GDPR Compliant

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information when you use our notification and announcement platform.

Last updated: January 10, 2026

1. Introduction

Welcome to AnnounceFlow. We are a notification and announcement management platform that helps organizations—from small startups to large enterprises—communicate effectively with their audiences through targeted notifications, announcements, and updates.

What this policy covers: This Privacy Policy explains in plain language what personal information we collect, why we collect it, how we use and protect it, and what rights you have over your data. We've written this policy to be as clear and accessible as possible, avoiding legal jargon wherever we can.

Who this policy applies to:

  • Platform Users: If you've created an AnnounceFlow account to send notifications or manage announcements
  • Subscribers: If you receive notifications or announcements from organizations using our platform
  • Website Visitors: If you browse our website without creating an account
  • Support Contacts: If you've reached out to us for help, questions, or feedback

Quick Summary: We collect only what we need, we never sell your data, and you can delete your information at any time. If you have any questions after reading this policy, our team is always happy to help.

2. Our Values and Privacy Principles

Before diving into the details, we want you to understand the principles that guide every decision we make about your data. These aren't just words—they're commitments we hold ourselves accountable to:

  • Your Data Belongs to You: Think of us as a secure vault for your information, not the owner. You entrust your data to us, and we take that responsibility seriously. You can access, export, or delete your data whenever you want—no questions asked, no hoops to jump through.
  • We Only Collect What We Actually Need: We practice "data minimization," which means we never collect information "just in case" we might need it later. Every piece of data we ask for has a specific purpose.
  • No Surprises, Ever: We believe in complete transparency. If we change how we use your data, we'll tell you before it happens, not after.
  • Privacy Built In, Not Bolted On: When our engineers design new features, privacy is part of the conversation from day one. This approach is called "privacy-by-design."

3. Information We Collect

Information You Provide Directly

  • Email Address: Your primary way of logging in and receiving important notifications.
  • Account Details: When you sign up, you create a username and password. Your password is encrypted using industry-standard hashing (bcrypt).
  • Profile Information: You may choose to add your name, profile picture, organization name, job title, or time zone. All of these are optional.
  • Payment Information: If you subscribe to a paid plan, our payment processor handles your credit card details. We never store your full card number.
  • Support Communications: When you email us or use our chat support, we keep records of those conversations.

Information Collected Automatically

  • Device & Browser Info: Browser type, operating system, and device type to ensure our platform works smoothly.
  • IP Address: Helps us detect suspicious login attempts and prevent fraud.
  • Usage Data: Which features you use and how often.
  • Log Files: Access times, pages viewed, and system errors for troubleshooting.

What We NEVER Collect:

We do not collect sensitive personal categories such as racial or ethnic origin, political opinions, religious beliefs, health information, or sexual orientation. We also don't collect information about children under 16 years of age.

4. Why We Process Personal Information

To Provide Our Core Service

  • Delivering notifications and announcements
  • Managing your account securely
  • Personalizing your experience

To Communicate with You

  • Essential notifications (password resets, security alerts)
  • Product updates & tips (only if you opt in)

To Improve and Protect Our Platform

  • Analytics & research
  • Security monitoring
  • Bug fixes & performance improvements

The Bottom Line: We never process your data without a clear, justifiable reason. If a new use case arises, we'll update this policy and notify you before proceeding.

5. Legal Basis for Processing

Under privacy laws like GDPR (Europe), we need a valid legal reason to process your personal data:

  • When You Give Us Permission (Consent): For marketing emails and optional features
  • When It's Necessary for Our Contract: Essential data processing to provide the service
  • When We Have a Legitimate Business Interest: Analytics and improvements that benefit both parties
  • When the Law Requires It: Legal obligations like tax records

6. Your Rights Over Your Information

Right to Access

Request a complete copy of all personal data we hold about you. We'll provide this within 30 days.

Right to Correction

If any information we have is inaccurate, you can request a correction.

Right to Deletion

Request that we delete your personal data. We'll process your request within 30 days.

Right to Data Portability

Request your data in a structured, machine-readable format (JSON or CSV).

Right to Object

Object to processing based on our legitimate interests.

Right to Withdraw Consent

Withdraw consent for marketing at any time via unsubscribe links.

7. Data Sharing and Disclosure

Service Providers

We work with carefully selected third-party companies that help us run our platform. Each one is contractually bound to protect your data:

  • Cloud Hosting
  • Email Delivery
  • Payment Processing
  • Analytics
  • Customer Support

Legal Requirements

We may disclose your information if required by law, court orders, or valid legal requests.

Our Iron-Clad Promise:

AnnounceFlow NEVER sells, rents, or trades your personal information to third parties for their marketing purposes. We never have, and we never will.

8. International Data Transfers

Our servers and service providers are located in various countries, primarily in the United States and European Union. We protect international transfers through:

  • Standard Contractual Clauses (SCCs): Legal contracts approved by the European Commission
  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Additional Safeguards: Encryption and access controls

9. Data Retention

We retain your personal information only as long as necessary. Specific retention periods:

  • Account Data: While active + 90 days after deletion
  • Notification Content: 2 years
  • Usage Analytics: 26 months
  • Support Conversations: 3 years
  • Billing Records: 7 years (legal requirement)
  • Security Logs: 1 year

10. Automation and Machine Learning

We use automated systems to improve your experience:

  • Smart delivery timing suggestions
  • Spam and abuse detection
  • Personalized recommendations
  • Anomaly detection for security

Your Right to Human Review: If any automated decision affects you, you can always request human review by contacting our support team.

11. Security Measures

Technical Safeguards

  • Encryption in Transit (TLS 1.3)
  • Encryption at Rest (AES-256)
  • Secure Password Storage (bcrypt hashing)
  • Two-Factor Authentication (2FA)
  • Regular Security Testing

Organizational Safeguards

  • Access Controls
  • Employee Training
  • Incident Response Procedures
  • Vendor Security Assessment

12. Cookies and Tracking Technologies

Types of Cookies We Use

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Help us understand usage (optional)
  • Preference Cookies: Remember your settings (optional)

You can control cookies through our consent banner, browser settings, or account settings.

13. Changes to This Privacy Policy

  • Minor Changes: Updated "Last Updated" date
  • Significant Changes: Email notification at least 30 days before
  • Urgent Changes: Notification as soon as possible

14. Contact Us

We believe open communication is essential to trust. If you have questions, concerns, or requests, we're here to help.

Privacy Team

Best for data requests, privacy questions, and exercising your rights.

devteam@sabaiinnovations.com

General Support

Best for account help, feature questions, and technical issues.

support@sabaiinnovations.com

Regulatory Complaints: You have the right to lodge a complaint with your local data protection authority. For EU residents, find your authority at edpb.europa.eu.