Privacy Policy

Last updated 22 March 2026

Overview

This Privacy Policy explains how PalmFlow ("PalmFlow", "we", "us", or "our"), a product of Twin Palm, collects, uses, stores, and shares your personal information when you use our platform at palmflow.app (the "Service"). It also explains your rights and how to exercise them.

We are committed to handling your data responsibly. We collect only what we need, use it only for the purposes described here, and give you meaningful control over it.

By accessing or using PalmFlow, you acknowledge you have read and understood this policy. If you do not agree, please do not use the Service.

Who We Are

PalmFlow is operated by Twin Palm. For the purposes of applicable data protection law, Twin Palm is the data controller responsible for your personal data.

For privacy-related inquiries, you can reach us at: support@palmflow.app

Data We Collect

We collect data in the following categories:

Account Information

  • Name and email address provided during registration
  • Password (stored as a secure, one-way hash — we never store your plaintext password)
  • Business or trading name, if provided
  • Profile preferences and settings

Inventory and Sales Data

  • Item listings, purchase prices, condition notes, and cost records you enter
  • Sales data imported or synced from connected marketplace accounts
  • Shipping records, fees, and profit calculations you create within the platform

Marketplace Connection Data

  • OAuth access tokens and API credentials for platforms you connect (e.g. eBay, Etsy, Amazon, Shopify)
  • Marketplace account identifiers necessary to sync data on your behalf
  • We do not store your marketplace passwords — connections use each platform's official OAuth flow

Usage and Technical Data

  • IP address, browser type, and device information
  • Pages visited, features used, and actions taken within the Service
  • Error reports and performance diagnostics
  • Session timestamps and referral source

Payment Information

  • Billing name, address, and payment method details
  • Payment processing is handled by a third-party provider (e.g. Stripe). We do not store full card numbers or CVV codes on our servers.
  • We retain records of transaction amounts and dates for accounting purposes

Communications

  • Emails you send to us, including support requests
  • Email addresses submitted via our waitlist or subscribe forms

How We Use Your Data

We use your information for the following purposes:

  • Providing the Service — creating and managing your account, syncing marketplace data, and delivering the features you use
  • Billing and Payments — processing subscription payments, issuing invoices, and managing plan changes
  • Communications — sending service updates, security notices, and product announcements (you can opt out of marketing emails at any time)
  • Improving the Service — analyzing usage patterns, fixing bugs, and developing new features
  • Security and Fraud Prevention — detecting and preventing abuse, unauthorized access, and violations of our Terms of Service
  • Legal Compliance — meeting our obligations under applicable law, including responding to lawful requests from authorities

We rely on the following legal bases for processing: contract performance (to deliver the Service you signed up for), legitimate interests (security, fraud prevention, and product improvement), legal obligation, and where required, consent.

Third-Party Services

PalmFlow integrates with third-party marketplace platforms at your direction. When you connect an account, we access only the data necessary to provide the integration, using each platform's official API under their respective terms:

  • eBay — via the eBay Developer Program API License Agreement
  • Etsy — via the Etsy API Terms of Use
  • Amazon — via the Amazon Marketplace Web Service / Selling Partner API terms
  • Shopify — via the Shopify API Terms of Service
  • Depop, StockX, GOAT, Vinted, Poshmark, Mercari — via their respective developer or API agreements

PalmFlow is an independent service and is not affiliated with, endorsed by, or sponsored by any of these platforms. All third-party trademarks remain the property of their respective owners.

We also work with the following categories of sub-processors to operate the Service: cloud infrastructure providers, payment processors, email delivery services, and analytics tools. We maintain data processing agreements with all sub-processors and require them to handle your data in accordance with applicable law.

Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Service Providers — with third-party vendors who process data on our behalf (hosting, payments, email, analytics) under contractual data protection obligations
  • Legal Requirements — when required by law, court order, or governmental authority, or to protect the rights, property, or safety of PalmFlow, our users, or the public
  • Business Transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before this occurs.
  • With Your Consent — in any other circumstances, only with your explicit consent

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it longer by law (for example, financial records which we retain for 7 years).

Waitlist and early-access email addresses are retained until you request removal, you unsubscribe, or we launch the Service — at which point they are migrated to our user system or deleted.

Status-update subscriber addresses are retained until you unsubscribe or request removal. You can unsubscribe at any time at palmflow.app/unsubscribe.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — ask us to restrict processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw Consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email support@palmflow.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is completely secure, however, and we cannot guarantee absolute security.

If you believe your account has been compromised, contact us immediately at support@palmflow.app.

Cookies

We use cookies and similar technologies to operate the Service and understand how it is used. For full details, see our Cookie Policy.

Children's Privacy

PalmFlow is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact

For any privacy questions or to exercise your rights, contact us: