effi flo

Legal

Privacy Policy

Last updated: February 18, 2026

1. Who we are

This Privacy Policy explains how Effi Flo ("Effi Flo", "we", "us", "our") collects, uses, and protects personal information when you use our website at effiflo.com and our products and services, including Talent Flo, Signal Flo, Deal Flo, and Custom Flo (collectively, the "Services").

Effi Flo is a trading name of Duronto Consulting LLC, registered in Sharjah, United Arab Emirates, with its principal place of business at Sharjah Media City (SHAMS), Al Messaned, Al Bataeh, Sharjah, United Arab Emirates.

If you have any questions about this Privacy Policy, you can contact us at:

Email: hello@effiflo.com

Address: Duronto Consulting LLC, Sharjah Media City (SHAMS), Al Messaned, Al Bataeh, Sharjah, United Arab Emirates

We primarily serve business customers (staffing and recruitment agencies and internal talent acquisition teams) in the United States, Canada, the United Kingdom, the European Union, and the United Arab Emirates.

2. What we collect

We collect information in three main ways: (a) information you provide directly, (b) information we collect automatically, and (c) information we receive from third parties.

2.1 Information you provide to us

When you interact with us, you may provide:

  • Contact details: name, business email, company name, job title, phone number, and any information you submit through forms, chat, or email.
  • Account information: login details, profile information, and preferences where we provide you with an account to access our Services.
  • Billing and payment information: billing address, tax details, and payment-related information (such as last four digits of card, payment tokens, and transaction IDs) processed via our payment providers (for example, Stripe, Wise, or Wio Bank). We do not store full payment card numbers on our own systems.
  • Service usage inputs: campaign settings, templates, lead lists, candidate or contact data, and other configuration data you upload or create when using Talent Flo, Signal Flo, Deal Flo, or Custom Flo.
  • Support and feedback: content of emails, tickets, surveys, testimonials, or feedback you send us.

2.2 Information we collect automatically

When you visit our website or use our Services, we may automatically collect:

  • Technical data: IP address, browser type, device type, operating system, language settings, referring URLs, and approximate location based on IP.
  • Usage data: page views, buttons clicked, features used, timestamps, session duration, and similar analytics data about how you interact with our website and products.
  • Cookie and tracking data: identifiers from cookies, pixels, and similar technologies used for analytics, personalization, and marketing (see "Cookies and similar technologies" below).

2.3 Information from third parties

We may receive information from:

  • Integration partners and tools that you connect to our Services (for example, CRMs, email service providers, Clay, or other recruiting tools), to enable automations and workflows you configure.
  • Marketing and lead generation partners, where allowed by law, including business contact data for people who may be interested in our Services.
  • Publicly available sources, such as business websites or professional profiles, to enrich or verify business contact information in a B2B context.

Where required, we will notify you when we obtain personal data from a third party and tell you the source and categories of data.

3. How we use your information

We use personal information for the following purposes, relying on appropriate legal bases under applicable laws such as GDPR and UK GDPR where relevant.

3.1 To provide and operate our Services

  • Setting up and managing your account.
  • Delivering our Services, including building, running, and optimizing automations and campaigns via Talent Flo, Signal Flo, Deal Flo, and Custom Flo.
  • Processing transactions, subscriptions, and renewals.
  • Providing customer support, troubleshooting, and responding to inquiries.

Legal basis (where applicable): performance of a contract; legitimate interests in operating our business.

3.2 To improve and develop our Services

  • Analyzing how the website and Services are used to improve performance, usability, and features.
  • Testing new features, integrations, and workflows.
  • Monitoring and maintaining security, detecting fraud or abuse, and ensuring system integrity.

Legal basis (where applicable): legitimate interests in improving and securing our Services.

3.3 To communicate with you

  • Sending administrative messages about your account, security alerts, service changes, and policy updates.
  • Sending onboarding guidance, product tips, and usage insights to help you get value from the Services.
  • Responding to communications you send to us.

Legal basis (where applicable): performance of a contract; legitimate interests in keeping you informed; consent where required (for example, for certain types of marketing).

3.4 Marketing and business development

  • Sending you information about new features, case studies, events, and offers that may be relevant to your business.
  • Running retargeting or lookalike campaigns using advertising platforms, where permitted, to reach similar business users.
  • Measuring the effectiveness of our marketing activities.

Legal basis (where applicable): legitimate interests in promoting our Services to business users; consent where required by law (for example, certain email marketing or cookies).

You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us at hello@effiflo.com.

