Privacy Policy for Localflow
Last Updated: February 10, 2026
Welcome to Localflow! This Privacy Policy explains how Enrich Services (Private) Limited, Registration Number PV 00220963 ("Localflow," "we," "us," or "our") collects, uses, and protects your personal information when you use our platform, particularly when you sign in using Google or Microsoft Single Sign-On (SSO).
We are committed to protecting your privacy and handling your data in an open and transparent manner.
1. What Information We Collect
When you choose to register or log in to Localflow using Google or Microsoft SSO, you authorize us to access certain information from your Google or Microsoft account. We only collect what is necessary to provide our services.
Information collected via SSO:
- Name: To personalize your experience and address you in communications.
- Email Address: To create your account, communicate with you, and for account recovery.
- Profile Picture: To help you and your team members identify each other within the platform.
Future Calendar Access: We may also request access to your Google or Microsoft Calendar in the future. This access will be requested separately and will require your explicit consent. Calendar data will be used exclusively to help you manage itineraries, schedule events, and coordinate with your team.
2. How We Use Your Information
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email Address | Create and manage your account; authenticate you; send service notifications | Contract |
| Name | Personalize your experience; display in platform | Contract |
| Profile Picture | Help team members identify each other; personalize your experience | Consent |
| Calendar Data (if enabled) | Manage itineraries; check availability; coordinate scheduling | Consent |
| Usage Data (logs, interactions) | Improve our Services; understand user behavior; fix bugs | Legitimate Interest |
We will not use your personal data for any other purpose without your consent.
3. Cookies and Tracking Technologies
Localflow uses cookies and similar tracking technologies to improve your experience and understand how you use our platform.
Types of Cookies We Use:
- Essential Cookies: Required for authentication and session management. These cannot be disabled.
- Analytics Cookies: Help us understand how users interact with Localflow so we can improve the platform. You can opt out of analytics cookies in your browser settings.
- Functional Cookies: Remember your preferences and settings to enhance your experience.
Your Choices: You can control cookies through your browser settings. Disabling essential cookies may prevent you from using Localflow. You can opt out of analytics cookies without affecting core functionality.
4. Data Storage and Retention
- Session Management: Your login session is valid for 7 days. If you use Localflow at least once a day, your session expiry will be extended (a rolling 7-day window).
- Inactive Accounts: If you are inactive for 7 consecutive days, your session will expire, and you will need to sign in again.
- Data Retention: We retain your personal data only for as long as your account is active or as needed to provide you with our services. If you delete your account, we will permanently delete your personal information from our systems.
5. Subprocessors and Third-Party Services
We use third-party service providers to help us deliver Localflow. These providers process personal data on our behalf under strict data processing agreements.
Current Subprocessors:
- Cloud Infrastructure Provider: We host Localflow on secure cloud infrastructure to ensure reliability and security.
- Email Service Provider: For sending notifications and communications.
- Authentication Providers: Google and Microsoft for SSO authentication.
We will update this list as we add new subprocessors. If you have concerns about any subprocessor, please contact us at dev@localflow.travel.
6. Data Sharing and Disclosure
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
We will only disclose your information in the following limited circumstances:
- With Your Consent: We may share your information with your explicit consent.
- For Legal Reasons: We may disclose your information if required to do so by law or in response to a valid request from a law enforcement or government agency.
7. Data Security
We implement a variety of security measures including encryption (in transit and at rest), secure cloud infrastructure, and access controls.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
8. Your Rights and Choices
In line with GDPR, CCPA, and other data protection regulations, you have the following rights:
- Right to Access
- Right to Rectification
- Right to Erasure (Right to be Forgotten)
- Right to Restrict Processing
- Right to Data Portability
To exercise any of these rights, please contact us at dev@localflow.travel. We will respond within 30 days. You can also revoke Localflow's access to your Google or Microsoft account at any time through your respective account's security settings.
9. Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify you and any affected users without undue delay, and in any case within 72 hours as required by GDPR and similar regulations.
10. International Data Transfers
Your information may be stored and processed in any country where we have facilities or engage service providers. As our company is registered in Sri Lanka, your data will be processed in accordance with Sri Lankan law and international data protection standards like GDPR.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
12. Limitation of Liability
To the fullest extent permitted by law, our total liability to you for any claims arising from or related to this Privacy Policy or our handling of your personal data shall not exceed the greater of (a) the total amount of fees paid by you to us in the twelve (12) months preceding the claim, or (b) one hundred US dollars (USD 100). Some jurisdictions do not allow the exclusion or limitation of certain damages; in such cases, our liability will be limited to the maximum extent permitted by law. For further details on disclaimers and limitations of liability, please see our Terms and Conditions.
13. Contact Us
- For privacy and legal inquiries: dev@localflow.travel
- For general support: hello@localflow.travel
Enrich Services (Private) Limited (Registration Number PV 00220963) is a company registered in Sri Lanka. Localflow is a product of Enrich Services (Private) Limited.