Skip to main content

Privacy Policy

Last updated: February 7, 2026

Overview

This Privacy Policy explains how BuyFlow.Dev ("BuyFlow", "we", "us") processes information when you use our Slack-based purchase request service (the "Service").

BuyFlow acts as a service provider and data processor. Our customers remain the data controllers of their data at all times.

What Data We Process

Account & Workspace Information

  • Slack workspace identifiers
  • Slack user IDs and display names
  • Organization and account configuration details

Slack Integration Data

  • Messages and structured inputs exchanged only with the BuyFlow bot
  • Purchase request details submitted through BuyFlow workflows
  • Approval or rejection actions related to those requests

BuyFlow does not monitor Slack channels or conversations. We process only messages explicitly sent to or generated by the BuyFlow bot as part of the workflow.

QuickBooks Integration Data

  • Vendor lists (read-only)
  • Purchase order details required to create purchase orders

BuyFlow does not modify or delete existing QuickBooks records and does not analyze, mine, or sell financial data.

Billing & Usage

  • Subscription status and plan details
  • Basic usage metrics (e.g. number of requests processed)

BuyFlow does not store payment card details. Payments are handled by third-party payment processors.

How We Use Data

We process data solely to:

  • Operate and provide the Service
  • Route purchase requests and approvals
  • Create purchase orders in QuickBooks upon approval
  • Maintain security, reliability, and basic usage analytics
  • Communicate service, billing, or security-related notices

We do not use customer data for advertising, resale, or training AI models.

Required Connection Permissions

BuyFlow requires both Slack and QuickBooks connections to operate. During OAuth connection, we request only the scopes needed for the workflow.

Slack Bot Permissions

  • commands to receive slash commands
  • chat:write to send workflow messages
  • im:write and im:history to send and track direct-message approvals
  • users:read and users:read.email to identify requesters and approvers

QuickBooks Permissions

  • Accounting scope to read vendors and create purchase orders for approved requests

Data Retention

We retain data only while:

  • A customer account is active, or
  • Integrations with Slack or QuickBooks remain connected

Customers may request deletion of their data. We will complete deletion within 60 days, subject to legal obligations.

Data Sharing

We share data only with:

  • Slack and Intuit (QuickBooks), as enabled by the customer
  • Trusted service providers that support hosting, analytics, or billing

We do not sell personal information.

Security

We use reasonable administrative and technical measures to protect data. No system is perfectly secure, and customers are responsible for safeguarding their credentials.

International Processing

Data may be processed in locations where we or our service providers operate. These locations may have different data protection laws.

Children's Privacy

The Service is intended for business use and is not directed to children under 13.

Changes

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last updated" date.

Contact

For questions about this Privacy Policy or data requests, contact: support@buyflow.dev

General inquiries: info@buyflow.dev

Send us Feedback