Commerceflo
Get a Demo
Legal

Privacy Policy

Last updated: April 12, 2026

1. Introduction

Commerceflo, Inc. ("Commerceflo," "we," "our," or "us") operates the Commerceflo platform, accessible at commerceflo.ai — an AI-Native Unified Omnichannel Commerce Platform designed for merchants, brands, manufacturers, and distributors.

This Privacy Policy explains how we collect, use, store, share, and protect information about you and your business when you access or use our platform, website, APIs, and related services (collectively, the "Service"). It also explains your rights with respect to that information.

By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

Commerceflo is a business-to-business (B2B) SaaS platform. Our customers are merchants and business entities — not individual consumers. References to "you" throughout this policy refer to the authorized representative of a business using the Service.

2. Information We Collect

We collect information in the following categories:

Account Information

When you register for Commerceflo, we collect information necessary to create and manage your account, including:

  • Full name and job title of the account administrator
  • Business email address
  • Company name, size, and industry
  • Business phone number
  • Billing address
  • Password (stored as a cryptographic hash — never in plain text)

Payment Information

All payment processing is handled by Stripe, Inc., a PCI DSS-compliant payment processor. Commerceflo does not store, transmit, or have access to full credit card numbers, CVV codes, or bank account details. We retain only non-sensitive billing metadata provided by Stripe, such as the last four digits of a card, card brand, and transaction IDs, for billing history and dispute resolution purposes.

Commerce Data

As part of normal platform operation, you upload and generate commerce data through the Service, including:

  • Product catalogs, descriptions, images, variants, and pricing
  • Order records, fulfillment details, and shipping data
  • Customer records belonging to your business (names, emails, shipping addresses)
  • Inventory levels, warehouse locations, and stock movements
  • B2B customer accounts, pricing tiers, and purchase histories

You remain the owner and data controller of all commerce data you upload. Commerceflo processes this data solely to deliver the Service to you.

Usage Data

We collect data about how you use the platform, including:

  • Features accessed and frequency of use
  • AI credit consumption per operation and per session
  • API call volume and response times
  • Login timestamps, IP addresses, and session durations
  • Errors encountered and support tickets submitted

Device and Browser Data

When you access the Service via a web browser, we automatically collect standard technical information including your IP address, browser type and version, operating system, device type, screen resolution, and referring URL. This data is used for security monitoring, fraud prevention, and aggregate analytics.

Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and collect analytics. For full details, please review our Cookie Policy.

AI Interaction Data

When you use Commerceflo's AI-powered features — such as AI product description generation, inventory analysis, pricing optimization, or the AI Commerce Agent — the following data is processed:

  • Prompts and instructions you provide to AI features
  • Commerce data submitted as context for AI operations (product data, order history, etc.)
  • AI-generated outputs (descriptions, recommendations, analyses)
  • Credit consumption logs associated with each AI operation

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: Providing, maintaining, and improving the Commerceflo platform, including all AI features, integrations, and commerce operations.
  • Payment and billing: Processing subscription payments, generating invoices, managing plan upgrades and downgrades, and resolving billing disputes.
  • AI operations: Sending your commerce data to AI models to generate product descriptions, analyze inventory trends, optimize pricing, route orders, and perform other AI-powered operations you initiate.
  • Analytics and improvement: Understanding how the platform is used, identifying friction points, and improving features, performance, and reliability.
  • Customer support: Responding to your requests, troubleshooting issues, and resolving disputes.
  • Security and fraud prevention: Monitoring for unauthorized access, detecting abuse, and protecting the integrity of the platform.
  • Marketing communications: Sending product updates, feature announcements, and relevant offers. You may opt out at any time via the unsubscribe link in any marketing email or by contacting us at privacy@commerceflo.ai.
  • Legal compliance: Complying with applicable laws, regulations, court orders, and law enforcement requests.

4. AI Data Processing

Commerceflo's AI features are powered in part by the Anthropic Claude API. When you use an AI feature, relevant commerce data from your account is transmitted to Anthropic's API for processing and the response is returned to Commerceflo for display to you.

Important commitments regarding AI data:

  • Your commerce data and AI prompts are not used to train Anthropic's foundational models or any third-party AI models.
  • AI operations are logged within Commerceflo systems for a period of 12 months for billing (credit consumption tracking) and debugging purposes.
  • AI-generated content — including product descriptions, recommendations, and analyses — is owned by you, the merchant. Commerceflo claims no intellectual property rights over content generated on your behalf.
  • You are responsible for reviewing AI-generated content before publishing or acting on it. Commerceflo does not warrant that AI outputs will be accurate, complete, or suitable for any specific purpose.

