Privacy Policy
Last updated: 30 June 2026
Klaviyo Flow Previews (“the Service”, “we”) is operated by [[LEGAL ENTITY, e.g. Beyond Welcome OÜ]] (“we”, “us”). This policy explains what we collect, why, and your choices. Questions: [[privacy@yourdomain.com]].
What we collect
- Account & organization data — your name, email, and organization membership, provided via our auth provider (Clerk).
- Klaviyo connection — when you connect Klaviyo via OAuth, we store the access/refresh tokens (encrypted at rest) and your Klaviyo account ID and name. We never receive or store your Klaviyo password or raw API keys.
- Email content you render — to generate previews we fetch your flow email templates from Klaviyo and render them to images. Rendered images are stored temporarily (see Retention) and scoped to your organization.
- Usage & logs — basic operational logs (render jobs, errors) for reliability and abuse prevention.
How we use it
Solely to provide the Service: authenticate you, connect to Klaviyo on your behalf, render previews, enforce plan limits, and bill your organization. We do not sell your data or use your email content to train models.
Sub-processors
We rely on: Clerk (authentication), Neon (database), Vercel (hosting, functions, Blob storage), Inngest (job orchestration), and the billing provider (Clerk Billing / Stripe). Klaviyo is the source you connect.
Retention
Rendered preview images are deleted automatically after [[7]] days. Klaviyo tokens are kept until you disconnect or delete the connection. Account data is kept while your account is active; on deletion we remove your organization’s connections and assets.
Security
Klaviyo tokens are encrypted at rest (AES-256-GCM). Access to your organization’s data is isolated per organization and gated by authentication on every request. Preview image URLs are unguessable and expire.
Your rights
You can disconnect Klaviyo, delete your organization’s data, or request export/erasure by emailing [[privacy@yourdomain.com]]. Depending on your location (e.g. EEA/UK) you may have additional GDPR rights.
Changes
We’ll post updates here and adjust the “last updated” date.