DemandFlow Privacy Policy

Effective Date: 1st January 2024

Last Updated: 1st June 2025

This Privacy Policy explains how TOCLOCO LTD (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use the DemandFlow platform, website, and related services (collectively, the “Service”).

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Service.

---

1. Who We Are

TOCLOCO LTD is the provider and data controller for the DemandFlow Service.

Company Name: TOCLOCO LTD

Product: DemandFlow

Registered Office: 75 Church Rd, Tiptree, Colchester CO5 0HB

Email: mail@tocloco.com

Company Number: 09950859

Jurisdiction: United Kingdom

For users in the United States, TOCLOCO LTD acts as the business responsible for your personal information under applicable state privacy laws (including the California Consumer Privacy Act (“CCPA”), as amended by the CPRA, and similar state laws).

---

2. Information We Collect

We collect information to operate and improve DemandFlow. The types of information we collect include:

a. Information You Provide

• Account details: Name, email address, company name, and job title.
• Login credentials: Username, password, and authentication tokens.
• Billing data: Payment method, billing address, and transaction history.
• Communications: Messages, feedback, or support requests.
• Business data: Information you upload or manage within DemandFlow (e.g., projects, resources, forecasts, and documents).

b. Information Collected Automatically

When you use the Service, we automatically collect:

• Device information: IP address, browser type, device type, operating system.
• Usage data: Pages visited, features used, time spent, and session logs.
• Cookies and tracking technologies: To maintain sessions and improve analytics (see section 10).

c. Information from Third Parties

We may receive data from:

• Your employer or organization (if you use DemandFlow under a business account);
• Cloud or integration partners (e.g. AWS);
• Payment processors and analytics providers.

---

3. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain the Service;
• To authenticate users and manage access;
• To process transactions and billing;
• To respond to support requests and communicate with you;
• To analyze and improve the Service’s performance;
• To detect and prevent fraud, misuse, or security threats;
• To comply with legal obligations or law enforcement requests.

We may also use aggregated or anonymized data for statistical or research purposes.

---

4. Legal Bases for Processing (UK Users)

Under the UK GDPR and Data Protection Act 2018, we process your personal data based on:

• Performance of a contract – to deliver the Service you have subscribed to;
• Legitimate interests – for analytics, improvement, and platform security;
• Consent – where required (e.g., marketing, non-essential cookies);
• Legal obligations – to comply with tax, accounting, or regulatory laws.

---

5. Your Rights

UK / EU Residents

You have the right to:

• Access and receive a copy of your personal data;
• Correct inaccurate or incomplete information;
• Request deletion (“right to be forgotten”);
• Restrict or object to processing;
• Request data portability;
• Withdraw consent at any time (where applicable).

To exercise these rights, contact us at [Insert Contact Email].

US Residents

Depending on your state (including California, Colorado, Virginia, or others), you may have the right to:

• Know what personal information we collect and why;
• Request access to or deletion of your information;
• Request correction of inaccurate data;
• Opt out of the sale or sharing of personal information;
• Limit use of sensitive personal information.

We do not sell personal data and do not share information for cross-context behavioral advertising.

You can exercise your rights by contacting us at [Insert Contact Email] or writing to our address below.

---

6. How We Share Information

We share data only as necessary for business operations, including:

• Service providers (hosting, analytics, payment processing, communications);
• Your organization (if you access the Service under a business account);
• Legal or regulatory authorities where disclosure is required by law;
• Business transfers (e.g., in the event of merger or acquisition).

All third parties are required to handle data securely and lawfully.

---

7. International Data Transfers

Your data may be transferred and processed outside the UK, including the United States and other countries.

Where we transfer personal data internationally, we ensure appropriate safeguards under the UK GDPR, such as Standard Contractual Clauses (SCCs) or equivalent legal protections.

---

8. Data Retention

We retain personal data only for as long as necessary to:

• Provide the Service;
• Fulfil contractual and legal obligations;
• Resolve disputes; and
• Enforce agreements.

When no longer required, data is securely deleted or anonymized.

---

9. Data Security

We use industry-standard technical and organizational measures to protect your data, including:

• Encryption in transit and at rest;
• Role-based access control;
• Regular vulnerability assessments;
• Secure data hosting and backups.

However, no system is completely secure, and you use the Service at your own risk.

---

10. Cookies and Tracking

DemandFlow uses cookies and similar technologies to:

• Enable secure login and authentication;
• Analyze performance and usage;
• Remember user preferences.

You can manage cookies through your browser settings.

Essential cookies are required for the Service to function correctly.

For US users, we honor the Global Privacy Control (GPC) signal for applicable state privacy laws.

---

11. Children’s Privacy

DemandFlow is intended for professional and enterprise users only and is not directed to children under 18.

We do not knowingly collect personal information from minors.

If you believe a child has provided us with data, please contact us for prompt deletion.

---

12. Changes to This Policy

We may update this Privacy Policy from time to time.

Changes will be posted on this page with a new “Last Updated” date.

If material changes are made, we will notify you through the Service or by email where appropriate.

Continued use of the Service after updates constitutes acceptance of the revised Privacy Policy.

---

13. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact:

TOCLOCO LTD

Email: mail@tocloco.com

Address: 75 Church Rd, Tiptree, Colchester CO5 0HB

United Kingdom

For California residents, you may also designate an authorized agent to submit requests on your behalf.

---

End of Privacy Policy