Anthropic's data handling practices are governed by Anthropic's own privacy policy and API data usage agreements. Commerceflo maintains a data processing agreement with Anthropic to ensure appropriate protections for your data.

5. Data Sharing & Third Parties

We do not sell your personal data or your commerce data to any third party, ever. We share data only in the following circumstances:

  • Anthropic: AI processing via the Claude API, as described in Section 4.
  • Stripe: Payment processing for subscription billing and invoicing.
  • Cloud infrastructure: Commerceflo is hosted on enterprise cloud infrastructure. Data is stored and processed on servers located in the United States. Our infrastructure providers are bound by appropriate data processing agreements.
  • Marketplace APIs: When you connect a marketplace channel (such as Amazon, Walmart, eBay, or others), Commerceflo transmits relevant product, inventory, and order data to and from that marketplace's API on your behalf. You authorize this transmission when you connect the channel.
  • Analytics providers: We use analytics tools to understand aggregate usage patterns. These providers receive anonymized or pseudonymized usage data.
  • Legal requirements: We may disclose your information if required by applicable law, regulation, legal process, or government request, or to protect the rights, property, or safety of Commerceflo, our customers, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email prior to any such transfer.

6. Data Retention

We retain your data as follows:

  • Active accounts: All commerce data, account data, and usage data is retained for the duration of your active subscription.
  • Free tier accounts: If your account enters the free tier (after trial expiry or plan downgrade), your commerce data is preserved indefinitely. We never delete your product catalogs, orders, or customer records as long as your account exists.
  • Deleted accounts: When you delete your account, your data is removed from our production systems within 90 days. You will have the opportunity to export your data before deletion is finalized.
  • AI operation logs: Logs of AI operations (prompts, outputs, credit usage) are retained for 12 months for billing verification and debugging, then permanently deleted.
  • Backup systems: Deleted data may persist in encrypted backup archives for up to an additional 30 days after production deletion.

7. Data Security

Commerceflo takes security seriously. We implement industry-standard and enterprise-grade security controls, including:

  • SOC 2 Type II certified: Our systems and processes are independently audited for security, availability, and confidentiality.
  • Encryption at rest: All stored data is encrypted using AES-256 encryption.
  • Encryption in transit: All data transmitted between your browser or application and Commerceflo servers is encrypted using TLS 1.3.
  • Access controls: Internal access to production systems and customer data is strictly role-based and requires multi-factor authentication.
  • Audit logging: All access to customer data by Commerceflo personnel is logged and audited.
  • Regular security assessments: We conduct periodic penetration testing and vulnerability assessments.

While we take all reasonable measures to protect your data, no security system is impenetrable. In the event of a data breach affecting your account, we will notify you in accordance with applicable laws.

8. Your Rights

As a Commerceflo account holder, you have the following rights with respect to your information:

  • Access: You can view your account information and commerce data at any time within the platform.
  • Data export: You can export your product catalog, order history, and customer data in standard formats (CSV, JSON) at any time from the platform settings.
  • Correction: You can update your account information at any time.
  • Deletion: You can delete your account from the platform settings. Data will be removed within 90 days as described in Section 6.
  • Marketing opt-out: You can opt out of marketing emails at any time via the unsubscribe link or by contacting privacy@commerceflo.ai.

GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to restriction of processing
  • Right to object to processing
  • Right to withdraw consent at any time where processing is based on consent

To exercise any GDPR right, contact us at privacy@commerceflo.ai. We will respond within 30 days.

CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it is used
  • Right to delete personal information we hold about you
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

9. International Data Transfers

Commerceflo is headquartered in the United States. Your data is processed and stored on servers located in the United States. If you are accessing the Service from outside the United States — including from the European Union — please be aware that your data will be transferred to, stored in, and processed in the United States.

For transfers of personal data from the EU to the United States, Commerceflo relies on Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable. We are committed to ensuring that international data transfers comply with GDPR requirements.

10. Children's Privacy

The Commerceflo platform is a B2B SaaS product designed exclusively for use by business entities and their authorized representatives. The Service is not directed at, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal information from minors.

If you believe that we have inadvertently collected information from a minor, please contact us immediately at privacy@commerceflo.ai and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes — changes that significantly affect how we collect or use your data — we will notify you by email at the address associated with your account at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@commerceflo.ai
  • Mail: Commerceflo, Inc., Attn: Privacy Team, 2261 Market Street, Suite 5965, San Francisco, CA 94114, United States

We take all privacy inquiries seriously and will respond within a reasonable timeframe, and no later than 30 days for GDPR-related requests.