Privacy Policy
This Privacy Policy explains how Fastflo (”Fastflo”, “we”, “us”, or “our”) collects, uses, shares, and safeguards personal information. It applies to:
- Visitors to our websites and pages we operate (the “Sites”);
- Prospective and current business customers, their personnel, and other business contacts;
- Individuals who interact with our products and services (the “Services”), including integrations with applicant tracking systems (ATS) and messaging channels (e.g., WhatsApp Business);
- Job applicants who apply to work at Fastflo.
This Policy does not apply where Fastflo processes personal data as a processor on behalf of a business customer (for example, candidates’ data synchronized from a customer’s ATS to the Fastflo platform). In those cases, the customer’s privacy policy controls. Our role and obligations as a processor are governed by our Data Processing Addendum (DPA).
1) Who We Are and How to Contact Us
Controller (for the Sites and our direct business relationships):
Fastflo
Email: privacy@fastflo.ai
If you are in the EEA, UK or Switzerland and wish to contact our EU/UK representative (if appointed) or our Data Protection Officer (if appointed), please email privacy@fastflo.ai for the latest contact details.
2) Personal Information We Collect
2.1 Information you provide directly
- Business contact details (name, work email, job title, company, phone) when you request a demo, subscribe to updates, or contract with us.
- Account/admin data for the Services (names, emails, roles/permissions, usage preferences).
- Content you submit (support requests, survey responses, feedback).
- Recruitment data for Fastflo roles (CV/resume, cover letter, employment history, qualifications, interview notes).
2.2 Information we receive from your organization or third parties
- ATS data (e.g., from Workday or other ATS) and scheduling/calendar data transmitted by or for a business customer to enable the Services.
- Messaging identifiers (e.g., WhatsApp numbers) and conversation metadata supplied or authorized by a customer for recruiting communications.
- Partners and vendors may provide contact details and usage/engagement information.
2.3 Information collected automatically
- Log and device data (IP address, browser type, device identifiers, pages viewed, referring/exit pages, timestamps).
- Usage analytics (feature interactions, performance metrics, crash/diagnostic data).
- Cookies and similar technologies. See our Cookie Notice for details and controls.
We do not intentionally collect sensitive personal data via the Sites. Where the Services process special categories of data at a customer’s direction (e.g., disability accommodations), this occurs under the DPA and the customer’s lawful basis and notices.
3) How We Use Personal Information (Purposes & Legal Bases)
We use personal information to:
- Provide and operate the Sites and Services; create and manage accounts; provide integrations (e.g., ATS/WhatsApp) and customer support (contract; legitimate interests).
- Secure the Services, prevent fraud and abuse, troubleshoot, and perform diagnostics (legitimate interests; legal obligations).
- Improve and develop the Services, including analytics, research and quality assurance (legitimate interests).
- Communicate with you about product updates, security notices, and administrative messages (contract; legitimate interests).
- Recruit candidates and manage applications for Fastflo roles (legitimate interests; consent where required).
- Comply with laws, regulations, and enforce our agreements (legal obligations; legitimate interests).
If we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
4) How We Share Information
We do not sell personal information. We may share personal information with:
- Service providers / subprocessors who host, store, transmit or otherwise process data for us (e.g., cloud infrastructure, messaging delivery, email, analytics, support ticketing). They are bound by contracts to protect your information and use it only for our instructions.
- Business partners involved in providing or integrating the Services (e.g., ATS providers and messaging platforms) as instructed by you or your organization.
- Professional advisers (legal, accounting, insurance) under confidentiality.
- Authorities where required by law or to protect rights, safety, and security.
- Corporate transactions (merger, acquisition, financing, or sale) subject to customary safeguards.
When we act as a processor for a customer, we share data only as permitted by that customer and our DPA.
5) International Data Transfers
We operate in the United States and may transfer personal information to countries that may not have the same data protection laws as your jurisdiction. Where required, we use appropriate safeguards, such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and/or other lawful transfer mechanisms. Details are available in our DPA and upon request.
6) Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to comply with legal, accounting or reporting requirements, resolve disputes, and enforce agreements. Criteria include the type of data, the nature of our relationship, and legal obligations. We may retain de‑identified or aggregated data for analytics.
7) Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, logging/monitoring, secure development practices, and vendor risk management. No method of transmission or storage is 100% secure; if we learn of a security incident affecting personal information, we will notify affected parties as required by law.
8) Your Rights & Choices
8.1 EEA/UK/Swiss Individuals
Subject to conditions and exceptions under applicable law, you may have the right to access, rectify, erase, restrict or object to processing, and data portability. You also have the right to lodge a complaint with a supervisory authority (e.g., your local authority or the Irish DPC/UK ICO). Where processing is based on consent, you may withdraw consent at any time.
8.2 California Residents (CCPA/CPRA)
We act as a business for the Sites and our own marketing and HR activities, and as a service provider/contractor when processing data for customers via the Services.
Your rights may include: know/access, correct, delete, opt out of sale or sharing of personal information, and limit the use of sensitive personal information. We do not sell personal information or share it for cross‑context behavioral advertising. To exercise rights, see Section 9.
8.3 Marketing Choices and Cookies
You can opt out of marketing emails via the unsubscribe link. You can manage cookies via our Cookie Notice and your browser/device settings.
9) How to Exercise Your Rights
Submit requests to privacy@fastflo.ai with your name, email, the nature of your request, and your country/state of residence. We may need to verify your identity. Authorized agents may submit requests on your behalf where permitted by law and with appropriate authorization.
When we process your information as a processor for a customer, please direct your request to that customer. We will support the customer in responding per our DPA.
10) Children’s Privacy
The Sites and Services are intended for business use and are not directed to children under 16 (or as defined by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact privacy@fastflo.ai.
11) Third‑Party Links and Services
The Sites may link to third‑party websites and services. Their privacy practices are governed by their own policies. Where you use messaging or social platforms (e.g., WhatsApp Business) or third‑party ATS integrations, your use is also subject to those providers’ terms and policies.
12) Google API Services
If you enable any Fastflo features that connect to Google services, the use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
13) Changes to This Policy
We may update this Policy from time to time. The “Last updated” date will reflect the latest changes. Material changes will be announced via the Sites or by direct notice where appropriate. Your continued use of the Sites or Services after an update indicates acceptance.
14) Additional Regional Disclosures
We may provide additional notices for specific regions (e.g., Brazil, Canada, Australia). Where these apply, they will supplement this Policy.
15) Definitions
Personal information / personal data means information that identifies or relates to an identifiable individual. Process(ing) means any operation performed on personal information. Controller / business and processor / service provider/contractor have the meanings given in applicable data protection laws.
16) Notice at Collection for California Residents
Categories of personal information collected: Identifiers (e.g., name, email, IP); commercial information (e.g., subscription history); internet/technical activity (e.g., logs, analytics); professional/employment‑related information (e.g., job title); inferences drawn from the foregoing; and for HR applicants, the categories disclosed in Section 2.1.
Sources: You; your organization; our service providers and partners; cookies/trackers; public sources.
Purposes: As described in Section 3.
Disclosure for business purposes: We disclose the above categories to service providers/contractors and, where applicable, business partners, as outlined in Section 4. We do not sell or share personal information for cross‑context behavioral advertising.
Retention: See Section 6.
Sensitive personal information: We do not use or disclose sensitive personal information for purposes requiring a right to limit under the CPRA.
Contact
Questions about this Policy? Email privacy@fastflo.ai or write to the address in Section 1.