Privacy Policy

Last updated: January 2026

1. Introduction

YesFlow (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our secure delivery and payment platform for creative freelancers.

YesFlow is operated from Ireland and is subject to the General Data Protection Regulation (GDPR) and applicable Irish data protection laws.

2. Data Controller

YesFlow is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us at: privacy@yesflow.io

3. Information We Collect

3.1 Information from Freelancers

When you create an account as a freelancer, we collect your name and email address. If you upgrade to a Pro account, you may optionally upload a business logo for use on delivery links. Payment information is collected and processed directly by Stripe; we do not store your full payment card details on our servers.

3.2 Information from Clients

When clients access delivery links and make payments, we collect their name and email address for delivery confirmation purposes. Payment processing is handled entirely by Stripe Connect. We receive transaction confirmations but do not store client payment card details.

3.3 Files and Content

Freelancers upload files to our platform for secure delivery to clients. These files are stored with watermark protection until payment is confirmed, after which the original unwatermarked files become accessible to the client.

3.4 Automatically Collected Information

We automatically collect certain information when you visit our platform, including your IP address, browser type, device information, pages visited, and referring URLs. This information is collected through cookies and similar technologies as described in Section 7.

4. How We Use Your Information

We use your information to provide and maintain our platform services, including secure file delivery and payment processing. We also use your data to communicate with you about your account, deliveries, and transactions, as well as to send you service-related notifications. With your consent, we may send marketing communications about new features and updates. We analyse usage patterns to improve our platform and user experience, and we use your information to detect, prevent, and address technical issues and security concerns.

6. Third-Party Services

We share data with trusted third-party service providers who assist in operating our platform.

Supabase provides our database and file storage infrastructure. Your account data and uploaded files are stored on Supabase servers.

Stripe Connect handles all payment processing. When you make or receive payments, your payment information is processed directly by Stripe in accordance with their privacy policy.

Google Analytics helps us understand how users interact with our platform. This service collects anonymised usage data to help us improve our services.

Resend powers our transactional and marketing email communications, including delivery notifications and account updates.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform.

Essential Cookies: These cookies are strictly necessary for the operation of our platform. They enable core functionality such as user authentication, session management, and security features. These cookies cannot be disabled as the platform cannot function properly without them.

Analytics Cookies: With your consent, we use Google Analytics cookies to collect information about how you use our platform. This helps us understand user behaviour and improve our services. You can opt out of analytics cookies through our cookie consent banner or your browser settings.

When you first visit our platform, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers operate.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and other legally recognised transfer mechanisms.

Our service providers, including Supabase, Stripe, and Google, maintain their own data protection commitments and certifications.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data is retained for the duration of your account and deleted when you close your account.
  • Uploaded files remain stored until you delete them or delete your account.
  • Transaction records are retained as required by law for tax and legal compliance purposes, typically for a period of seven years.
  • Analytics data is retained in anonymised form.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain information.

10. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data in certain circumstances.
  • Right to Restriction: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@yesflow.io. We will respond to your request within one month.

You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not handled your data appropriately.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls limiting data access to authorised personnel

While we strive to protect your data, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

YesFlow is intended for users aged 18 and over. Users under 18 may use the platform with parental or guardian consent and supervision.

We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected data from a child without appropriate consent, please contact us immediately at privacy@yesflow.io.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our platform and updating the “Last updated” date.

We encourage you to review this policy periodically. Your continued use of YesFlow after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@yesflow.io

We aim to respond to all inquiries within 30 days.

Back to top