Legal
Privacy Policy
This privacy policy explains how JualFlow handles account, workspace, public-site, and operational information.
Last updated: 31 May 2026
1. Information We Collect
JualFlow collects account details such as name, email, workspace information, profile photo if uploaded, login/session activity, and feedback submitted in the app.
When you visit public JualFlow pages, we may collect public-site analytics such as page viewed, button clicked, referrer or source, device type, browser user agent, approximate country or region if provided by our hosting or proxy infrastructure, and a privacy-safe one-way hash of the IP address. We do not store the raw IP address for public analytics.
2. Workspace Data
When you use JualFlow, you may enter customer records, enquiries, orders, follow-ups, product or service items, documents, reward information, notes, and message templates.
3. How We Use Information
We use information to provide the app, authenticate users, protect tenant access, generate business records, show dashboards and reports, send account emails, support users, and improve JualFlow.
Public-site analytics are used for platform operations, product improvement, traffic measurement, abuse and bot detection, page performance analysis, and understanding which public content or calls-to-action are useful.
4. Tenant Data Separation
JualFlow is designed as a tenant-based SaaS platform. Workspace data is scoped to the tenant so one tenant should not see another tenant's business records.
5. Cookies and Sessions
JualFlow uses authentication cookies, CSRF protection, and session records to keep users signed in securely and to support session revoke/logout behavior.
Public pages may use a browser storage session identifier to avoid counting every visit as unrelated traffic and to support basic public analytics. This identifier is not used to expose tenant customer, order, prospect, or checkout records.
6. Public Analytics and Experiments
JualFlow records public page views, search and filter activity on Discover, directory click-throughs, and selected public calls-to-action. If we test different public page wording or layouts, we may record the experiment key, variant key, exposure, and related clicks to compare performance.
Bot traffic may be stored separately and excluded from normal platform analytics. Analytics exports are restricted to platform owner roles.
7. Email and Third Party Services
JualFlow may use email providers to send activation, invite, password reset, and account-related emails. If Google sign-in is enabled, Google provides the account name and email used for authentication.
JualFlow does not currently send public-site analytics to a third-party analytics provider. If that changes, this policy should be updated to describe the provider and purpose.
8. Data Retention
Some operational records, audit logs, notifications, sessions, and feedback may be kept for troubleshooting, security, and product improvement. Public analytics raw events are retained for up to 365 days by default. Aggregated daily public analytics rollups may be retained for up to 1,095 days by default.
Retention periods may be adjusted in platform settings or by operational policy, but JualFlow should not keep personal data longer than needed for the purpose it was collected.
9. Access and Security
JualFlow limits workspace data to authorised users and platform operational access. Public analytics dashboards and exports are restricted to platform owner roles. We use tenant scoping, role checks, session controls, CSRF protection, audit logging, and retention cleanup to reduce misuse risk.
10. Your Choices
You can update account details, manage sessions, remove your profile photo if available, and request help from your workspace admin or JualFlow support. You may also contact us to ask about access, correction, or deletion of personal data associated with your account where applicable.
11. Contact
For privacy questions, contact JualFlow support through the app or the support email configured for the platform.