3.5 Legal, compliance, and protection

  • Complying with legal obligations, tax and accounting requirements, and responding to lawful requests from authorities.
  • Enforcing our agreements, including our Terms of Service and Fulfillment Policy.
  • Protecting our rights, privacy, safety, or property, and/or that of our customers or others.

Legal basis (where applicable): compliance with legal obligations; legitimate interests in protecting our business and users.

4. Candidate and contact data processed through our Services

Many of our customers use our Services to manage or contact candidates and other business contacts for recruitment and business development purposes.

When you upload or sync candidate or contact data into our systems, you act as the data controller (or equivalent under applicable law) and we act as your data processor (or equivalent), processing that data on your instructions to provide the Services.

  • You are responsible for ensuring you have a lawful basis (such as consent or legitimate interests) to process candidate and contact data and to use our Services for those purposes.
  • We will not use candidate or contact data you process through the Services for our own independent marketing purposes.
  • If you are a candidate or contact whose information is being processed by one of our customers, please direct any questions about your data rights primarily to that customer, as they control how your data is used; we will support them in responding to your requests where applicable.

5. Cookies and similar technologies

We use cookies and similar technologies on our website and within our products to:

  • Remember your preferences and settings.
  • Keep you logged in and maintain session security.
  • Understand how visitors use our website and Services.
  • Support marketing and retargeting campaigns.

You can typically configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of our website or Services may not function properly.

Where required by law, we will obtain your consent before placing non-essential cookies.

6. How we share your information

We do not sell personal data. We may share information in the following limited circumstances:

6.1 Service providers and subprocessors

We work with trusted third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers.
  • Payment processors (e.g., Stripe, Wise, Wio Bank).
  • Analytics, product usage, and error-tracking tools.
  • Email, CRM, and marketing platforms.
  • Implementation partners and subcontractors who assist in delivering our Services.

These providers are given only the information they need to perform their functions and are contractually required to protect your data and use it only for the specified purpose.

6.2 Integrations and third-party tools you connect

If you choose to connect our Services to third-party tools (for example, your ATS, CRM, email platform, or Clay), we will share data with those tools as necessary to provide the integration you configure. The use of data by those third-party tools is governed by their own privacy policies.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of all or part of our business, your information may be transferred as part of that transaction, subject to standard confidentiality protections and applicable law.

6.4 Legal obligations and protection

We may disclose information if required to do so by law, or if we believe in good faith that such action is reasonably necessary to:

  • Comply with a legal obligation or respond to lawful requests from authorities.
  • Protect the rights, property, or safety of Effi Flo, our customers, or others.
  • Enforce our agreements and policies.

7. International transfers

We may process and store information in countries outside of your own, including in the United States and other locations where we or our service providers operate.

Where we transfer personal data from the United Kingdom or European Economic Area (EEA) to a country that does not have an adequacy decision, we will use appropriate safeguards such as Standard Contractual Clauses or other mechanisms approved under data protection laws.

8. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In general:

  • Account and billing data are kept for the life of your account and for a reasonable period afterward for accounting, legal, and business record purposes.
  • Candidate and contact data processed on behalf of customers are retained according to the customer's settings and instructions; we delete or return such data at the end of our engagement or upon request, subject to legal obligations.
  • Marketing data (such as email subscription details) are kept until you opt out or until we determine they are no longer relevant.

9. How we protect your information

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

These measures include, where appropriate:

  • Using reputable cloud providers with strong security controls.
  • Limiting access to personal data to personnel and partners who need it for legitimate business purposes.
  • Using encryption in transit and at rest where appropriate.
  • Regularly reviewing our security practices and service providers.

However, no method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

10. Your rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

  • Access: Request confirmation of whether we process your personal data and obtain a copy.
  • Rectification: Request that we correct inaccurate or incomplete personal data.
  • Erasure: Request that we delete your personal data in certain circumstances.
  • Restriction: Request that we restrict the processing of your personal data.
  • Objection: Object to processing based on our legitimate interests or to direct marketing.
  • Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format where technically feasible.

If we rely on your consent to process data, you can withdraw that consent at any time, without affecting the lawfulness of processing before consent was withdrawn.

To exercise your rights, please contact us at hello@effiflo.com. We may need to verify your identity before responding to your request and may not be able to fully comply where legal or contractual obligations apply.

If you are in the EEA, UK, or another region with specific data protection laws, you may also have the right to lodge a complaint with your local data protection authority.

11. Children's privacy

Our website and Services are intended for business users and not for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps to remove such information.

12. Third-party websites

Our website and Services may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. When we do, we will revise the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as on our website or by email).

Your continued use of our website or Services after any changes to this Privacy Policy will constitute your acceptance of those changes.

← Back to home