Privacy Policy

Last updated: November 5, 2025

1. Introduction

ResourceFlow AI ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, company details)
  • Employee data uploaded to our platform (names, contact information, employment details, performance data)
  • Usage data and analytics
  • Communications with our support team

3. Privacy-First AI Architecture

ResourceFlow AI employs a unique three-layer privacy protection system:

3.1 Private, Sandboxed AI Models

All AI processing occurs within dedicated, isolated model instances that are:

  • Deployed exclusively for your organization
  • Never shared with other customers
  • Completely isolated from external AI services
  • Never used to train models for other customers
  • Fully controlled within your data sovereignty boundaries

3.2 Automatic PII Redaction

Before any data is processed by our AI systems:

  • Personally Identifiable Information (PII) is automatically detected using advanced pattern recognition
  • PII fields are replaced with tokenized references
  • Original data is stored separately in encrypted form
  • De-tokenization only occurs for authorized users with proper access controls
  • AI models never process raw PII data

3.3 Database Encoding and Encryption

All customer data is protected through multiple layers of encryption:

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Field-level encryption for sensitive data columns
  • Customer-managed encryption keys (CMEK) available for Enterprise customers
  • Regular security audits and penetration testing

4. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Generate predictive analytics and workforce insights
  • Improve and optimize our platform
  • Communicate with you about updates and support
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Data Sovereignty and Control

Your data remains under your complete control at all times. We never sell, rent, or share your data with third parties for their marketing purposes. Your data is never used to train AI models for other customers or external purposes.

6. Third-Party Services

We use carefully vetted third-party service providers only for essential infrastructure services (hosting, monitoring, analytics). These providers are contractually bound to protect your data and cannot use it for their own purposes. Importantly, we do not send your HR data to external AI providers like OpenAI, Anthropic, or similar services.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. Upon account termination, we will securely delete your data within 90 days unless legally required to retain it longer.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

9. International Data Transfers

For customers outside the United States, we ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) and compliance with regional regulations such as GDPR.

10. Security Measures

We implement industry-leading security measures including:

  • SOC 2 Type II compliance
  • ISO 27001 certification
  • Regular security audits and penetration testing
  • Role-based access controls (RBAC)
  • Multi-factor authentication (MFA)
  • Continuous monitoring and threat detection

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@resourceflow.ai

Address: ResourceFlow AI Privacy Team