Tidyflow Tidyflow Logo

Privacy Policy

Last updated February 17, 2026

1. Introduction

Tidyflow provides practice management software for accounting firms and professional service businesses (“Service”).

We respect your privacy and are committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service or visit our website.

2. Our Role

When you create an account with Tidyflow, we act as the data controller for your account information (such as name, email address, and billing details).

When you use Tidyflow to manage your clients, you act as the data controller of your client data. In that context, Tidyflow acts as a data processor, processing such data solely on your behalf and in accordance with your instructions.

3. Information We Collect

We may collect the following categories of information:

Account Information

  • Name
  • Email address
  • Firm name
  • Billing information

Customer Data

Information you upload or manage within the Service, including client names, contact details, documents, and workflow data.

Usage Information

Information about how the Service is accessed and used, such as:

  • Features accessed
  • Pages visited
  • Device and browser type
  • Log data

Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Maintain session functionality
  • Analyze website traffic
  • Measure marketing performance
  • Improve user experience

You can configure your browser to refuse cookies; however, some parts of the Service may not function properly without them.

4. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Provide customer support
  • Improve product performance and usability
  • Monitor system performance and security
  • Communicate service-related updates
  • Measure the effectiveness of our marketing efforts

We do not sell personal information.

5. Data Sharing

We may share personal information:

  • With trusted service providers (sub-processors) who support the operation of the Service
  • To comply with legal obligations
  • To protect our rights, property, or safety
  • In connection with a merger, acquisition, or asset transfer

All service providers are contractually required to safeguard personal information and use it only for authorized purposes.

A list of current sub-processors is available on our Sub-processors page.

6. Data Hosting and International Transfers

Tidyflow primarily operates using cloud infrastructure located in the United States.

If personal data is transferred outside your jurisdiction, we implement appropriate safeguards in accordance with applicable data protection laws.

7. Data Security

We implement technical and organizational measures designed to protect personal information, including:

  • Encryption in transit (TLS)
  • Encryption of sensitive data at rest
  • Role-based access controls
  • Multi-factor authentication support
  • Restricted internal access to production systems
  • Regular system updates and security monitoring

No method of transmission or storage is completely secure, but we maintain safeguards appropriate to the nature of the data processed.

8. Data Retention

We retain account information for as long as your account remains active and as necessary to comply with legal, accounting, or reporting obligations.

Customer data is retained according to our internal retention policies and may be securely deleted upon request, subject to legal requirements.

9. User Rights

Depending on your jurisdiction, you may have the right to:

  • Access personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of personal information
  • Object to or restrict certain processing activities
  • Request transfer of your personal information

To exercise these rights, please contact us using the details below.

Residents of certain jurisdictions, including California, may have additional rights under applicable law.

10. Children's Privacy

The Service is intended for business use and is not directed to individuals under the age of 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page.

12. Contact Information

For privacy-related inquiries, please contact [email protected]