How Upflo AI collects, uses, and protects information when you visit upfloai.com, request a demo, sign up as a client, or receive SMS messages from us.
Upflo AI ("Upflo AI," "we," "us," "our") provides lead-conversion automation for local service businesses — marketing websites, CRM setup on GoHighLevel, missed-call recovery, SMS and email follow-up, review funnels, and paid advertising management.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to upfloai.com and to the services we provide directly to clients.
When you submit a form on a client-branded funnel we build and operate for a client (for example, a quote form on a plumber's site we built), that client is the primary data controller for that submission. Please review that funnel's own privacy notice for how the client handles your information.
Questions about this policy? Email hello@upfloai.com with subject line "Privacy Request."
When you fill out a contact form, request a demo, book a call, reply to an outreach message, or sign up as a client, we collect information you give us directly. This typically includes name, business name, role or job title, email address, phone number, business address and service area, marketing preferences, and — for paid clients — payment details (handled by our payment processor; we do not store full card numbers).
Communications with us — including email, text message, phone calls, support tickets, and survey responses — are also information you provide.
When you visit upfloai.com, we and our hosting and analytics providers receive standard log and device information: IP address, browser type and version, operating system, device type, screen resolution, language preference, time zone, referring URL, pages viewed, links clicked, time spent on each page, and approximate geographic region derived from your IP address (not precise GPS location). This information is collected via server logs, cookies, and similar technologies described in Section 07.
For cold business-to-business outreach to local service-business owners, we may collect business contact information from publicly listed sources such as Google Business Profile, state contractor licensing registries, chamber-of-commerce directories, and other public business directories. We do not source consumer contact information from public records for outreach.
We may also receive information from advertising and analytics partners (for example, Meta and Google), from referrers (clients or partners who introduce you to us), and from our service providers.
We use the information we collect to:
When you provide your phone number to Upflo AI — through our website, contact form, demo request, or in response to outreach — you consent to receive automated SMS text messages from Upflo AI for purposes including:
Message and data rates may apply. Message frequency varies and depends on your engagement with our services.
You may opt out at any time by replying STOP to any message from us. You may request help by replying HELP. Opting out is processed immediately and permanently for marketing-category messages.
We do not sell or share mobile phone numbers or SMS opt-in data with third parties or affiliates for marketing, promotional, or lead generation purposes. Your phone number may be processed by our SMS provider (Telnyx) and CRM provider (GoHighLevel) solely for the purpose of delivering messages to you.
Consent to receive text messages is not a condition of purchasing any goods or services from us. Carriers are not liable for delayed or undelivered messages.
Upflo AI maintains A2P 10DLC brand and campaign registration with The Campaign Registry (TCR) to comply with mobile carrier requirements for business messaging.
For SMS-related questions, contact hello@upfloai.com.
If you provide an email address, we may send you emails related to your account, billing, service updates, support requests, and — where you have opted in — marketing communications about new features, services, case studies, and offers.
Every marketing email contains a clear unsubscribe link allowing you to opt out of future marketing emails. Opt-out requests are honored within ten (10) business days as required by the CAN-SPAM Act. Transactional emails (billing receipts, security alerts, service notifications) are required to deliver the services and cannot be opted out of while you remain a client.
We do not sell personal information. We share it only with the recipients described below.
We rely on a small set of trusted vendors ("subprocessors") to operate Upflo AI. Each receives only the information necessary to perform its function and is contractually obligated to handle it in line with this policy.
Information submitted through a client-branded marketing funnel we operate on a client's behalf is shared with that client so they can follow up with you regarding the services you requested. That client becomes the primary data controller and their privacy policy governs how they handle your information from that point.
We may disclose information to government authorities, courts, law enforcement, or other third parties when we believe in good faith that disclosure is necessary to comply with laws, regulations, legal processes, or government requests; respond to subpoenas or court orders; enforce our Terms of Service or other agreements; protect the rights, property, or safety of Upflo AI, our clients, employees, or the public; or detect, prevent, or address fraud or security issues.
If Upflo AI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred to the acquiring entity. We will notify you of any change in ownership of your personal information, and any new owner will be bound by the terms of this Privacy Policy.
We may share aggregated, anonymized, or de-identified information that cannot reasonably identify you for any purpose, including research, benchmarking, marketing, and analytics.
