Privacy Policy

1. Roles

ShopFlow Auto is a software platform used by independent auto repair shops. When a shop uses the platform to manage its customers' vehicle service, the shop is the data controller of that customer information, and ShopFlow Auto acts as a data processor on the shop's behalf. For information collected directly through shopflow-auto.com (such as the contact form), ShopFlow Auto is the controller.

2. Information we collect

From shop partners and their staff: name, email, phone, login credentials (hashed), and usage/audit logs.

From end-customers of shop partners (entered into the platform by the shop): name, contact information, vehicle information (make, model, year, VIN, license plate, mileage), service history, repair authorizations, photos, estimates, invoices, payments, and SMS consent records.

From visitors to shopflow-auto.com: any information voluntarily provided via the contact form (name, email, phone, shop name, message, SMS opt-in flag).

Automatically: IP address, browser type, pages visited, timestamps. We do not use third-party advertising trackers.

3. How we use information

• To provide the platform to shop partners and deliver transactional notifications to their customers.
• To respond to contact-form inquiries and schedule demos.
• To secure the platform (rate limiting, abuse detection, audit logging).
• To comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not use customer data for advertising or profiling.

4. Sharing

We share information only with the following categories of recipients:

• Sub-processors strictly necessary to deliver the service: our hosting provider (Hetzner), email delivery provider (Resend), and SMS carrier (Twilio).
• The shop partner that a given end-customer is doing business with.
• Legal & safety: in response to lawful requests, subpoenas, or to protect the rights, property, or safety of ShopFlow Auto, our users, or the public.

5. SMS

Transactional SMS to end-customers is sent only after the shop partner collects affirmative opt-in through one of the channels described in our SMS Consent & Opt-In Policy. Phone numbers are never shared with third parties other than our SMS carrier for delivery.

6. Retention

We retain information for as long as the shop partner maintains an active account, plus a retention period required by business-records and tax law. Shop partners may request deletion of end-customer records at any time, subject to legal retention requirements. Contact-form submissions are retained for up to 24 months.

7. Security

We use industry-standard technical and organizational measures including: encrypted transport (HTTPS), hashed and salted passwords, multi-factor authentication (TOTP / SMS), per-tenant data isolation, rate limiting, audit logging, daily offsite backups, and least-privilege access controls. No system is perfectly secure; we encourage shop partners and users to use strong, unique passwords and enable MFA.

8. Your rights

Depending on your jurisdiction (including California under the CCPA/CPRA), you may have the right to access, correct, delete, or port your personal information, or to opt out of sale or sharing. We do not sell personal information. To exercise rights, contact us using the details below. If your information is held by a shop partner, we will route the request to them as controller.

9. Children

ShopFlow Auto is a B2B platform not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes

We may update this Policy from time to time. We will post the updated version with a revised “Last updated” date and, for material changes, provide additional notice.

11. Contact

• Email: support@shopflow-auto.com
• Mail: Beckham Enterprises, [BUSINESS ADDRESS — TO FILL]