Privacy Policy

Last Updated: October 28, 2025

1. Introduction

GatesFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our integrated lifecycle management platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Contact Information:
GatesFlow is owned and operated by DataCover LLC, a Tennessee Limited Liability Company.
Email: privacy@gatesflow.com
Address: 110 Somerville Ave Suite 266, Chattanooga, TN 37405

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, password, organization name, job title, and industry information when you register for an account.
  • Profile Information: Additional information you choose to provide in your user profile.
  • Billing Information: Payment card details, billing address, and related information (processed securely through our payment processor, Stripe).
  • Content and Files: Documents, files, FMEA data, control plans, PPAP documentation, CAD files, financial data, and other content you upload or create within the Services.
  • Communications: Information you provide when you contact us for support, feedback, or inquiries.
  • Survey and Research Data: Information you provide when participating in surveys, user research, or feedback programs.

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Usage Data: Information about how you interact with our Services, including features used, pages viewed, time spent, and actions taken.
  • Device Information: IP address, browser type and version, operating system, device identifiers, and general location data.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy for more details.
  • Log Data: Server logs that include your IP address, access times, browser type, and pages visited.

2.3 Information from Third Parties

  • Authentication Services: If you use Google or Microsoft to log in, we receive basic profile information (name, email, profile picture) from those services.
  • Payment Processors: Payment confirmation and transaction details from Stripe.
  • Integration Partners: If you connect third-party services or ERP systems, we may receive data from those integrations.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Provide and Maintain Services

  • Create and manage your account
  • Deliver the Services and their functionality
  • Process transactions and send transaction notifications
  • Provide customer support and respond to inquiries
  • Store and manage your content and data

3.2 Improve and Develop Services

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Conduct research and development
  • Test and improve our AI and machine learning models
  • Troubleshoot and fix technical issues

3.3 Communication

  • Send service-related notifications and updates
  • Respond to your comments, questions, and requests
  • Send marketing communications (with your consent)
  • Provide information about new features or services

3.4 Security and Legal Compliance

  • Protect against fraud, abuse, and security threats
  • Comply with legal obligations and enforce our terms
  • Resolve disputes and investigate complaints
  • Maintain the security and integrity of our Services

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Services you've requested.
  • Legitimate Interests: Processing for our legitimate business interests (e.g., improving Services, fraud prevention) that don't override your rights.
  • Consent: Where you've given explicit consent (e.g., marketing communications, cookies).
  • Legal Obligation: Processing necessary to comply with legal requirements.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Payment Processing: Stripe (for payment processing)
  • Cloud Infrastructure: Cloud hosting and storage providers
  • Analytics: Service providers that help us understand usage patterns
  • Communication: Email and communication service providers
  • AI Services: Third-party AI and machine learning service providers

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Within Your Organization

If you use our Services as part of an organization account, we may share your information with other authorized users within your organization, including administrators and team members.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal process (subpoena, court order)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5.5 With Your Consent

We may share your information with other parties when you give us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for a reasonable period after account closure to comply with legal obligations.
  • Content and Files: Retained as long as you maintain your account or as required by your subscription plan.
  • Usage Data: Typically retained for 24-36 months for analytics purposes.
  • Backup Data: May be retained in backup systems for up to 90 days after deletion.

You may request deletion of your data at any time by contacting us at privacy@gatesflow.com.

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal information we hold.
  • Correction: Update or correct inaccurate information through your account settings or by contacting us.
  • Deletion: Request deletion of your personal information (subject to legal obligations).
  • Data Portability: Request a copy of your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw Consent: Withdraw consent for processing where we rely on consent.

7.2 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings.

7.3 Cookies

You can control cookies through your browser settings and our cookie consent tool. See our Cookie Policy for more information.

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell personal information)
  • Right to delete personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@gatesflow.com.

7.5 EEA and UK Rights

If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data from the EEA or UK to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

9. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification (for material changes)

Your continued use of the Services after the effective date of the updated policy constitutes acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@gatesflow.com

Subject Line: Privacy Policy Inquiry

Mailing Address:

DataCover LLC (d/b/a GatesFlow)
110 Somerville Ave Suite 266
Chattanooga, TN 37405

We will respond to your inquiry within 30 days (or as required by applicable law).

14. Additional Information

Data Processing for Customer Content

When you use our Services to store and process content (FMEA data, control plans, documents, etc.), we act as a data processor on your behalf. You retain ownership of your content, and we process it solely to provide the Services you've requested. For enterprise customers, we offer a separate Data Processing Agreement (DPA) that provides additional details about our data processing activities.

AI and Machine Learning

We use AI and machine learning technologies to enhance our Services, including features like document analysis, recommendations, and intelligent search. When using these features, your content may be processed by AI models. We do not use your proprietary content to train general AI models that benefit other customers. Your data remains confidential and is used only to provide Services to you.