Privacy Policy
Last updated: 2026-06-11
TwinFlow is a process intelligence service operated by Djoji LLC, a Florida limited liability company ("we", "us"). This policy explains what data we collect when you use TwinFlow at flowmri.io, why we collect it, where it goes, and how to delete it. We have tried to write it so that every sentence is specific and true of how the product actually works.
1. Data we collect
Account information. When you sign up, our authentication provider Clerk collects your name, email address, and sign-in identifiers. We never see or store your password — sign-in is handled entirely by Clerk. We store your email address to send you service emails (see below).
Connected tool data. When you connect a work tool, we read workflow metadata — who did what, when, and what status things moved to — and turn it into an event log for process analysis. Here is exactly what we read and what we keep, per tool:
| Tool | What we read | What we store |
|---|---|---|
| Linear OAuth (read scope) | Issue ID, title, state, assignee name, priority, labels, team and project names, created/updated/completed timestamps, and the history of status and assignee changes. | Workflow events only: issue ID, status transitions, assignee/actor names, timestamps, priority, labels. Issue titles are read but not stored. |
| Jira OAuth | Issue summary, status, assignee, priority, labels, issue type, created/updated/resolution dates, and the changelog of status and assignee changes. | Workflow events only: issue key, status transitions, assignee/actor names, timestamps, priority, labels. Summaries are read but not stored. |
| Zendesk Email + API token you provide | Ticket status, assignee ID, priority, tags, type, channel, group and organization IDs, timestamps, and audit events for status/assignee changes. | Workflow events only: ticket ID, status transitions, assignee/actor identifiers, timestamps, priority, tags. |
| GitHub Issues Personal access token you provide | Issue number, title, state, labels, assignee, milestone, comment count, timestamps, and timeline events (closed, reopened, labeled, assigned, milestoned). We do not access repository code. | Workflow events only: issue number, state transitions, assignee/actor names, timestamps, labels. Titles are read but not stored. |
| Salesforce OAuth | Case number, subject, status, priority, owner, created/closed dates, and CaseHistory records for status and owner changes. Case descriptions are not queried. | Workflow events only: case ID, status/owner transitions, actor identifiers, timestamps, priority. Subjects are read but not stored. |
| Gmail OAuth (gmail.readonly) | Thread and message metadata only — we request messages in Gmail's metadata format, which returns the Subject, To, From, and Date headers, labels, timestamps, and Gmail's short snippet preview. We never request or receive full email bodies or attachments. | Thread ID, a classified process step name (e.g. “Response Sent”), sender and recipient email addresses, message timestamps, and labels. Subject lines and snippets are used in memory to classify each message and are not stored. |
What we never collect: ticket descriptions, issue bodies, comments, email message bodies, attachments, or repository code. Our connectors do not request those fields from the tools' APIs.
Payment information. If you buy a paid plan, payment is processed by Stripe. Your card details go directly to Stripe and never touch our servers. We store only your plan tier and subscription status.
Usage and diagnostics. We use PostHog to record page views and feature usage, and Sentry to record application errors. Our Sentry configuration disables the sending of personal data by default, and session replays mask all text and media. Analytics is used to understand which features work, not to profile you.
Demo mode uses entirely synthetic, computer-generated data. No real customer data is involved in demo scans.
2. What we store
- Event logs — one row per workflow event: ticket/case ID, a step name (e.g. "In Progress"), a timestamp, the person or system that acted, and status/priority/label details.
- Process maps and metrics — the process graphs, health scores, bottleneck statistics, and AI-generated summaries derived from your event logs.
- Scan records — when each scan ran, its status, and any error message.
- OAuth tokens and API credentials — stored encrypted with AES-256-GCM. See our Security page for details.
3. How we use your data
- To run scans and build your process maps, health scores, ROI estimates, and simulations.
- To generate AI summaries, action plans, and answers to questions you ask in the app (see section 4).
- To send you service emails: a welcome email when you sign up and a weekly digest of your process health, both sent via Resend.
- To provide support and operate, secure, and improve the service.
- For anonymous benchmarking: we compare your process metrics (e.g. health score percentile) against aggregated metrics from other customers. Benchmarks and the public leaderboard never include company names, ticket data, or anything that identifies you.
We do not sell your personal information, and we do not use your data for advertising.
4. AI processing
AI features (scan summaries, action plans, the process chat, and the ROI refiner) are powered by Anthropic's Claude models via API. What we send to Anthropic is aggregated scan output — counts, rates, cycle times, step names, and bottleneck statistics — plus any text you type into the chat features. We do not send stored event logs in bulk, and we never have ticket bodies or email contents to send in the first place. Under Anthropic's commercial API terms, API inputs and outputs are not used to train Anthropic's models.
5. Subprocessors
These are the third-party services that process data on our behalf:
| Subprocessor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Application and database hosting | Finland (EU data center; German company) |
| Backblaze, Inc. | Off-site database backup storage | United States |
| Clerk, Inc. | Authentication and account management | United States |
| Anthropic, PBC | AI features (summaries, action plans, chat) | United States |
| Stripe, Inc. | Payment processing for paid plans | United States |
| Resend, Inc. | Transactional email (welcome email, weekly digest) | United States |
| PostHog, Inc. | Product analytics | United States |
| Functional Software, Inc. (Sentry) | Error monitoring | United States |
6. Where your data is processed
Our application and database run on servers in Hetzner's Helsinki, Finland data center (European Union). The subprocessors listed above process data in the United States. If you are outside the US, this means your data is processed in both the EU and the US. We keep this simple and honest for now: if cross-border processing is a concern for your organization, email us before connecting your tools.
7. Retention
- Scan data (event logs, process maps, scores) is retained while your account is active, so you can track trends over time. It is removed when you delete it or your account (see section 8).
- Our database is backed up nightly. Local backup copies are automatically deleted after 14 days. An off-site backup copy is stored with Backblaze and expires on a rolling lifecycle.
8. Deleting your data
- Disconnect a tool at any time from the Connections page. This deactivates the connection and immediately stops all data collection from that tool. Data from past scans remains available to you until you delete it or your account.
- Revoke access at the source. You can also revoke TwinFlow's OAuth access from inside Linear, Jira, Google, or Salesforce, or rotate the API token you gave us — either way our access ends.
- Delete your account. Deleting your account deactivates it and stops all processing. To have your stored data fully erased — including event logs, process maps, and credentials — email support@flowmri.io and we will complete the erasure within 30 days. Backup copies expire on the retention schedule in section 7.
- Export first if you want: your scan reports are exportable as PDF at any time.
9. Your privacy rights (including California)
If you are a California resident, the CCPA gives you the right to know what personal information we collect (this policy is the disclosure), to access it, to correct it, to delete it, and to not be discriminated against for exercising those rights. We do not sell personal information and we do not share it for cross-context behavioral advertising, so there is nothing to opt out of on that front. To exercise any right, email support@flowmri.io — we will verify the request via your account email and respond within the time the law requires. Residents of other states or countries with similar rights can use the same address; we apply the same process to everyone.
10. Security
OAuth tokens and API credentials are encrypted at rest with AES-256-GCM, traffic is encrypted in transit, sensitive values are redacted from logs, and the database is not exposed to the internet. The full, specific writeup is on our Security page.
11. Children
TwinFlow is a business tool and is not directed to anyone under 16. We do not knowingly collect data from children.
12. Changes to this policy
If we change this policy in a way that matters, we will update the date at the top and notify active customers by email before the change takes effect.
13. Contact
Djoji LLC (Florida, USA) · support@flowmri.io