Privacy Policy

Effective date: January 1, 2020 · Last updated: March 17, 2026

This Privacy Policy ("Policy") describes how CSPAutomation Inc. ("CSPAutomation", "Company", "we", "us", "our"), operating the LiteFlows platform ("Service"), collects, uses, stores, discloses, and protects information in connection with your use of the Service. LiteFlows is a subsidiary product of CSPAutomation Inc., a corporation registered in the Province of Alberta, Canada.

BY ACCESSING OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND CONSENT TO THE PRACTICES DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, YOU MUST NOT ACCESS OR USE THE SERVICE.

1. Scope of This Policy

This Policy applies to all users of the LiteFlows platform, including Organization administrators, Authorized Users, and visitors to our public-facing pages. This Policy covers information collected through the Service and does not apply to third-party websites, services, or applications that may be linked to or integrated with the Service.

2. Information We Collect

2.1 Information You Provide

Account Registration Data: Full name, email address, username, password, phone number, and job title when you register for or are invited to an account
Organization Data: Organization name, legal entity name, billing address, administrator contact information, and backup contact details
Customer Content: Projects, tasks, documents, wiki articles, comments, messages, files, attachments, time entries, and any other content created, uploaded, or stored within the Service by you or your Authorized Users
Communications: Information contained in support requests, feedback submissions, and correspondence with CSPAutomation
Billing Information: Subscription plan selection, billing cycle preferences, and related account management data. Payment processing, if applicable, is handled by third-party payment processors; CSPAutomation does not store credit card numbers or banking details.

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, actions taken, timestamps, session duration, and interaction patterns within the Service
Device & Technical Data: Browser type and version, operating system, screen resolution, IP address, device identifiers, and language preferences
Log Data: Server access logs, error logs, and security event logs generated during your use of the Service

2.3 AI-Related Data

LiteFlows includes AI-powered features (project intelligence reports, automated summaries, and AI-assisted task management). When you use these features, project data within your Organization may be processed by AI models to generate insights and reports. AI-generated outputs are created for your use within the Service and are treated as Customer Content.

3. How We Use Your Information

We use the information collected for the following purposes:

Service Operation: To provide, operate, maintain, and improve the Service and its features
Authentication & Security: To verify your identity, manage access controls, detect and prevent fraud, unauthorized access, and security threats
Communications: To send transactional notifications (password resets, invitation emails, billing alerts, expiry warnings), respond to inquiries, and provide customer support
AI Features: To generate project intelligence reports, automated summaries, and AI-assisted productivity features within your Organization
Analytics & Improvement: To monitor usage patterns, diagnose technical issues, and develop new features and enhancements
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

We do not use Customer Content for advertising, marketing profiling, or training general-purpose AI models. Customer Content is processed solely for the purpose of delivering the Service to the Customer's Organization.

4. Data Storage & Residency

LiteFlows serves organizations across the globe. Data residency is fully customizable based on your organization's governance, compliance, and regulatory requirements for data residency. Customers may designate their preferred hosting region during onboarding or through written agreement with CSPAutomation.

CSPAutomation utilizes enterprise-grade cloud infrastructure with the following security measures:

Encryption in transit (TLS 1.2 or higher)
Encryption at rest using industry-standard algorithms
Strict multi-tenant data isolation between Organizations
Automated backup procedures with configurable retention
Access logging and audit trails

Specific data residency configurations, certifications, and compliance documentation are available upon request and may be subject to a separate written agreement.

5. Data Sharing & Disclosure

CSPAutomation does not sell, rent, lease, or trade your personal information or Customer Content to any third party. We may disclose information only in the following limited circumstances:

Within Your Organization: Other Authorized Users within your Organization workspace can view content you create or share within that workspace, subject to role-based access controls
Service Providers: We engage trusted third-party service providers (e.g., infrastructure hosting, email delivery) that process data on our behalf under strict contractual obligations of confidentiality and security. These providers are prohibited from using your data for any purpose other than providing services to CSPAutomation.
Legal Obligations: When required by applicable law, regulation, subpoena, court order, or other enforceable legal process
Safety & Rights Protection: When disclosure is necessary to protect the rights, safety, property, or security of CSPAutomation, our users, or the public
Business Transfer: In connection with a merger, acquisition, reorganization, or sale of all or a portion of CSPAutomation's assets, subject to the acquiring entity agreeing to honor the terms of this Policy

6. Cookies & Tracking Technologies

The Service uses only essential cookies and similar technologies required for the Service to function:

Session Cookies: To maintain your authenticated session
CSRF Protection Tokens: To prevent cross-site request forgery attacks
Preference Cookies: To remember your display settings, theme, and workspace preferences (stored locally in your browser)

We do not use third-party advertising cookies, tracking pixels, social media trackers, or any form of cross-site behavioral tracking. We do not participate in ad networks or sell tracking data.

