ComFlow logoComFlow

ComFlow — Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how People Park Limited Şirketi ("People Park", "we", "us") handles personal data processed through the ComFlow platform and its applications (the "Service").

1. Our Role

ComFlow is a business-to-business service. Each company that creates an account (a "Customer") decides what data it stores in ComFlow and is the controller of its employees' personal data. People Park acts as a data processor and handles that data only to operate the Service and on the Customer's instructions. For data that relates to People Park directly — such as the account owner's contact details — People Park is the controller.

2. Data We Process

  • Account data: name, email address, phone number, profile photo, job title, and the company you belong to.
  • Authentication data: sign-in credentials managed by Firebase Authentication, session tokens, and, where enabled, two-factor authentication settings.
  • Work data: tasks, processes, approval workflows, forms, cases, comments, and file attachments created within your company workspace.
  • Technical data: IP address, device type, operating system, app version, and security and audit logs.

3. Why We Process Data

  • To provide, maintain, and secure the Service.
  • To keep each company's data isolated from every other company.
  • To diagnose errors, prevent abuse, and protect the Service.
  • To comply with our legal obligations.
  • To contact you about account matters and important changes.

We do not sell personal data and we do not use it for advertising.

4. Legal Bases

We process personal data under the KVKK (Türkiye) and the GDPR (EU) on the following bases: performance of a contract, our legitimate interest in running a secure service, compliance with legal obligations, and, where required, explicit consent. Sensitive data is processed only to the extent a Customer's business process requires it.

5. Sharing and Sub-processors

We share data only with service providers that help us run the Service, including Google Firebase and Google Cloud (hosting, database, storage, and authentication), a transactional email provider, an error monitoring provider, and the push notification services of Apple and Google. These providers process data under data processing agreements. We may also disclose data where required by law.

6. Where Data Is Stored

Service data is hosted on Google Cloud infrastructure located in the European Union. Where a sub-processor transfers data outside the EU or Türkiye, the transfer is covered by Standard Contractual Clauses or an equivalent safeguard.

7. Retention and Deletion

We keep personal data only as long as it is needed to provide the Service. When a company account is deleted, all of that company's data — workspaces, users, tasks, processes, forms, attachments, and related records — is permanently and automatically deleted from our systems. Backups are retained for a short period and then expire. Records we are required by law to keep are retained for the period the law requires.

8. Security

Passwords are stored only as salted hashes by Firebase Authentication. All traffic is encrypted with TLS, and data is encrypted at rest. Access is restricted by role-based permissions and strict company-level isolation. Sensitive actions are protected by App Check and, on mobile devices, biometric verification. If a personal data breach occurs, we will notify the relevant authority and affected parties within the time required by law.

9. Your Rights

Under the KVKK and the GDPR you may request access to your personal data, as well as its correction or deletion, restriction of processing, and data portability, and you may object to processing. To exercise these rights, write to info@peoplepark.app. If you are an employee of a Customer, please also contact your company, which controls your data. We respond within 30 days.

10. Children

The Service is intended for business use and is not directed to anyone under the age of 18.

11. Changes

We may update this Privacy Policy from time to time. The current version is always published on this page, and we will notify you of significant changes.

12. Contact

People Park Limited Şirketi — info@peoplepark.app