personal information in the traditional sense. We also do not “sell” or “share” personal information as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA, and we do not use Website personal information for cross-context behavioral advertising.

If this ever changes, we will update this Policy and provide applicable notices and opt-out mechanisms, including honoring supported browser-based signals (such as Global Privacy Control) where required by law.

We may share personal information with:

Service Providers and Vendors

• Hosting and cloud infrastructure providers.
• CRM and marketing platforms.
• Analytics providers.
• Professional advisors (e.g.,legal, accounting).

These parties are authorized to use personal information only as needed to provide services to us and are required to protect it appropriately.

Affiliates and Corporate Group

‍We may share personal information with our affiliates and related entities for purposes consistent with this Policy.

Business Transactions‍

In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, personal information may be disclosed or transferred as part of the transaction, subject to appropriate confidentiality and, where required, further notice.

‍

Legal, Regulatory, and Safety‍

We may disclose information where we believe in good faith that it is necessary to:

• Comply with laws, regulations, legal processes, or governmental requests.
• Protect the rights, property, or safety of ExperienceFlow, our users, or others.

‍

6. Data Retention

We retain personal information for as long as reasonably necessary to:

• Provide and operate the Website.
• Fulfill the purposes described in this Policy.
• Comply with legal, tax, and accounting obligations.
• Resolve disputes and enforce our agreements.

Retention periods may vary based on the type of data and the context in which it was collected. For example:

• Contact and marketing data may be retained for a period after your last interaction with us, unless you request deletion earlier.
• Technical logs may be kept for shorter periods for security and operational purposes, unless needed to investigate issues.

When personal information is no longer needed for these purposes, we will delete or de-identify it in accordance with our internal policies and applicable law.

‍

7. Data Security

We implement reasonable technical, administrative, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures are designed to be appropriate given the nature of the information and the risks associated with processing it. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

We also work to ensure that the way we describe our security practices is accurate and not misleading.

‍

8. Your Rights and Choices

8.1 Marketing Communications

You can opt out of marketing emails at anytime by:

• Clicking the “unsubscribe” link in a marketing email, or
• Contacting us at xflowmarketing@experienceflow.ai

We may still send you non-promotional messages related to your relationship with us (for example, important notices or responses to your inquiries).

‍

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know the categories of personal information we collect, the sources, the purposes for collection, and the categories of third parties to whom we disclose it.
• ‍Access specific pieces of personal information we hold about you.‍
• Delete personal information we have collected from you, subject to certain exceptions.‍
• Correct inaccurate personal information.‍
• Know whether we “sell” or “share” personal information and to opt out of such sale or sharing (we currently do not).‍
• Limit the use and disclosure of sensitive personal information, if we collect it for purposes beyond those permitted by law.‍
• Be free from discrimination for exercising your privacy rights.

To exercise your California privacy rights, you (or your authorized agent) can contact us at:

• Email: connect@experienceflow.ai

We may need to verify your identity and, where applicable, the authority of your agent before responding.

‍

8.3 Other U.S. State Rights

Residents of other U.S. states may have similar rights (for example, the right to access, delete, correct, and opt out of certain processing activities such as targeted advertising or profiling). Where such laws apply, we will honor requests consistent with those requirements. You can use the same contact methods above to submit a request.

‍

9. International Visitors and GDPR/UK GDPR

Although our policy is primarily designed around U.S. law, visitors from other countries may have additional rights.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction with comprehensive data protection laws, you may have rights such as:

• The right to be informed about how we use your personal data.
• The right of access to your personal data.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”) in certain circumstances.
• The right to restrict processing in certain circumstances.
• The right to data portability.
• The right to object to certain processing, including direct marketing.
• Rights related to automated decision-making and profiling, where applicable.

You also have the right to lodge a complaint with your local supervisory authority.

We may transfer personal data from your region to the United States or other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses or similar mechanisms) for these transfers.

To exercise these rights or ask questions, please contact us at connect@experienceflow.ai.

‍

10. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Enable core Website functionality (e.g., login sessions, security).
• Understand and measure how visitors use the Website.
• Improve content, navigation, and overall user experience.
• [If applicable] Support limited marketing or retargeting activities.

Where required by law (for example, in certain countries), we will obtain your consent before using non-essential cookies.

You can manage your cookie preferences by:

• Adjusting settings in your browser (which may allow you to block or delete cookies).
• Using our cookie banner or preference center, where available.

For more information, please see our separate Cookie Policy.

‍

11. Children’s Privacy

The Website and our services are intended for business and professional users and are not directed to children under the age of 16 (or other age as defined by local law).

We do not knowingly collect personal information from children through the Website. If you believe a child has provided personal information to us, please contact us, and we will take appropriate steps to delete such information in accordance with applicable law.

‍

12. Third-Party Websites and Services

The Website may contain links to third-party websites, content, or services. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review their privacy policies before providing any personal information.

‍

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the Policy, we will:

• Revise the at the top; and
• Provide additional notice where appropriate (for example, via a banner on the Website or email notification).

We encourage you to review this Policy periodically to stay informed about how we handle personal information.

‍

14. How to Contact Us

If you have questions, concerns, or requests regarding this Policy or our handling of personal information, you can contact:

Privacy Officer
ExperienceFlow.AI
San Francisco, California, USA
Email: connect@experienceflow.ai

‍