Privacy Policy

1. Information We Collect

1.1 Account Information

When you sign in to the Platform or Extension, we collect:

• Your email address
• Your name and profile picture (when signing in with Google or Microsoft)
• Your user ID
• Authentication tokens (used to keep you signed in)

1.2 Data You Extract Using the Extension

The Extension allows you to create field-mapping templates and extract logistics and shipping data from websites you visit. Depending on how you configure your templates, the data you extract may include:

• Customer and carrier names
• Order, load, PO, and PU numbers
• Pickup and delivery locations (city and state)
• Ship and delivery dates
• Rate and pricing information
• Carrier contact information (email, phone number)
• Delivery status information
• Proof of Delivery (POD) documents and related files

Important: The Extension only extracts data from fields you explicitly configure in your templates or from supported integrations (such as ITS Dispatch) that you initiate. It does not passively collect data from websites you visit.

1.3 Locally Stored Data

The Extension stores the following data locally in your browser using Chrome's storage API:

• Your authentication credentials (encrypted tokens)
• Your field-mapping templates
• Extracted data rows (cached locally before syncing)
• Session activity timestamps

1.4 Information We Do Not Collect

• We do not collect your browsing history.
• We do not collect data from websites other than those you actively use the Extension on.
• We do not collect personally identifiable information beyond what is required for authentication.
• We do not use third-party analytics, tracking, or advertising services within the Extension.

2. How We Use Your Information

We use the information described above for the following purposes:

• Authentication: To verify your identity and maintain your session.
• Core Functionality: To extract, store, and sync the logistics data you configure the Extension to capture.
• Data Synchronization: To transmit your extracted data to our backend servers so it is accessible within the Flow platform (main-flow.com).
• Template Management: To save, retrieve, and manage your field-mapping templates across sessions.
• Delivery Tracking: To track and sync delivery status updates for your loads.
• Session Security: To automatically log you out after a period of inactivity (1 hour) to protect your account.

3. Data Sharing and Disclosure

3.1 Our Backend Services

Extracted data and templates are transmitted to our servers at api.main-flow.com for storage and use within the Flow platform. This data is associated with your user account.

3.2 Third-Party Authentication

We use Google Firebase for authentication services. When you sign in, your credentials are processed through Google's Identity Toolkit and Secure Token services. Google's use of this data is governed by Google's Privacy Policy.

3.3 No Sale of Data

We do not sell, rent, or trade your personal information or extracted data to third parties.

3.4 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Google User Data & Gmail Integration

This section describes how Flow accesses, uses, stores, and shares Google user data, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Google Sign-In

Flow uses Google Firebase Authentication to allow users to sign in with their Google account. During sign-in, we receive your name, email address, and profile picture from Google. This information is used solely to create and maintain your Flow account. We do not request any additional Google data during the sign-in process.

4.2 Gmail Integration (Optional)

Flow offers an optional Gmail integration that users may connect through the Settings page. This integration is entirely separate from sign-in and requires explicit user action to enable. When you connect your Gmail account, we request the following OAuth scopes:

• gmail.send — Used to send emails (rate confirmations, load tender responses, and shipping status updates) on your behalf from your own Gmail address to carriers and shippers within the Flow platform.
• gmail.readonly — Used to read your incoming emails to detect and surface freight-related messages (load offers, rate confirmations, carrier responses) within your Flow dashboard, so you can manage logistics communications without switching between apps.
• userinfo.email — Used to verify which Gmail address is connected to your account.

4.3 How We Use Gmail Data

Gmail data accessed through the integration is used exclusively to:

• Send emails that you compose and initiate within the Flow platform
• Read and display incoming emails relevant to your freight brokerage operations
• Show email delivery status within the platform

We do not use Gmail data for advertising, market research, or any purpose unrelated to the core freight brokerage functionality of Flow.

4.4 Gmail Data Storage

• OAuth Tokens: Gmail OAuth access tokens and refresh tokens are stored securely on our backend servers (api.main-flow.com) and are associated with your user account. Tokens are encrypted in transit via HTTPS/TLS.
• Email Content: Email content retrieved via the Gmail API is displayed in real-time within the platform and is not permanently stored on our servers. Email metadata (message IDs, timestamps, subject lines) may be cached temporarily to improve performance.
• Sent Emails: When you send an email through Flow, the email is transmitted directly to Gmail's API. We store a record of the send action (recipient, subject, timestamp, delivery status) for your reference within the platform.

4.5 Gmail Data Sharing

We do notshare, sell, or transfer your Gmail data to any third parties. Gmail data is only transmitted between your browser, our backend servers, and Google's Gmail API. No other services or parties have access to your Gmail data.

4.6 Disconnecting Gmail

You may disconnect your Gmail account at any time through the Flow Settings page. When you disconnect, we delete your stored Gmail OAuth tokens from our servers. You may also revoke Flow's access to your Google account at any time by visiting Google Account Permissions.

4.7 Google API Services Limited Use Disclosure

Flow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4B. Microsoft User Data & Outlook Integration

This section describes how Flow accesses, uses, stores, and shares Microsoft user data when you connect your Outlook/Microsoft 365 email account.

