Privacy Notice

InsightFlow by EF Advisory
Last Updated: November 15, 2025

This Privacy Notice explains how EF Advisory ("we," "us," or "our"), a company registered in Poland, collects, uses, and protects your personal information when you use InsightFlow. This notice fulfills our obligations under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. DATA CONTROLLER INFORMATION

EF Advisory acts as:

  • Data Controller for your account, billing, and service usage information
  • Data Processor for business data you upload or connect through integrations

Company: EF Advisory
Registration: Poland
Data Protection Officer: privacy@layer55.com
General Contact: legal@layer55.com

2. CATEGORIES OF PERSONAL DATA

We process the following categories of personal data:

2.1 Account and Registration Data

  • Full name and email address
  • Company name and role
  • Password and authentication credentials
  • Account preferences and settings

2.2 Billing and Payment Data

  • Billing address and contact information
  • Payment method details (processed by third-party payment processors)
  • Transaction history and invoices

2.3 Business and Integration Data

  • Contact information from connected CRM systems (names, emails, phone numbers)
  • Communication data from integrated platforms (email content, interaction history)
  • Business documents and file metadata
  • Sales and pipeline data from business applications

2.4 Technical and Usage Data

  • IP addresses and device information
  • Browser type and operating system
  • Service usage patterns and feature utilization
  • System logs and error reports
  • Cookies and tracking identifiers

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6.1b): To provide InsightFlow services and fulfill contractual obligations
  • Legitimate Interest (Art. 6.1f): To improve our services, ensure security, and conduct business operations
  • Legal Compliance (Art. 6.1c): To comply with tax, accounting, and regulatory requirements
  • Consent (Art. 6.1a): For marketing communications and optional features (where explicitly provided)

4. PURPOSES OF PROCESSING

We process personal data for the following purposes:

  • Providing and maintaining InsightFlow services
  • Processing payments and managing subscriptions
  • Analyzing and improving service functionality
  • Ensuring security and preventing fraud
  • Providing customer support and technical assistance
  • Complying with legal and regulatory obligations
  • Sending important service notifications and updates

5. DATA RETENTION PERIODS

We retain personal data for the following periods:

  • Account Data: Duration of account plus 7 years for tax/legal compliance
  • Business Integration Data: Until account termination plus 30 days for data recovery
  • Payment Records: 10 years for tax and accounting compliance
  • Usage and Technical Logs: 24 months for security and service improvement
  • Backup Data: Automatically deleted within 90 days of primary deletion
  • Marketing Consents: Until withdrawn or 3 years of inactivity

6. DATA STORAGE AND INTERNATIONAL TRANSFERS

6.1 Storage Locations

Your data is primarily stored in secure data centers within the European Union. We use industry-standard encryption for data at rest and in transit.

6.2 International Transfers

If data is transferred outside the EU, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Additional safeguards as required by GDPR Article 46

7. DATA RECIPIENTS AND SHARING

We may share your personal data with the following categories of recipients:

  • Cloud Infrastructure Providers: For hosting, storage, and computing services
  • AI and Analytics Services: For data processing and insight generation
  • Payment Processors: For billing and subscription management
  • Customer Support Tools: For providing technical assistance
  • Legal and Regulatory Authorities: When required by law
  • Business Successors: In case of merger, acquisition, or asset transfer

All third-party processors are bound by strict data processing agreements ensuring GDPR compliance.

8. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request information about processing and copies of your data

9. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, please contact us at privacy@layer55.com with:

  • Clear description of your request and the right you wish to exercise
  • Proof of identity to prevent unauthorized access
  • Account information for verification purposes

We will respond to your request within one month, which may be extended by two additional months for complex requests. Most requests are processed free of charge unless manifestly unfounded or excessive.

10. SECURITY MEASURES

We implement appropriate technical and organizational security measures including:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Multi-factor authentication and access controls
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security practices
  • Incident response procedures and breach notification protocols

11. DATA BREACH PROCEDURES

In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will:

  • Notify relevant data protection authorities within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the nature and consequences of the breach
  • Describe measures taken to address the breach and prevent recurrence

12. AUTOMATED DECISION MAKING AND PROFILING

InsightFlow uses automated processing to generate business insights and recommendations. This processing:

  • Does not involve solely automated decision-making with legal or significant effects
  • Focuses on business data patterns for commercial insights
  • Always allows for human review and intervention
  • Uses anonymized or aggregated data where possible

13. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for:

  • Essential Cookies: Required for basic service functionality (no consent required)
  • Performance Cookies: Service optimization and usage analytics (consent required)
  • Security Cookies: Fraud prevention and account protection

You can manage cookie preferences through your browser settings or our cookie consent manager. For detailed information, see our Cookie Policy.

14. CHILDREN'S PRIVACY

InsightFlow is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that we have collected data from a child under 16, please contact us immediately for removal.

15. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or through our Service at least 30 days before taking effect.

16. CONTACT INFORMATION AND COMPLAINTS

16.1 Our Contact Details

For any privacy-related questions or to exercise your rights:

  • Data Protection Officer: privacy@layer55.com
  • Company: EF Advisory
  • Country: Poland
  • Response Time: Within 1 month of receipt

16.2 Data Protection Authority

If you are unsatisfied with our response, you may lodge a complaint with:

  • Polish Data Protection Authority (UODO)
  • Email: kancelaria@uodo.gov.pl
  • Website: https://uodo.gov.pl
  • Or contact your local EU data protection authority if located in another EU member state.

END OF PRIVACY NOTICE