HomeDocumentationContact
Sign In

Privacy Policy

Last updated: 4/25/2026

1. Data Controller Information

ProjectFlow AI acts as the data controller for personal data collected through our services. For any data protection inquiries, you can contact us at: info@nbig.co.uk

This privacy policy complies with the General Data Protection Regulation (GDPR) and applies to all users of our services.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our AI analysis services as agreed in our terms
  • Legitimate Interest: To improve our services, ensure security, and provide customer support
  • Consent: For marketing communications (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

3. Information We Collect

We collect the following categories of personal data:

  • Account Data: Email address, name, company details, and authentication information
  • Communication Data: Chat messages, files, and team communication data you choose to analyze (stored for maximum 7 days)
  • Usage Data: Log data, analytics about platform usage, and interaction patterns
  • Technical Data: IP address, browser type, device information, and cookies
  • Support Data: Communications and feedback when you contact customer support
  • Payment Data: Billing information and transaction history (processed by Stripe)

4. Third-Party Data Processors

We work with the following third-party processors to provide our services:

  • Supabase: Database and authentication services (EU-based infrastructure available)
  • Google Gemini AI: AI processing for chat analysis (Google Cloud paid services with data processing agreements)
  • Stripe: Secure payment processing, subscription management, and billing services
  • Telegram: Bot functionality storage and messaging services for automated interactions
  • Vercel: Hosting and content delivery

All third-party processors are bound by appropriate data processing agreements and security measures that comply with GDPR requirements.

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection through:

  • EU Standard Contractual Clauses with our processors
  • Adequacy decisions by the European Commission
  • Certification schemes such as Privacy Shield successors
  • Google's Data Processing Agreement for Gemini AI services

6. How We Use Your Information

We process your personal data for the following purposes:

  • Providing AI-powered analysis of your team communications using Google Gemini
  • Managing your account and authentication through Supabase
  • Processing payments and managing subscriptions
  • Sending service-related communications and support
  • Improving our services and developing new features
  • Ensuring security and preventing fraud
  • Complying with legal obligations

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: Until account deletion or 3 years of inactivity
  • Chat Messages & Files: Maximum of 7 days from upload/creation, then automatically deleted
  • Chat Analysis Data: Processed in real-time and not permanently stored unless configured by your organization
  • Usage Data: Anonymized after 2 years
  • Support Communications: 3 years from last interaction
  • Payment Data: As required by tax and accounting regulations (typically 7 years)

Note: You can delete individual chat conversations and their associated files at any time before the 7-day automatic deletion period.

8. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct or update inaccurate or incomplete data
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data
  • Right to Restrict Processing: Limit how we process your data in certain circumstances
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing at any time

βœ… Easy Data Deletion

Delete Your Account: You can permanently delete your account and all associated data at any time directly from your dashboard settings. This will immediately remove all your personal data from our systems.

Delete Individual Chats: You can delete specific chat conversations at any moment from your dashboard, giving you granular control over your communication data.

Request Data Deletion: If you prefer to keep your account but want other specific data deleted, email us at info@nbig.co.uk and we'll process your request within 30 days.

9. Data Security

We implement comprehensive security measures to protect your personal data:

  • End-to-end encryption for all chat data processing with Google Gemini
  • Secure cloud infrastructure through Supabase with SOC 2 compliance
  • Regular security audits and vulnerability assessments
  • Access controls and multi-factor authentication
  • Data minimization principles - we only collect what's necessary
  • Regular staff training on data protection practices

10. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, providing details about the nature of the breach and steps taken to address it.

11. Cookies and Tracking

We use strictly necessary cookies for authentication and service functionality. Optional analytics cookies require your consent and can be managed through your browser settings. We do not use tracking cookies for advertising purposes.

12. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

13. Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or prominent notice on our platform. Continued use after such notice constitutes acceptance of the updated policy.

14. Contact Us & Data Protection Authority

For any questions about this Privacy Policy, to exercise your rights, or for data protection inquiries:

  • Privacy & Data Protection: info@nbig.co.uk
  • General Contact: Through our website contact form
  • Response Rate: We respond to privacy requests within 30 days

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.