Privacy Policy

Effective Date: February 22, 2026

This Privacy Policy describes how Atomic Bytes LLC ("Atomic Bytes," "we," "us," or "our") collects, uses, and protects information in connection with the StreamFlows service (the "Services"). Capitalized terms not defined herein shall have the meanings ascribed to them in the StreamFlows Terms of Service at https://streamflows.cloud/terms (the "Terms"). This Privacy Policy is hereby incorporated by reference into, and made a part of, the Terms.

Information We Collect:
1. Account Information: Information that You provide when You create or maintain an Account, including Your name, business email address, billing details, and authentication information. Passwords are stored as cryptographic hashes; OAuth tokens and similar authentication credentials are stored encrypted at the application layer. Atomic Bytes does not store passwords in plain text.
2. Service Configuration: Information that You provide to configure the Services, including pipeline configurations, schedules, encrypted authentication information for source and destination connections, and schema metadata describing the data You sync. Service Configuration constitutes a part of "Customer Data" as defined in the Terms.
3. Operational Records: Information generated by the Services in the course of providing the Services, including system logs, run history, error records, performance metrics, and aggregated usage statistics. As set forth in Section 5.3 of the Terms, Atomic Bytes owns Operational Records and uses them solely to provide, support, secure, monitor, and improve the Services.
4. Source and Destination Data: Your source data and destination warehouse data remain in Your own systems (such as Your Amazon Redshift cluster, Klaviyo account, or Google BigQuery dataset). Atomic Bytes processes such data in transit during a sync but does not persistently store it. Retention and security of source and destination data are controlled entirely by You in Your own systems.
How We Use Information: Atomic Bytes uses the information collected through the Services to: (i) provide, operate, and maintain the Services; (ii) process payments and manage Your Subscription; (iii) communicate with You about Your Account, support requests, security alerts, and material changes to the Services; (iv) detect, investigate, and prevent abuse, fraud, or violations of the Terms or the Acceptable Use Policy; (v) comply with legal and regulatory obligations; and (vi) improve the Services, conduct capacity planning, and perform internal analytics, in each case using only aggregated or anonymized Operational Records for the purposes set forth in this clause (vi). Atomic Bytes does not use Customer Data for advertising, machine-learning model training, or any purpose other than providing the Services.
Customer Data: For purposes of applicable data protection laws, You are the data controller and Atomic Bytes is the data processor with respect to Customer Data. You determine the purposes and means of processing; Atomic Bytes processes Customer Data on Your behalf solely as necessary to provide the Services. The boundaries of "Customer Data" are defined in Section 1.3 of the Terms; in particular, Customer Data covers the service configuration, encrypted authentication information, schema metadata, and in-transit sync data that Atomic Bytes holds, and does not imply ownership or control over Your source or destination warehouse data, which You alone own and control in Your own systems. Atomic Bytes shall not, now or in the future, sell Customer Data to any third party, and shall not share Customer Data with any third party except as necessary to provide the Services (as further described in Section 4) or as required by law.
Service Providers and Sub-Processors:
1. Atomic Bytes may share limited information with reputable third-party service providers who help us provide the Services, including cloud hosting providers, payment processors, email providers, and database hosting providers. Such providers shall use the information only to provide services to Atomic Bytes and shall not use it for their own independent purposes. Each such provider shall be bound by contractual obligations consistent with this Privacy Policy and applicable data protection laws. A current list of specific sub-processors shall be made available to customers upon written request to [email protected] or under a Data Processing Addendum (as further described in Section 11).
2. Customer-Instructed Integrations. In the course of providing the Services, Atomic Bytes connects to third-party systems designated and configured by You. Such connections are established using credentials that You provide, and data flows to and from such systems occur at Your direction. Atomic Bytes processes such data in transit solely as necessary to execute the sync operations that You configure. These third-party systems are not sub-processors of Atomic Bytes; they are systems that You independently control.
3. Sub-Processor Changes. Atomic Bytes shall maintain a current list of sub-processors and shall provide at least thirty (30) days' prior written notice to customers who have executed a Data Processing Addendum before engaging a new sub-processor. Such notice shall describe the sub-processor, its processing activities, and the country in which processing will occur. If You object to a new sub-processor on reasonable data protection grounds, You may terminate the affected Services in accordance with the Terms.
Cookies and Similar Technologies:
1. The Services use a minimal set of strictly necessary cookies for session management, authentication, and security. Session cookies are HttpOnly, use the SameSite=Lax attribute, and are transmitted only over HTTPS. Atomic Bytes does not use advertising cookies, third-party tracking pixels, session replay tools, or cross-site behavioral tracking technologies.
2. Third-Party Cookies. When You interact with third-party hosted pages in connection with the Services (such as payment checkout or scheduling pages), such third parties may set cookies on their own domains in accordance with their respective privacy policies. Such cookies are not set by or controlled by Atomic Bytes.
3. Atomic Bytes does not use advertising cookies, session replay services, or any similar third-party analytics or advertising tools. Should the Services introduce any such tools in the future, Atomic Bytes shall update this section and, where required by applicable law, implement a cookie consent mechanism prior to deployment.
4. Do Not Track. The Services do not respond to browser "Do Not Track" signals. Because Atomic Bytes does not engage in cross-site tracking or serve advertising cookies, the practical effect is equivalent to honoring such signals.
Data Retention:
1. Account Information: Atomic Bytes retains Account Information while Your Account is active and for up to seven (7) years after termination, as required for tax and audit purposes (including United States Internal Revenue Service requirements).
