Privacy Policy — Dashflow

1. Who we are

Dashflow is a product of GlobalTechX (“we”, “us”, “our”). We provide a free dashboard preview generator and a custom dashboard build service. Our website is globaltechnologyx.com and Dashflow is accessible at dashflow.globaltechnologyx.com.

For any privacy-related questions, contact us at info@globaltechnologyx.com.

2. What data we collect

a) Account registration

When you create a Dashflow account we collect your full name, email address, and a bcrypt-hashed password. We never store your plain-text password.

b) Dashboard generation

When you generate a dashboard preview you may provide:

Company name, industry, and dashboard type (text fields).
Manual KPI values you type in.
An optional CSV file. CSV contents are processed entirely in-memory on our server and are never stored, logged, or transmitted to third parties. They are discarded as soon as the dashboard response is returned.

We record a generation usage count per account (a simple counter) to enforce the 1-free-preview limit.

c) Quote requests

If you submit a quote request we collect your name, email, company, role, website URL (optional), a description of your dashboard needs, budget range, and timeline. This information is stored in our PostgreSQL database (hosted by Supabase) and used to evaluate and respond to your request. We also send a notification email to our team via Resend.

d) Live chat (Tawk.to)

Our site embeds Tawk.to for live chat. Tawk.to may collect your name, email, and chat messages when you initiate a conversation. Please review Tawk.to's privacy policy for details.

e) Server logs

Our hosting provider (Vercel) automatically records standard server logs including IP addresses, request paths, and timestamps for security and operational purposes. See Vercel's privacy policy.

3. How we use your data

To provide and operate the Dashflow service.
To authenticate you and enforce free-tier limits.
To respond to quote requests and discuss custom dashboard projects.
To send transactional notifications (e.g. confirming we received your quote).
To improve the product (aggregate, anonymised usage patterns only).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal basis for processing (GDPR)

Where GDPR applies, we process personal data on the following bases:

Performance of a contract — processing your account data and generation usage to deliver the service you signed up for.
Legitimate interests — processing quote requests and server logs to operate and secure the service.
Consent — where required by law (e.g. optional marketing communications, should we introduce them in the future).

5. Data retention

Account data: retained while your account is active. You may request deletion at any time (see §7).
Dashboard generation inputs: not persisted beyond the server request.
Quote requests: retained until the inquiry is resolved or until you request deletion.
Server logs: retained by Vercel according to their data retention policies.

6. Cookies and sessions

Dashflow uses a single session cookie issued by NextAuth.js to keep you logged in. This cookie is:

HttpOnly and Secure (never accessible to JavaScript, only sent over HTTPS).
Scoped to this domain.
Valid for 30 days of inactivity, then automatically expired.

No third-party advertising or analytics cookies are set by Dashflow itself. Tawk.to may set its own cookies for live chat functionality.

7. Your rights

Depending on your jurisdiction you may have the right to:

Access the personal data we hold about you.
Correct inaccurate personal data.
Request deletion of your personal data (“right to be forgotten”).
Object to or restrict certain types of processing.
Receive your data in a portable format.
Withdraw consent where processing is based on consent.

To exercise any of these rights, email us at info@globaltechnologyx.com. We will respond within 30 days.

8. Data security

We take reasonable technical and organisational measures to protect your data, including:

Passwords hashed with bcrypt (work factor 10).
All traffic served over HTTPS with HSTS enforced.
HTTP security headers (CSP, X-Frame-Options, X-Content-Type-Options, etc.).
Rate limiting on all public endpoints to prevent abuse.
Server-side input validation and sanitisation on all user inputs.
Secrets managed via environment variables, never committed to source code.

No method of transmission or storage is 100% secure. If you discover a security issue please disclose it responsibly by emailing info@globaltechnologyx.com.

9. Third-party services

Vercel — hosting and serverless infrastructure. Privacy policy.
Supabase — PostgreSQL database for accounts, quote requests, and usage data. Privacy policy.
Resend — transactional email delivery. Privacy policy.
Tawk.to — live chat. Privacy policy.

10. Children's privacy

Dashflow is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date at the top of this page. Continued use of Dashflow after any changes constitutes acceptance of the revised policy.

12. Contact

For any questions about this Privacy Policy or how we handle your data:

GlobalTechX
Email: info@globaltechnologyx.com
Website: www.globaltechnologyx.com