언어를 선택하세요
Choose your language
REFLO logoREFLO

Legal · English

Privacy Policy

This Privacy Policy explains how REFLO collects, uses, shares, and protects personal information when you use our desktop app, Account Hub, and Cloud History services.

Effective date: 2026-05-23 · Last updated: 2026-05-23

See also: Terms of Service

1. Scope and Controller

REFLO ("REFLO," "we," "us," or "our") operates the REFLO desktop application, Account Hub website, Cloud History API, and related services (the "Services").

For purposes of the EU General Data Protection Regulation (GDPR), UK GDPR, and similar laws, REFLO is the data controller for personal information described in this policy unless we state otherwise for organization/team features processed on behalf of a customer.

Contact: privacy@reflo.app (privacy) · support@reflo.app (support)

2. Information We Collect

We collect the following categories of information:

  • Account and profile data: name, email address, password hash, organization/team membership, and account preferences.
  • Billing data: subscription status, plan identifiers, and payment-related metadata processed by Paddle (we do not store full payment card numbers).
  • Usage and device data: app version, operating system, diagnostic logs, crash reports, and feature usage needed to operate and secure the Services.
  • Cloud History and sync data: file metadata, version history, storage usage, connection tokens, and encrypted or chunked content you choose to store in Cloud History.
  • Communications: support requests, email delivery events (magic links, invites), and operational notices.
  • Website data: cookies or similar technologies on the Account Hub for authentication sessions and security (see Section 9).

3. Sources of Information

We collect information directly from you, automatically when you use the Services, from your organization administrator (for team accounts), and from service providers such as payment processors and infrastructure hosts.

4. How We Use Information

We use personal information to:

  • Provide, maintain, and improve the Services (including backups, versioning, search, and sync).
  • Authenticate users and manage accounts, entitlements, and organization access.
  • Process subscriptions, invoices, and tax compliance through our payment partner.
  • Send transactional messages (sign-in links, security alerts, billing notices).
  • Monitor performance, debug issues, prevent fraud and abuse, and comply with law.
  • With your consent or as permitted by law, send product updates or marketing (you may opt out).

6. How We Share Information

We do not sell your personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). We do not share personal information for cross-context behavioral advertising.

We share information with service providers under contracts that limit their use to providing services to us, such as cloud hosting and database providers, our payment processor (Paddle), email delivery providers, and analytics or error reporting tools where enabled.

7. International Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms for transfers from the EEA, UK, or Switzerland.

8. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services, resolve disputes, enforce agreements, and comply with legal obligations.

Cloud History content is retained according to your plan, storage policies, and deletion requests. Backups may persist for a limited period after deletion for disaster recovery.

9. Cookies and Similar Technologies

The Account Hub uses essential cookies (or equivalent local storage) for authentication sessions and security. We do not use non-essential advertising cookies on the Account Hub.

You can control cookies through your browser settings; disabling essential cookies may prevent sign-in.

10. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

11. Your Privacy Rights

Depending on your location, you may have the right to access, correct, delete, restrict, or object to processing of your personal information, and to data portability.

EEA/UK residents may lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA) have the right to know categories of data collected, request deletion, correct inaccurate data, and opt out of sale/sharing (we do not sell personal information). You will not be discriminated against for exercising these rights.

To exercise rights, email privacy@reflo.app with enough information to verify your account. We respond within timelines required by applicable law.

12. Children's Privacy (COPPA)

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information without verifiable parental consent, we will delete it promptly.

13. Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects without human review, except for security and anti-abuse measures (e.g., blocking suspicious sign-in attempts).

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy with an updated effective date and provide additional notice where required by law.

15. Contact Us

Privacy inquiries and data subject requests: privacy@reflo.app

General support: support@reflo.app

This document is provided in English for global users. It is not legal advice. For questions, contact privacy@reflo.app.