This subprocessor list may evolve. Material changes are reflected by an updated "Last updated" date at the top of this page.
Cookies are small text files placed on your device when you visit a website. We also use web beacons, tracking pixels, and local storage. The cookies and trackers used on upfloai.com fall into four categories:
Most browsers accept cookies by default. You can configure your browser to refuse cookies or alert you when cookies are being sent. Disabling cookies may affect site functionality. For more information, visit allaboutcookies.org.
To opt out of targeted advertising cookies from specific providers:
For client work, the websites and funnels we build on behalf of our clients may include conversion-tracking pixels configured by the client. Those are subject to the client's own privacy policy, not this one.
We use, or plan to use, Meta Pixel (a JavaScript code snippet) and Meta Conversions API (a server-to-server integration) to measure conversions from our advertisements, optimize ad delivery, and build remarketing audiences. When you visit upfloai.com, Meta Pixel may collect information about pages you view, buttons you click, and forms you submit. This information is sent to Meta and may be associated with your Meta account for advertising purposes.
The Meta Conversions API sends similar information from our own servers directly to Meta, which enables measurement even when cookies are blocked or restricted. Before sending personally identifiable information (such as email addresses or phone numbers) to Meta via the Conversions API, we hash the information using SHA-256.
Meta's handling of this information is governed by its own privacy policy, available at facebook.com/privacy/policy. You can opt out of Meta's use of information for advertising by adjusting your ad preferences in your Facebook or Instagram account settings.
After the applicable retention period expires, we either delete or anonymize the information. If deletion is not technically feasible (for example, where information is stored in backups), we isolate the information and prevent further processing until deletion is possible.
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, and destruction, including:
Despite these efforts, no security measure is perfect and no data transmission or storage method is 100% secure. If we discover a breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law.
For users in the United States, we process personal information in reliance on our legitimate business interests (operating and improving our services, communicating with prospects and clients, securing our infrastructure), on your consent where you have given it, and as necessary to perform our contracts with clients and to comply with legal obligations.
For users in the European Economic Area, the United Kingdom, or Switzerland — if and when our services reach you — processing occurs under one or more of these GDPR bases:
For specific processing activities and their legal basis, contact hello@upfloai.com.
Upflo AI is based in the United States. If you access the site or use our services from outside the United States, your information will be transferred to, stored in, and processed in the United States, where our core operations and most of our subprocessors are located. By using the site or services, you consent to this transfer.
For users in the European Economic Area, the United Kingdom, or Switzerland, the United States is not currently recognized by the European Commission as providing adequate data protection. Where we transfer personal information from these regions to the United States, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. Copies of applicable safeguards may be requested by contacting hello@upfloai.com.
Depending on where you are located and the applicable law, you may have some or all of the following rights with respect to your personal information:
To exercise any of these rights, email hello@upfloai.com with subject line "Privacy Request" describing what you want us to do. We will respond within thirty (30) days, or within the time required by applicable law, whichever is shorter. We may need to verify your identity before fulfilling a request to prevent disclosure to unauthorized parties.
We do not sell personal information, and we do not share it with third parties for cross-context behavioral advertising beyond what is disclosed in Section 06 and Section 08.
California residents have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
In the past twelve (12) months, we have collected the following categories of personal information about California residents:
These categories are collected from the sources described in Section 02 and used for the purposes described in Section 03.
Email hello@upfloai.com with subject line "California Privacy Request" describing your request. We will respond within forty-five (45) days of receipt, with an additional forty-five (45) day extension if reasonably necessary. We may need to verify your identity. You may designate an authorized agent to make a request on your behalf by providing written proof of authorization signed by you.
Upflo AI is a business-to-business service and is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from anyone under sixteen. If you believe a child has provided personal information to us, please contact hello@upfloai.com and we will delete it as soon as possible.
Our site and marketing materials may contain links to third-party websites, applications, and services that we do not operate or control. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policy of any third-party site or service you visit.
We may update this policy from time to time as our services and the legal landscape evolve. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be highlighted near the top of the policy when they are made and, for active clients, communicated by email or in-product notice.
Questions, concerns, or requests about this policy or about how we handle your information can be sent to the address below. We aim to respond within seven (7) business days.