QodFlow is a Kanban-based workflow management platform for service operations teams. It enforces structured stage progression, tracks per-stage SLA deadlines, and gives every job a QR code so clients can see live status without creating an account.

How is QodFlow different from Trello, Asana, or Monday?

Trello, Asana, and Monday are general-purpose project tools — they have no SLA enforcement and no client-facing visibility. QodFlow is purpose-built for service operations: jobs cannot skip stages, SLA deadlines are enforced and visualized in real time, and every job has a QR code for client tracking with no login required.

How does QodFlow compare to Jobber or ServiceTitan?

Jobber and ServiceTitan are vertical tools locked to specific trades (HVAC, plumbing, home services) and start at $69–$349+/month. QodFlow is industry-agnostic, starts free, and gives any service team — repair shops, IT desks, agencies, field ops — the same structured workflow and SLA discipline at a fraction of the cost.

How does QR job tracking work?

Every job generates a unique QR code. When a client scans it, they see live status — which stage the job is in, whether it's on track or overdue — with no login or app required. It works like a package-tracking number for any type of service.

Yes. The free plan includes 3 users, 1 team workspace, and up to 10 active jobs. The job limit can be expanded by referring other teams. Paid plans start at $19/month and include a 30-day free trial.

Which teams use QodFlow?

Service and repair shops, creative agencies, IT service desks, field operations teams, fulfillment operations, and any team that manages recurring work through predictable stages.

What is SLA tracking?

SLA (Service Level Agreement) tracking automatically calculates whether each job is on track, at risk, or overdue based on configurable time limits per stage or globally. It updates in real time without manual input.

Back to QodFlow Terms of Service

Legal

Privacy Policy

Effective: April 14, 2026 · Last updated: April 14, 2026

1. Information We Collect

We collect the following categories of information:

Account Information

Name, email address, and password (hashed with bcrypt — we never store plaintext passwords) when you register.

Payment Information

Billing details are processed and stored exclusively by Stripe. QodFlow does not store, access, or process full credit card numbers, CVVs, expiration dates, or bank account details. We store only a Stripe customer ID and subscription ID for billing management.

User-Generated Content

Jobs, stages, team settings, tags, activity logs, QR code configurations, and other data you create within the Service. You are solely responsible for the content you enter, including ensuring it does not contain sensitive personal data of third parties beyond what is necessary.

Technical and Usage Data

IP address, browser type and version, device information, operating system, referring URLs, pages visited, click patterns, session duration, and timestamps. This data is collected automatically for security, fraud prevention, analytics, and service improvement.

Cookies and Tracking Technologies

We use the following types of cookies:

Essential cookies: Session management, authentication, workspace selection. Required for the Service to function.
Analytics cookies: Google Analytics and Meta Pixel for usage measurement and ad attribution.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

2. How We Use Your Information

To provide, operate, maintain, and improve the Service
To process payments and manage subscriptions via Stripe
To authenticate your identity and manage your account
To send transactional emails (account confirmation, password reset, billing receipts, team invitations)
To measure product usage and improve the Service through analytics
To detect and prevent fraud, abuse, and security threats
To enforce our Terms of Service
To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We do not share your data with data brokers.

3. Third-Party Services and Sub-Processors

We use the following third-party services that may process your data as part of providing the Service:

Service	Purpose	Data Location
Stripe	Payment processing	US
Neon (PostgreSQL)	Database hosting	US-East (AWS)
Vercel	Application hosting & CDN	US / Edge
Resend	Transactional & marketing email delivery	US
Google	OAuth & Analytics	US
Meta	Pixel / ad attribution	US

We are not responsible for the privacy practices or security of these third-party services. We encourage you to review their respective privacy policies.

4. Data Sharing and Disclosure

We may share your information only in these circumstances:

Service providers: With the sub-processors listed above, solely to provide the Service.
Legal compliance: When required by law, subpoena, court order, or governmental request.
Safety: To protect the rights, property, or safety of QodFlow, our users, or the public.
Business transfers: In connection with a merger, acquisition, or sale of assets. You will be notified via email before your data is transferred to a new entity.
With your consent: In any other case, only with your explicit consent.

5. Data Storage and Security

Your data is stored on servers in the United States (AWS infrastructure via Neon and Vercel).
We implement industry-standard security measures including: HTTPS/TLS encryption in transit, bcrypt password hashing, secure JWT session management, and role-based access controls.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for using a strong, unique password and safeguarding your account credentials. We are not responsible for unauthorized access resulting from compromised credentials, shared passwords, or vulnerabilities in your own systems or devices.

6. Data Retention

Active accounts: Data is retained as long as your account is active.
Deleted accounts: All personal data and workspace content is permanently and irreversibly deleted. We cannot recover deleted data.
Billing records: May be retained for up to 7 years to comply with financial and tax regulations.
Server logs: Retained for up to 90 days for security and debugging purposes.
Anonymized data: Aggregated, non-personally-identifiable usage data may be retained indefinitely for analytics and product improvement.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate data via your account settings.
Deletion: Delete your account and all associated data from account settings.
Portability: Request your data in a machine-readable format.
Opt-out of analytics: Disable analytics cookies via your browser settings or a cookie-blocking extension.
Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at support@qodflow.com. We will respond within 30 days (or sooner if required by applicable law).

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (as amended by the CPRA):

Right to know: What personal information we collect, use, and disclose.
Right to delete: Request deletion of your personal information.
Right to opt-out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
Right to non-discrimination: We will not deny you services or charge different prices for exercising your CCPA rights.

To submit a verifiable consumer request, email support@qodflow.com.

9. European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom:

Legal basis: We process your data based on: contract performance (providing the Service), legitimate interest (security, fraud prevention, analytics), and your consent (marketing cookies).
Additional rights: You have the right to restriction of processing, objection to processing, and the right to lodge a complaint with your local supervisory authority.
Data transfers: Your data is transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) where applicable.
Data Processing Agreement: If your organization requires a DPA, contact us at support@qodflow.com.

10. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Service, you consent to this transfer.

11. Children’s Privacy

QodFlow is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with data, please contact us.

12. Data Breach Notification

In the event of a confirmed security incident that affects your personal information, we will notify affected account-owner emails on file without undue delay and in any event within seventy-two (72) hours of confirmation, as required by California Civil Code §1798.82 (CCPA), GDPR Article 33, UK GDPR, and other applicable laws. Where required by law, we will also notify the appropriate regulator within the timeframe that law specifies.

The notification will include: the nature of the incident, the categories and approximate number of data records affected, the steps we are taking to mitigate the incident, and recommended actions for you. We will publish updates on our status page as remediation progresses.

This commitment mirrors and is consistent with QodFlow’s Terms of Service §16 (Data Loss and Backups). In the event of any inconsistency between this Privacy Policy and the Terms of Service on breach notification, the longer protection applies.

13. Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals. We currently do not respond to DNT signals. However, you can opt out of analytics tracking by disabling cookies in your browser settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

15. Contact

For privacy-related questions or to exercise your data rights, contact us at:

QodFlow

5900 Balcones Drive #29311

Austin, TX 78731, USA

Email: support@qodflow.com

QodFlow is operated by DGD OPCO, LLC.