Skip to content
V VertaFlow

Privacy Policy

Plain-language version of how we handle your data. Questions reach a human at anthony@designedbyanthony.com.

Who we are

VertaFlow is a customer-relationship-management (CRM) product built and operated by Designed by Anthony, a sole operator based in Rome, New York, United States. This policy covers vertaflow.io (this marketing site), app.vertaflow.io (the CRM application), and api.vertaflow.io (the API).

Questions about your data, or any request below, reach a human directly at anthony@designedbyanthony.com.

What we collect

  • • Account & workspace data — the name, email, and password (hashed) you sign up with, plus the records you put into your CRM (contacts, deals, invoices, appointments, notes). This is YOUR data; we store and process it to run the service for you.
  • • Payment data — handled by Stripe. We never see or store full card numbers; Stripe returns a token and the last four digits / brand for your records. Paid plans bill after your free trial (30 days, or 60 with a card on file).
  • • Usage analytics — first-party, cookieless, privacy-friendly product analytics (our own pixel). No third-party trackers (no Google Analytics, no Meta pixel). You can decline non-essential analytics via the cookie banner.
  • • Support communications — emails and messages you send us, kept so we can respond and track follow-up.

How we use it

  • • Operate the service you signed up for (your CRM workspace, integrations, automations, notifications).
  • • Process payments and send receipts/invoices (via Stripe).
  • • Send transactional email (sign-in links, receipts, account notices) via Resend.
  • • Improve the product with anonymized, aggregate usage analytics (declinable).
  • • Comply with legal, tax, and accounting obligations.

We do NOT sell your data, and we do NOT use your workspace data to train AI models. Any AI features operate on your data only to produce the result you asked for.

Subprocessors

  • • Cloudflare — application hosting, edge delivery, and Turnstile (anti-spam on forms).
  • • Neon — managed Postgres database where your workspace data lives, with per-tenant isolation.
  • • Stripe — payment processing and subscription billing.
  • • Resend — transactional email delivery.
  • • Anthropic — only when you use an AI feature; the relevant content is sent to generate the result. Anthropic does not train models on API inputs.

If you need a Data Processing Agreement (DPA) for a B2B engagement, email anthony@designedbyanthony.com.

Your data is yours

Export all of your data at any time — on day one and after you cancel — as a CSV or a full database dump from Settings → Data. There is no lock-in format and no "contact support to leave" wall.

After you cancel, your workspace stays read-only for 30 days so an export is never a fire drill, then your data is deleted. Reactivate within that window and pick up where you left off.

Your rights

You can access, correct, export, or delete your personal data — email anthony@designedbyanthony.com and we will action it. We serve customers in the United States and Canada; visitors from regions we do not serve are blocked at the edge and no data is collected from them.

Security

  • • All data in transit uses HTTPS / TLS 1.3.
  • • Workspace data is tenant-isolated in Postgres with row-level security; one tenant cannot read another tenant’s rows.
  • • Secrets are managed in a dedicated secrets store; no secret values are committed to source control.
  • • Errors reported to our monitoring are scrubbed of personal information before transmission.

Changes

If this policy changes materially, we will note it on this page and, for account holders, by email. Continued use after an update means you accept the revised policy.

Following VertaFlow?

Public changelog by email. Operator-built, no marketing email factory.