Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how Jacob Rosenberry, an individual located in Pennsylvania (“TaktFlow,” “we,” “us”) collects, uses, and shares information when you use the TaktFlow website and Service. For personal data that our customers submit into the Service about their own staff and vendors, the customer is the controller and we act as a processor under our Data Processing Addendum.

1. Information we collect

  • Account information. Name, work email, company name, password, and role when you sign up or are invited.
  • Customer Data you submit. Assets, maintenance records, coolant and tooling logs, quality and safety checks, notes, and the names/contact details of the users and vendors you add. You control what you put into the Service.
  • Payment information. Subscriptions are processed by Stripe. We do not store full card numbers; Stripe handles card data and shares limited details with us (such as the last four digits, billing status, and plan).
  • Usage and device data. Log data, IP address, browser/device type, and actions taken in the Service, used for security, debugging, and improving the product.
  • Communications. Messages you send us (for example, support or contact requests).

2. How we use information

  • Provide, maintain, secure, and improve the Service;
  • Authenticate users and administer accounts and roles;
  • Process payments and manage subscriptions;
  • Send service, security, billing, and transactional messages, and (where permitted) product updates;
  • Provide support and respond to your requests;
  • Detect, prevent, and address fraud, abuse, and technical issues;
  • Comply with legal obligations.

We do not sell your personal information, and we do not use Customer Data to train AI models or for advertising.

3. How we share information

We share information only as needed to run the Service:

  • Service providers / sub-processors who process data on our behalf (see the list below);
  • Within your company’s account — your Authorized Users and admins see data according to their roles;
  • Legal and safety — to comply with law, enforce our agreements, or protect rights and safety;
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice as required.

4. Sub-processors

We rely on the following key providers to operate the Service:

  • Google Firebase / Google Cloud — hosting, database, authentication, file storage.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional and notification email delivery.

5. Cookies and similar technologies

We use strictly necessary cookies and local storage to keep you signed in, remember preferences (such as light/dark theme), and operate the Service. We do not use advertising cookies. To understand overall website traffic we use a privacy-friendly, cookieless analytics tool (Cloudflare Web Analytics) that measures aggregate visits without cookies and without tracking or identifying individual visitors. You can control cookies through your browser, though disabling them may affect functionality.

6. Data retention

We retain account and Customer Data for as long as your account is active and as needed to provide the Service. After termination, we make data available for export for 30 days and then delete or anonymize it within 90 days, except where we must retain it to comply with law, resolve disputes, or enforce agreements. Backups are purged on a rolling schedule.

7. Security

We use industry-standard safeguards, including encryption in transit, authenticated access, role-based permissions, and tenant isolation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential and configuring roles appropriately.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object or withdraw consent. To exercise these rights, contact us at the address below; if your data sits inside a customer’s account, we may refer your request to that customer as the controller.

California (CCPA/CPRA): we do not sell or “share” personal information for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights.

9. Where we process data

The Service is intended for businesses located in the United States, and we process data in the United States. We do not currently market the Service to individuals in the European Economic Area or United Kingdom; if you are located there and choose to use the Service, you consent to your information being processed in the United States.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide additional notice.

11. Contact us

For privacy questions or requests, contact Jacob@rosenberry.tech.