← Back
AccessFlow

PRIVACY POLICY

AccessFlow — Last updated: June 10, 2026

Data Controller

SF1 Consulting

16 rue Victoire Américaine, 33000 Bordeaux, France

Data Protection Officer: Simon Frénoy

Contact: simon@access-flow.fr

Data Collected

We collect the following data to provide the AccessFlow service:

  • Identification data: first name, last name, professional email address
  • Company data: company name, software tools used, team structure
  • Connection data: OAuth tokens and API keys (stored encrypted), connection logs
  • Usage data: actions performed on the platform, onboarding and offboarding history
  • Managed employee data: name, email, role, tool access status

Purposes of Processing

Your data is processed for the following purposes:

  • Providing and improving the AccessFlow service
  • Managing your organization's software access and licenses
  • Sending service-related notifications
  • User support
  • Compliance with legal obligations

Legal Basis

  • Contract performance (Art. 6.1.b GDPR): processing necessary to provide the service
  • Legitimate interest (Art. 6.1.f GDPR): service improvement, security, fraud prevention
  • Legal obligation (Art. 6.1.c GDPR): audit log retention

Data Retention

  • Account data: retained for the duration of service use, then deleted within 30 days after termination
  • Audit logs: retained for 12 months
  • Billing data: retained for 10 years in accordance with accounting obligations

Data Recipients

Your data is never sold or transferred to third parties. It may be shared with:

  • Supabase: hosting and database (AWS eu-west-1, Ireland, EU)
  • Resend: transactional email delivery (EU infrastructure)
  • Stripe: payment processing (PCI-DSS certified)

International Transfers

Data is hosted within the European Union (Ireland, eu-west-1). No transfer outside the EU is made without appropriate safeguards.

Your Rights

Under the GDPR, you have the following rights:

  • Access: obtain a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data
  • Portability: receive your data in a structured format
  • Objection: object to certain processing activities
  • Restriction: request restriction of processing

To exercise these rights: simon@access-flow.fr

You also have the right to lodge a complaint with the CNIL ( www.cnil.fr).

Cookies

AccessFlow uses only strictly necessary technical cookies for service operation (session, authentication). No advertising or third-party tracking cookies are used.

Security

SF1 Consulting implements appropriate technical and organizational measures to protect your data: token encryption, workspace data isolation (RLS), restricted access to production data.

Policy Updates

Any substantial modification will be notified by email with 30 days notice.

Terms of Service