Privacy Policy

Effective date: June 1, 2025 · Last updated: June 1, 2025

1. Who We Are

KnowFlow is operated by PATHAKHRK INC ("Operator"). Our app is available on the Shopify App Store and is accessible at knowflow.pathakhrk.app.

If you have questions about this policy, contact us at: info@pathakhrk.com

2. Data We Collect

We collect two categories of data:

From Merchants (Shopify store owners who install KnowFlow):

• Shopify store domain and access token (for API access)
• Sender name and email address configured in settings
• Flow configurations, email content, and templates created by the merchant
• Plan and billing status

From End Customers (shoppers of the merchant's store):

• Name and email address (from Shopify order data)
• Phone number (only if WhatsApp feature is enabled and customer has opted in)
• Order ID and product information (to trigger and personalize drip emails)
• Email open and click events (via tracking pixel, anonymized)
• Opt-out/unsubscribe status

3. How We Use Data

• To send educational email sequences on behalf of the merchant to their customers
• To provide analytics (open rate, click rate, return rate) to the merchant
• To schedule and manage drip email timing
• To respect opt-out requests and prevent emails to unsubscribed customers
• To improve our service and monitor performance

We do not sell data to third parties. We do not use customer data for advertising. We do not share data between merchants.

4. Data Storage and Security

• All data is stored in MongoDB Atlas (cloud database with encryption at rest)
• API communications use HTTPS/TLS encryption
• Shopify access tokens are stored encrypted
• We use Upstash Redis for temporary job queue data — this is not persisted long-term
• No sensitive payment data is ever stored by KnowFlow

5. Data Retention

• Merchant data: Retained while the app is installed. Deleted within 30 days of uninstall.
• Customer enrollment data: Retained for 12 months from last activity, then deleted.
• Email send logs: Retained for 6 months for analytics purposes.
• Opt-out records: Retained indefinitely to prevent accidental re-enrollment.

6. GDPR Compliance (EU Merchants and Customers)

For merchants serving EU customers, KnowFlow provides:

• One-click unsubscribe — included in every email footer
• Data deletion — merchants can request full data deletion by emailing us
• Data portability — we can export your data on request
• Lawful basis — emails are sent under legitimate interest (post-purchase communication) and/or consent where applicable

KnowFlow acts as a Data Processor on behalf of the merchant (Data Controller). Merchants are responsible for ensuring their use of KnowFlow complies with applicable privacy laws in their jurisdiction.

7. CAN-SPAM Compliance (US)

• Every email includes the merchant's physical address or a valid substitute
• Every email includes a functional unsubscribe mechanism
• Unsubscribe requests are honored within 10 business days
• Subject lines are not deceptive

8. Third-Party Services

KnowFlow uses the following third-party services to operate:

• Resend (resend.com) — email delivery. Privacy Policy
• MongoDB Atlas — database storage. Privacy Policy
• Vercel — application hosting. Privacy Policy
• Upstash — Redis job queue. Privacy Policy
• WATI / Twilio (if WhatsApp enabled) — WhatsApp message delivery

9. Children's Privacy

KnowFlow is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify merchants of material changes via email or an in-app notice. Continued use of KnowFlow after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data deletion requests, or GDPR inquiries:

Email: info@pathakhrk.com
Website: knowflow.pathakhrk.app