2. Service Configuration and Operational Records: Atomic Bytes retains Service Configuration and Operational Records while Your Account is active and for thirty (30) days following termination, after which such information shall be deleted or anonymized. The thirty (30) day window is provided to enable You to request export of Customer Data in accordance with Section 7.7 of the Terms.
3. Source and Destination Data: Your source data and destination warehouse data are not stored by Atomic Bytes; retention of such data is controlled entirely by You in Your own systems.
Security: Atomic Bytes implements commercially reasonable administrative, technical, and physical safeguards designed to protect the information Atomic Bytes collects, including: (i) encryption in transit (TLS 1.2 or higher); (ii) encryption at rest for databases and backups; (iii) application-layer encryption for source and destination authentication credentials before they are written to the database; (iv) access controls and least-privilege principles for Atomic Bytes personnel; and (v) logging and monitoring of access to systems that hold Customer Data. Notwithstanding the foregoing, no method of transmission or storage is one hundred percent (100%) secure, and Atomic Bytes cannot guarantee absolute security.
Data Breach Notification:
1. In the event that Atomic Bytes becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data (a "Security Incident"), Atomic Bytes shall: (i) notify affected customers without undue delay after confirming the Security Incident; (ii) provide sufficient information to enable You to fulfill Your own breach notification obligations under applicable law; (iii) take commercially reasonable steps to contain, investigate, and remediate the Security Incident; and (iv) cooperate with You and any applicable data protection authority in connection with the investigation.
2. Notification under this section shall include, to the extent reasonably available: (a) a description of the nature of the Security Incident, including the categories and approximate number of data subjects and records affected; (b) the likely consequences of the Security Incident; (c) the measures taken or proposed to address the Security Incident; and (d) the contact point from which further information may be obtained.
3. A Security Incident shall not include unsuccessful attempts, including without limitation unsuccessful log-in attempts, pings, port scans, denial-of-service attacks, or other network attacks on firewalls or networked systems.
International Data Transfers: The Services are operated from the United States, and information collected through the Services is processed in the United States. If You or Your Users access or use the Services from outside the United States, Your information may be transferred to, stored in, and processed in the United States, which may have data protection laws that differ from those of Your country of residence. Where such transfer is subject to the General Data Protection Regulation (EU) 2016/679 or the United Kingdom Data Protection Act 2018, Atomic Bytes shall ensure that appropriate safeguards are in place, which may include the European Commission's Standard Contractual Clauses or other transfer mechanisms recognized under applicable law. Such safeguards shall be documented in the Data Processing Addendum available upon request pursuant to Section 11. By using the Services, You acknowledge that Your information may be transferred to, stored in, and processed in the United States as described in this section.
Your Rights:
1. General Rights. Subject to applicable law, You may have certain rights with respect to the personal information that Atomic Bytes holds about You, including: (i) the right to access the information Atomic Bytes holds about You; (ii) the right to correct inaccurate information; (iii) the right to request deletion of Your information, subject to legal and contractual retention requirements; (iv) the right to export Customer Data upon termination, subject to Section 7.7 of the Terms; and (v) the right to opt out of certain processing under applicable law. To exercise any such right, You shall submit a verifiable request to [email protected]. Atomic Bytes shall respond within the time required by applicable law.
2. California. If You are a California resident, the following disclosures apply under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"): (i) You have the right to know the categories and specific pieces of personal information Atomic Bytes has collected about You; (ii) You have the right to request deletion of Your personal information; (iii) You have the right to correct inaccurate personal information; (iv) You have the right to opt out of the sale or sharing of personal information; and (v) You have the right to non-discrimination for exercising any of these rights. Atomic Bytes does not sell personal information. Atomic Bytes does not share personal information for cross-context behavioral advertising. Atomic Bytes does not use or disclose sensitive personal information for purposes other than those permitted under CCPA. Atomic Bytes does not offer financial incentives in exchange for the retention or sale of personal information.
3. Other Jurisdictions. If You are located in a jurisdiction that provides additional data protection rights not described above, Atomic Bytes shall comply with such rights to the extent required by applicable law. You may contact [email protected] to exercise any such rights.
Data Processing Addendum: Atomic Bytes shall provide a Data Processing Addendum upon written request where required by applicable data protection laws (such as the EU General Data Protection Regulation, the United Kingdom Data Protection Act, or the California Consumer Privacy Act). Such request shall be sent to [email protected]. The Data Processing Addendum, when provided, shall include a current list of specific sub-processors.
Children: The Services are not intended for individuals under the age of eighteen (18). Atomic Bytes does not knowingly collect personal information from children. If Atomic Bytes learns that it has collected information from a child, Atomic Bytes shall delete such information promptly.
Business Transactions: In the event that Atomic Bytes is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or substantially all of its assets, or similar transaction, personal information held by Atomic Bytes may be among the assets transferred. Atomic Bytes shall notify You of any such transfer by email or in-product notice and shall ensure that the receiving entity is bound by obligations consistent with this Privacy Policy. You may exercise Your rights under Section 10 at any time before, during, or after such transfer.
Changes to This Privacy Policy: Atomic Bytes may update this Privacy Policy from time to time. When Atomic Bytes makes material changes, Atomic Bytes shall notify You by email or in-product notice and shall update the Effective Date set forth at the top of this Privacy Policy. Continued use of the Services after the effective date of a change shall constitute acceptance of the updated Privacy Policy.
Contact: Questions or requests regarding this Privacy Policy, the processing of Your personal information, or the exercise of data subject rights should be directed in writing to Atomic Bytes LLC, Attn: Privacy, by email to [email protected].