Privacy Policy

Last Updated: April 16, 2026

1. Introduction

GoldenFlow AI (“Company,” “we,” “us,” or “our”) is an AI automation agency headquartered in Chicago, Illinois. We provide AI-powered workflow automation services, consulting, and managed automation solutions to small and medium-sized businesses.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our services, or otherwise interact with us. Please read this policy carefully. By accessing our website or engaging our services, you agree to the terms described herein.

If you do not agree with the terms of this Privacy Policy, please do not use our website or services.

2. Information We Collect

2.1 Information You Provide Directly

We may collect personal information that you voluntarily provide when you:

• Fill out a contact form or inquiry on our website
• Schedule a discovery call or workflow audit
• Enter into a service agreement or retainer contract with us
• Communicate with us via email, phone, or messaging platforms
• Provide access to your business tools, accounts, or systems for the purpose of building automations

This information may include your name, business name, email address, phone number, billing address, payment information, and details about your business operations.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

• IP address and approximate geographic location
• Browser type and version
• Pages visited and time spent on each page
• Referring website or source
• Device type and operating system

This information is collected through cookies, web beacons, and similar tracking technologies. You may disable cookies in your browser settings; however, doing so may affect certain functionality of our website.

2.3 Business Data Accessed in the Course of Services

To deliver our automation and AI services, we may require access to your business accounts, platforms, or data (e.g., CRM systems, email accounts, scheduling tools, databases). Any such access is limited strictly to what is necessary to perform the agreed-upon services. We do not sell, share, or retain your business data beyond what is required to deliver and maintain your automations.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries, schedule calls, and provide requested information about our services
• To deliver, maintain, and improve the automation workflows and AI agents we build for you
• To process payments and manage billing
• To send service-related communications, including updates, invoices, and support messages
• To send marketing communications, where you have opted in to receive them
• To comply with legal obligations and enforce our agreements
• To protect the rights, safety, and security of GoldenFlow AI, our clients, and the public

We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit written consent.

4. Legal Basis for Processing (Illinois & U.S. Applicable Law)

GoldenFlow AI operates under applicable U.S. federal and Illinois state law. We process your personal information based on one or more of the following grounds:

• Performance of a contract. Processing necessary to provide the services you have requested or contracted for
• Legitimate business interests, such as improving our services, preventing fraud, and conducting outreach to prospective clients, provided these interests are not overridden by your rights
• Legal compliance, where processing is required by applicable law
• Consent, where you have given explicit consent for a specific processing activity, such as receiving marketing communications

5. Sharing of Information

We may share your information with third parties only in the following limited circumstances:

• Service providers: We use third-party vendors to operate our business (e.g., payment processors, email platforms, hosting providers). These vendors are contractually required to handle your data securely and only as directed by us.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or other governmental or legal process.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. You will be notified of any such change.
• With your consent: We may share information for any other purpose with your prior written consent.

We do not sell, rent, or trade your personal information to third-party marketers or data brokers.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Client records and project files are retained for a minimum of three (3) years following the end of our engagement, for tax, accounting, and legal compliance purposes.
• Marketing-related contact information is retained until you opt out or request deletion.
• Website analytics data is retained in aggregated, anonymized form and may be kept indefinitely.

Upon request, we will delete or anonymize your personal information, subject to applicable legal retention requirements.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encrypted storage of sensitive credentials and client data
• Use of reputable, SOC 2-compliant third-party platforms where applicable
• Access controls limiting data access to authorized personnel only
• Regular review of our data handling and security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention obligations.
• Opt-out of marketing: Unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing communication or contacting us directly.
• Data portability: Request that we provide your personal information in a structured, machine-readable format.

To exercise any of these rights, please contact us using the information in Section 12 below. We will respond to all verified requests within 30 days.

9. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance user experience, analyze site traffic, and support marketing activities. Types of cookies we may use:

• Essential cookies: Required for core website functionality.
• Analytics cookies: Used to understand how visitors interact with our site (e.g., Google Analytics).
• Marketing cookies: Used to deliver relevant advertisements and track campaign effectiveness.

You may manage your cookie preferences through your browser settings or a cookie consent tool on our website. Opting out of analytics or marketing cookies will not affect your ability to use our core services.

10. Third-Party Links and Services

Our website or service documentation may contain links to third-party websites or references to third-party tools and platforms (e.g., n8n, Make, Zapier, HubSpot, Stripe). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our work together.

GoldenFlow AI is not responsible for the privacy practices or content of third-party websites or services.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take prompt steps to delete such information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

GoldenFlow AI
Chicago, Illinois
Email: Ryan@Goldenflowai.com
Website: www.goldenflowai.com

We will respond to all privacy-related inquiries within 30 days of receipt.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website.

Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.