Privacy Policy

Account information. When a shop owner signs up, we collect the business name, owner name, email, phone, city, state, and chosen plan. We also create a unique workspace for the business and an owner login.

Payment information. Card details entered during signup are tokenized by our payment processor (Stripe) before reaching our servers. We store only the card brand, last four digits, expiration month and year, cardholder name, and billing ZIP. We never persist a full card number or CVC.

Operational data. When shops use MotoFlow Pro, they enter information about their customers, vehicles, appointments, parts inventory, invoices, inspections, and accounting. This data belongs to the shop ("Tenant Data") and we process it on the shop's behalf.

Customer-facing portal. When a shop's customer follows a portal or estimate link, we may store their name, contact information, vehicle, and service-request details to relay them back to the shop.

Usage and device data. We log requests to the Service (IP address, user agent, pages visited, timestamps) for security, debugging, and to improve the product. We also maintain an internal audit log of sensitive admin actions and a short-lived error log for diagnosing runtime exceptions.

Push notification tokens. If you enable push notifications, we store the device tokens issued by your operating system or browser so we can deliver alerts. These tokens identify your device, not you personally.

Cookies.We use a small number of strictly necessary cookies: one HMAC-signed session cookie for authenticated users, an "active tenant" cookie for workspace operators, and a 30-day referral-attribution cookie set when someone visits a tenant's /r/<code> short link. We do not use third-party advertising cookies.

Optional integrations. If a shop connects a third-party service (Stripe Connect, Square, O'Reilly First Call, Twilio, Resend, QuickBooks), we store the OAuth tokens or API credentials needed to operate that integration.

We use the information described above to:

• Provide, secure, and improve the Service;
• Bill shops for their MotoFlow Pro subscription and process trial conversions;
• Send transactional messages (signup confirmations, billing notices, trial-end reminders, support replies);
• Relay messages between shops and their customers (estimates, invoices, appointment confirmations);
• Detect, prevent, and respond to fraud or abuse; and
• Comply with legal obligations.

We do not sell personal information. We share information with service providers that help us run the Service, and only to the extent necessary for them to perform that work. Current sub-processors include:

• Stripe (Stripe, Inc.) — subscription billing, payment tokenization, tenant Connect onboarding, and (when enabled) Stripe Financial Connections / Link for "pay by bank" ACH. The bank-link UI is hosted entirely by Stripe; we never see customer banking credentials.
• Square (Block, Inc.) — payment processing for tenants who choose Square as their processor;
• Twilio, Inc. — outbound SMS, when a tenant connects Twilio credentials;
• Resend, Inc. — transactional email (account verification, password reset, billing reminders);
• Apple Push Notification service — iOS push delivery when a tenant uses our native iOS app;
• Firebase Cloud Messaging (Google LLC) — Android push delivery when a tenant uses our native Android app;
• Geoapify — geocoding and routing for live ETA and the customer tracking map;
• OpenStreetMap contributors — base map tiles for tracking;
• Translation providers — DeepL, Google Cloud Translation, LibreTranslate, or MyMemory (configurable per deployment) for customer-portal language switching;
• Anthropic, PBC — AI features (Claude). When a shop user clicks an AI button in the workspace, we send a focused, purpose-specific payload to Anthropic's Messages API:
  • Inspection summary: the items, statuses, and tech notes on that inspection, plus the vehicle's year/make/model and the customer's first name.
  • Service recommendations: the vehicle's year/make/model/engine/mileage/VIN and a list of services completed on that vehicle in the last 12 months.
  • Estimate line rewriter: the line descriptions only (qty/rate/amount are sent for context but never modified).
  • Vehicle history briefing: the vehicle's year/make/model/mileage, the customer's name, and the last 6 months of appointment titles, statuses, and tech notes.
  • Support reply assistant (admin-side): the support ticket subject and the last 12 messages on the thread, plus a static MotoFlow help digest.
  Customer phone numbers, addresses, payment card data, and SSNs are never sent to Anthropic. Anthropic does not train on data submitted through their API by default. We log token counts and dollar cost per call in our own database for usage analytics.
• Google LLC — when a shop connects Google Calendar, we push appointment details (title, time, customer first and last name, vehicle year/make/model, service address, and the link back to the job in MotoFlow) to the connected Google Calendar. We never read events back from the calendar.
• Sentry — error tracking, when configured;
• Cloud infrastructure providers (database, hosting, backups). We will name our hosting provider on request.

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of MotoFlow Pro, our users, or others.

When enabled by your shop's plan, AI features generate draft text that a shop user (technician, dispatcher, or owner) can edit before sending or saving. The AI is suggesting language, not making decisions for the shop. Recommendations about maintenance, inspection findings, and customer responses are starting points — not warranties or professional advice — and shop staff are expected to review every AI-generated output before acting on it.

AI features are turned off by default on Basic plans and can be disabled per-feature by your shop owner from the workspace settings or by the MotoFlow platform team on request. Section 3 above lists exactly what data each AI feature sends to Anthropic.

Shops control the data they enter into MotoFlow Pro. We process Tenant Data only to provide the Service or as the shop instructs. A shop's customers should direct privacy requests about their data to the shop they do business with; we'll cooperate with the shop to fulfill those requests.

We use industry-standard safeguards, including TLS in transit, encrypted backups, access controls, and tokenized card storage. No system is perfectly secure; if we discover a breach affecting your data, we'll notify you in line with applicable law.

We retain account and Tenant Data while a shop's account is active and for a reasonable period afterward, to support reactivation, comply with legal obligations, resolve disputes, and enforce our agreements. Card metadata is deleted when a payment method is removed.

Account access and update. You can update or correct your account information from the MotoFlow Pro workspace settings.

Data export. Shop owners can download a CSV and JSON export of all data in their workspace from Settings → Data export. The export includes customer, vehicle, appointment, invoice, inspection, parts, and accounting records.

Account deletion. You can request deletion of your account by emailing privacy@motoflowpro.com. We'll process the request subject to legal and operational retention requirements.

SMS opt-out. Customers who receive SMS from a shop using MotoFlow Pro can reply STOP to that shop's number at any time to opt out of all future SMS from that shop. Reply HELP for help. Message and data rates may apply. Frequency varies by shop. Opt-outs are honored within 24 hours and propagate to all message categories (tracking links, review requests, appointment reminders, payment reminders).

Push notification opt-out. You can disable push notifications from your device or browser settings, or from the Notifications panel inside the workspace.

If you are in the EEA, UK, California, or another region with applicable privacy law, you may have additional rights including access, rectification, deletion, restriction, portability, and objection to processing. To exercise these rights, contact us at the address above.

MotoFlow Pro operates from the United States. By using the Service, you understand that information may be transferred to and processed in the United States and other countries where our service providers operate.

The Service is not intended for individuals under 16. We do not knowingly collect information from children.

We may update this Privacy Policy from time to time. When we do, we'll revise the "Last updated" date above and, for material changes, provide notice in the Service or by email.

Questions about this policy? Email privacy@motoflowpro.com.