Privacy Policy
Last updated: 2026-05-06 · Version: v1.0
At AutomaticFlow (operated by Ai2You, admin@2you.ai) we are committed to protecting your privacy. This policy describes what data we collect, why, and your rights.
1. Data we collect
We collect: (a) account data (email, name, organization, role); (b) usage metadata (deployed apps, AI token consumption); (c) technical cookies required for operation; (d) analytics (Umami self-hosted) and marketing cookies only with your explicit consent.
2. Legal basis for processing
We process your data under the following bases: contract performance (account and service); consent (marketing, analytics); legal obligation (billing, GDPR audit log); legitimate interest (security, fraud prevention).
3. Data retention
Active account: as long as you keep your account. After cancellation: 30-day grace period, then deletion unless legal obligation applies (billing 7 years, audit log 5 years per GDPR/LOPDGDD).
4. Sharing with third parties
We do not sell your data. We share with: Resend (transactional email provider, EU), Stripe (payment gateway, EU + USA under SCC), AI providers (OpenAI/Anthropic/Mistral only if you use BYOK or AF tokens — we never send unnecessary PII).
5. Your rights
You have the right to: access, rectification, erasure, restriction, portability and objection. You can exercise them from your privacy panel or by emailing admin@2you.ai. Details at GDPR rights.
6. International transfers
Data stored on Contabo VPS (Germany, EU). Some providers (Stripe, certain AI APIs) may process data in the USA under Standard Contractual Clauses (SCC) approved by the European Commission.
7. Contact and complaints
Controller: Ai2You — admin@2you.ai. You can file a complaint with the AEPD (Spain) if you believe your rights have not been respected.