Skip to main content

Privacy Policy

Last updated: April 4, 2026

Overview

This Privacy Policy explains how BuyFlow.Dev ("BuyFlow", "we", "us") collects, uses, stores, and discloses information when you use our Slack-based purchase request service (the "Service").

BuyFlow generally acts as a service provider or data processor on behalf of its customers. Our customers remain the controllers or business owners of the data they submit to the Service.

What Data We Process

Account & Workspace Information

  • Slack workspace identifiers
  • Slack user IDs and display names
  • Organization, workspace, and account configuration details

Slack Integration Data

  • Slash commands, modal submissions, interactive actions, and direct messages exchanged with the BuyFlow app as part of the workflow
  • Purchase request details submitted through BuyFlow workflows
  • Approval, rejection, forwarding, and related workflow actions

BuyFlow does not read or monitor public channels, private channels, or conversations except for app interactions and direct messages required to operate the workflow.

QuickBooks Integration Data

  • Vendor lists (read-only)
  • Purchase order details required to create purchase order records

BuyFlow does not modify or delete existing QuickBooks records except as required to create records initiated by the customer workflow, and does not analyze, mine, or sell customer financial data.

Billing & Usage

  • Subscription status and plan details
  • Basic usage metrics (e.g. number of requests processed)

BuyFlow does not store payment card details. Payments, if any, are handled by third-party payment processors.

Customers should not submit payment card numbers, bank account details, government identifiers, health information, or other highly sensitive personal data through BuyFlow unless expressly supported in writing by BuyFlow.

How We Use Data

We process data solely to:

  • Operate, provide, maintain, and support the Service
  • Route purchase requests and approvals
  • Create purchase order records in QuickBooks when initiated by the customer workflow
  • Maintain security, reliability, fraud prevention, and basic service analytics
  • Communicate service, billing, product, legal, or security-related notices

We do not use customer data for advertising, resale, or training AI models.

Required Connection Permissions

BuyFlow requires both Slack and QuickBooks connections to operate. During OAuth connection, we request only the scopes needed for the workflow.

Slack Bot Permissions

  • commands to receive slash commands
  • chat:write to send workflow messages
  • im:write and im:history to send and track direct-message approvals
  • users:read and users:read.email to identify requesters and approvers

QuickBooks Permissions

  • Accounting scope to read vendors and create purchase order records for approved requests

Data Retention

We retain data only while:

  • A customer account is active, or
  • Integrations with Slack or QuickBooks remain connected

When a customer disconnects Slack or QuickBooks, closes an account, or requests deletion, we will delete or de-identify customer data within 60 days unless longer retention is required by law or reasonably necessary for security, fraud prevention, billing, or dispute resolution.

Data Sharing

We share data only with:

  • Slack and Intuit (QuickBooks), as enabled by the customer
  • Trusted service providers that support hosting, analytics, security, customer support, or billing

We do not sell personal information.

Security

We use reasonable administrative, technical, and organizational measures designed to protect data. No system is perfectly secure, and customers are responsible for safeguarding their credentials and maintaining appropriate internal access controls.

International Processing

Data may be processed in countries where we or our service providers operate. Those jurisdictions may have data protection laws that differ from the laws of your jurisdiction.

Children's Privacy

The Service is intended for business use and is not directed to children under 13.

Changes

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on this page and revise the "Last updated" date.

Contact

For questions about this Privacy Policy or data requests, contact: support@buyflow.dev

General inquiries: info@buyflow.dev