Privacy Policy
We protect your personal data and privacy.
We collect the information required to operate Floxoft, including account profiles, company details, workspace settings, login events, device metadata, support messages, usage telemetry, connected channel identifiers, and operational records created by users. We avoid collecting unnecessary personal data and use telemetry primarily for reliability, security, billing, and product improvement.
Workspace data is protected through tenant separation, access controls, encrypted transport, secure storage practices, audit trails, and administrative permission checks. Sensitive credentials and API tokens are handled with restricted access, and production systems are monitored for unusual activity, error spikes, and unauthorized access patterns.
Customer data is not sold or rented. Limited data may be processed by trusted infrastructure, messaging, analytics, email, storage, AI, payment, and support providers only where needed to deliver Floxoft services, complete user-requested actions, maintain integrations, prevent abuse, or satisfy legal and accounting obligations.
Workspace owners and authorized administrators may request access, correction, export, restriction, or deletion of eligible personal data. Some records may be retained where required for security, fraud prevention, tax, billing, dispute resolution, provider compliance, backups, or legal obligations.
Messages, attachments, contact profiles, notes, tags, assignments, statuses, and conversation history are processed so teams can manage customer communication across connected channels. Workspace administrators control who can view, reply, assign, export, or delete this data according to their internal responsibilities.
Floxoft may use cookies, local storage, session identifiers, and analytics scripts to keep users signed in, remember preferences, protect accounts, understand feature adoption, and diagnose performance issues. Browser settings may limit some tracking, but essential authentication and security storage is required for the platform to work correctly.
Production records are retained for as long as needed to provide the service, comply with contracts, support audits, resolve disputes, and maintain backups. Deleted workspace data may remain in encrypted backups for a limited period until backup rotation completes, after which it is no longer actively recoverable through normal support processes.
We process security events, IP addresses, user agents, rate-limit signals, failed logins, API errors, provider callbacks, and audit logs to detect abuse, protect tenants, investigate incidents, enforce terms, and maintain reliable service delivery. Access to this monitoring data is limited to operational and security purposes.
When a user enables two-factor authentication, Floxoft stores an encrypted TOTP secret key associated with their account. This secret is used exclusively to verify time-based one-time codes during login and is never shared with third parties. Disabling 2FA removes the secret from the active account record.
Depending on infrastructure and provider availability, data may be processed in jurisdictions where Floxoft or its service providers operate. We respond to valid legal, regulatory, and law-enforcement requests only after review, and when permitted we notify the affected workspace owner before disclosing customer data.
Privacy, deletion, export, security, and compliance requests should be sent through the official Floxoft support or contact channels from an authorized workspace owner account. We may verify identity, ownership, and request scope before making changes to production data or releasing exports.