4B.1 Microsoft Sign-In

Flow allows users to sign in with their Microsoft account via Firebase Authentication. During sign-in, we receive your name, email address, and profile picture. This information is used solely to create and maintain your Flow account.

4B.2 Outlook Email Integration (Optional)

Flow offers an optional Outlook/Microsoft 365 email integration that users may connect through the Settings page. This integration is entirely separate from sign-in and requires explicit user action to enable. When you connect your Outlook account, we request the following Microsoft Graph API permissions:

• Mail.Send — Used to send emails (rate confirmations, load tender responses, and shipping status updates) on your behalf from your own Outlook email address to carriers and shippers within the Flow platform.
• Mail.Read — Used to read your incoming emails to detect and surface freight-related messages (load offers, rate confirmations, carrier responses) within your Flow dashboard.
• User.Read — Used to retrieve your basic profile information and verify which email address is connected.
• offline_access — Used to maintain your email connection without requiring you to re-authenticate each session.

4B.3 How We Use Outlook Data

Outlook data accessed through the integration is used exclusively to:

• Send emails that you compose and initiate within the Flow platform
• Read and display incoming emails relevant to your freight brokerage operations
• Show email delivery status within the platform

We do not use Outlook data for advertising, market research, or any purpose unrelated to the core freight brokerage functionality of Flow.

4B.4 Outlook Data Storage

• OAuth Tokens: Outlook OAuth access tokens and refresh tokens are stored securely on our backend servers (api.main-flow.com) and are associated with your user account. Tokens are encrypted in transit via HTTPS/TLS.
• Email Content: Email content retrieved via the Microsoft Graph API is displayed in real-time within the platform and is not permanently stored on our servers. Email metadata may be cached temporarily to improve performance.
• Sent Emails: When you send an email through Flow, the email is transmitted directly to Microsoft's Graph API. We store a record of the send action (recipient, subject, timestamp, delivery status) for your reference.

4B.5 Outlook Data Sharing

We do notshare, sell, or transfer your Outlook data to any third parties. Outlook data is only transmitted between your browser, our backend servers, and Microsoft's Graph API. No other services or parties have access to your Outlook data.

4B.6 Disconnecting Outlook

You may disconnect your Outlook account at any time through the Flow Settings page. When you disconnect, we delete your stored Outlook OAuth tokens from our servers. You may also revoke Flow's access to your Microsoft account at any time by visiting Microsoft Account App Access.

5. Data Storage and Security

• Local Storage: Data stored locally in your browser is scoped to your user account to prevent cross-account access. Authentication tokens are stored using Chrome's storage API and expire after 1 hour, after which they are automatically refreshed or you are logged out.
• Data in Transit: All communication between the Extension and our servers is encrypted using HTTPS/TLS.
• Server-Side Storage: Data transmitted to our backend is stored on secured servers with access controls in place.
• Local Storage Limits: Local cached data is capped at 1 MB per storage key with automatic cleanup to prevent excessive storage use.

6. Chrome Extension Browser Permissions

The Extension requests the following browser permissions:

The "all URLs" host permission is required because the Extension is a universal field scraper — you may need to extract data from any logistics website or carrier portal. The Extension does not passively monitor or collect data from all websites; it only activates when you explicitly use it on a page.

7. Data Retention

• Local Data: Extracted data rows and templates are stored locally until you clear them or uninstall the Extension.
• Server Data: Data synced to our servers is retained as part of your Flow account for as long as your account is active. You may request deletion of your data by contacting us (see Section 11).
• Authentication Tokens: Tokens expire after 1 hour of inactivity and are automatically removed.
• Gmail OAuth Tokens: Stored on our servers for as long as your Gmail integration is connected. Deleted immediately when you disconnect Gmail or delete your account.
• Gmail Email Content: Not permanently stored. Displayed in real-time and cached only temporarily for performance.
• Outlook OAuth Tokens: Stored on our servers for as long as your Outlook integration is connected. Deleted immediately when you disconnect Outlook or delete your account.
• Outlook Email Content: Not permanently stored. Displayed in real-time and cached only temporarily for performance.

8. Your Rights and Choices

• Access and Deletion: You may request access to or deletion of your personal data by contacting us at the email address below.
• Uninstall: You may uninstall the Extension at any time through your browser's extension management page. Uninstalling removes all locally stored data.
• Template Management: You can create, edit, and delete your field-mapping templates at any time through the Extension interface.
• Clear Extracted Data: You can clear your locally cached extracted data through the Extension interface.
• Disconnect Gmail: You can disconnect your Gmail integration at any time from the Flow Settings page. This revokes our access and deletes your stored Gmail tokens.
• Revoke Google Access: You can revoke Flow's access to your Google account at any time via Google Account Permissions.
• Disconnect Outlook: You can disconnect your Outlook integration at any time from the Flow Settings page. This revokes our access and deletes your stored Outlook tokens.
• Revoke Microsoft Access: You can revoke Flow's access to your Microsoft account at any time via Microsoft Account App Access.

9. Children's Privacy

The Extension is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, notifying you within the Platform. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to request deletion of your data, please contact us at:

Email: flowbros@main-flow.com

Website: https://main-flow.com