7. Data Retention & Deletion

7.1 Active Accounts

We retain personal data and Customer Content for as long as the Customer's account and Organization remain active and in good standing.

7.2 Post-Completion Retention

Upon completion or archival of a project, Customer Data associated with that project is retained for a default period of thirty (30) days from the date of completion. After this period, data may be permanently deleted without further notice. Extended retention is available only through a separate written agreement.

7.3 Organization Deletion — Permanent Data Destruction

When an Organization is deleted — whether initiated by the Customer, the Platform Owner, or through automated processes (e.g., demo expiry) — ALL Customer Data associated with that Organization is permanently and irreversibly destroyed. This includes all projects, tasks, documents, files, messages, user records, configurations, and backups specific to that Organization. CSPAutomation does not maintain, archive, retain, or have the ability to recover any Customer Data beyond the agreed retention period. Deleted data cannot be recovered under any circumstances.

7.4 Account Termination

Upon termination of a Customer's account, all associated data will be deleted within 30 days, unless a longer period is required by applicable law or agreed in writing.

7.5 Customer Responsibility

The Customer is solely responsible for exporting, backing up, or otherwise preserving any data prior to project completion, Organization deletion, or account termination. CSPAutomation provides data export tools within the Service but assumes no liability for data that the Customer fails to export prior to deletion.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete personal data
Deletion: Request deletion of your personal data, subject to legal retention requirements and the terms of Section 7
Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format
Restriction: Request restriction of processing of your personal data in certain circumstances
Objection: Object to processing of your personal data for specific purposes
Withdraw Consent: Withdraw any previously given consent, where processing is based on consent

To exercise any of these rights, contact us at privacy@liteflows.ca. We will respond to verified requests within 30 days or as required by applicable law. We may require identity verification before processing your request.

9. International Data Transfers

As LiteFlows serves customers globally, personal data may be transferred to and processed in jurisdictions outside the Customer's country of residence, subject to the Customer's data residency election and applicable data transfer mechanisms. Where required, CSPAutomation will implement appropriate safeguards (such as standard contractual clauses or equivalent measures) to ensure that transferred data receives adequate protection in accordance with applicable data protection laws.

10. Security Measures

CSPAutomation implements technical, administrative, and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic transmission or storage is 100% secure, and CSPAutomation cannot guarantee absolute security. The Customer acknowledges that:

Security is a shared responsibility between CSPAutomation and the Customer
The Customer is responsible for maintaining the security of its own account credentials, devices, and internal access controls
CSPAutomation shall not be liable for any unauthorized access, data breach, or security incident resulting from the Customer's failure to implement adequate security measures, compromised credentials, or misconfiguration of the Service

11. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in the relevant jurisdiction). CSPAutomation does not knowingly collect personal information from children. If we become aware that personal information from a child has been collected without appropriate consent, we will take immediate steps to delete that information.

12. Third-Party Links & Integrations

The Service may contain links to or integrations with third-party websites, services, or applications. CSPAutomation is not responsible for the privacy practices, content, or security of any third-party service. We encourage you to review the privacy policies of any third-party service before providing personal information.

13. Changes to This Policy

CSPAutomation reserves the right to update this Privacy Policy at any time. Material changes will be communicated by posting the revised Policy on the Service with an updated effective date and, where practicable, by email notification. Your continued use of the Service after the effective date of any revision constitutes acceptance of the revised Policy.

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of Alberta and the federal laws of Canada applicable therein. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts located in Calgary, Alberta, Canada.

15. Contact

For questions, concerns, data access requests, or complaints regarding this Privacy Policy or our data practices:

CSPAutomation Inc. — Privacy Office
Calgary, Alberta, Canada
Email: privacy@liteflows.ca

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.