Privacy Policy

Effective Date: February 28, 2026

StreamFlow AI ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our software-as-a-service platform and related services (collectively, the "Service").

This Privacy Policy is provided in compliance with applicable federal and state laws, including the Florida Information Protection Act of 2014 (Fla. Stat. § 501.171), the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq.), and other applicable data protection regulations.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: When you register for an Account, we collect your name, email address, and authentication credentials.
• Billing Information: When you subscribe to a paid plan, payments are processed through supported manual payment methods (Cash App, Zelle, Venmo, PayPal, Apple Pay, Google Pay, Samsung Pay). We do not store sensitive financial information on our servers.
• Client Data: Resellers may input client information including names, email addresses, phone numbers, subscription details, and payment records.
• IPTV Panel Credentials: If you connect an IPTV panel, we collect and store your panel URL, username, and password. Panel passwords are encrypted at rest using AES-256-GCM encryption.
• Payment Screenshots: If you or your clients submit manual payment confirmations, uploaded screenshots are stored securely in our cloud storage.
• Communications: Any messages, feedback, or correspondence you send to us.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
• Device and Browser Information: We may collect your IP address, browser type, operating system, and device identifiers.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain session state and improve the user experience. You may control cookie preferences through your browser settings.

1.3 Information from Third Parties

• OAuth Providers: When you authenticate through a third-party provider, we receive your name and email address as authorized by you.
• Payment Platforms: Third-party payment platforms (Cash App, Zelle, Venmo, PayPal, etc.) may provide us with transaction confirmation details.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: Including account management, subscription processing, client management, and IPTV panel integration.
• To Process Payments: Including billing, invoicing, and payment verification.
• To Communicate with You: Including sending transactional emails, payment notifications, service updates, and responding to inquiries.
• To Improve the Service: Including analyzing usage patterns, diagnosing technical issues, and developing new features.
• To Ensure Security: Including detecting and preventing fraud, unauthorized access, and other malicious activity.
• To Comply with Legal Obligations: Including responding to lawful requests from governmental authorities and complying with applicable laws and regulations.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

• Resend — Transactional email delivery
• Cloud hosting providers — Data storage and infrastructure

These providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain appropriate security measures.

3.2 Legal Requirements and Law Enforcement

We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, subpoena, court order, or governmental request; (b) protect and defend the rights or property of the Company; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability. You acknowledge and agree that the Company may cooperate fully with law enforcement authorities and may disclose any information about you or your use of the Service in response to a lawful request, and you hold the Company harmless for any such disclosure.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption at Rest: Sensitive credentials (including IPTV panel passwords) are encrypted using AES-256-GCM encryption.
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
• Rate Limiting: Public-facing endpoints are protected by rate limiting to prevent abuse.
• Secure Authentication: Session tokens are signed and transmitted via HttpOnly, Secure cookies.
• Token Expiry: Payment portal tokens automatically expire after 30 days.

Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge and accept this inherent risk as part of your use of the Service.

5. Data Retention

We retain your personal information for as long as your Account is active or as needed to provide you with the Service. Upon termination of your Account, we will retain your information for a reasonable period as necessary to:

• Comply with our legal obligations (including under the Florida Information Protection Act);
• Resolve disputes;
• Enforce our agreements;
• Maintain business records as required by applicable law;
• Cooperate with law enforcement investigations.

You may request deletion of your personal information by contacting us at the address provided below. We will process such requests in accordance with applicable law, subject to our legal retention obligations.

6. Your Rights

6.1 Under the Florida Digital Bill of Rights (FDBR)

If you are a Florida consumer, you may have the following rights under the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq.):

• Right to Know: You have the right to confirm whether we are processing your personal data and to access such data.
• Right to Correct: You have the right to correct inaccuracies in your personal data.
• Right to Delete: You have the right to request deletion of your personal data, subject to certain exceptions.
• Right to Opt Out: You have the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights, please contact us using the information provided in Section 10 below. We will respond to your request within forty-five (45) days, as required by law.

6.2 Under the Florida Information Protection Act (FIPA)

In the event of a data breach involving your personal information, we will notify you in accordance with the requirements of the Florida Information Protection Act (Fla. Stat. § 501.171), including providing notice within thirty (30) days of the determination of the breach. If the breach affects 500 or more individuals, we will also notify the Florida Department of Legal Affairs.

7. Children's Privacy

The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

8. International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email to the address associated with your Account. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the revised terms.

10. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a data security concern, please contact us at:

StreamFlow AI State of Florida, United States Email: [email protected]

11. Florida-Specific Disclosures

In accordance with Florida law:

• We do not sell personal information as defined under the Florida Digital Bill of Rights.
• We do not process personal data for purposes of targeted advertising without consent.
• We maintain reasonable security measures as required by the Florida Information Protection Act (Fla. Stat. § 501.171).
• In the event of a qualifying data breach, we will provide notification in compliance with FIPA requirements, including notification to the Florida Department of Legal Affairs if the breach affects 500 or more individuals.