From First Contact to Lasting Relationships.

Built for HVAC, roofing, plumbing, landscaping, and general contractors.

Privacy Policy

Effective Date: March 15, 2026 | Last Updated: March 15, 2026

Keilani Media Group LLC ("CustomerFlows," "we," "us," or "our") | 30 N Gould St, Sheridan, WY 82801, United States | [email protected]

1. Introduction

CustomerFlows is a revenue operating system for home service businesses. This Privacy Policy describes how Keilani Media Group LLC, doing business as CustomerFlows, collects, uses, stores, shares, and protects your personal information when you visit our website at customerflows.com, use our web application at app.customerflows.com, or interact with any of our services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

This Privacy Policy applies to two categories of individuals:

  • Visitors: People who visit our marketing website, read our content, or use tools such as the ROI Calculator.
  • Customers: Businesses and their authorized users who create an account and use the CustomerFlows platform to manage leads, conversations, pipelines, and related business operations.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, subscribe to a plan, or contact us, we collect:

  • Account information: Name, email address, phone number, business name, business address, and trade type (e.g., HVAC, roofing, plumbing).
  • Billing information: Payment card details and billing address. Payment card information is processed and stored exclusively by our payment processor, Stripe, Inc. We do not store complete card numbers on our servers.
  • Communication content: Messages you send to us via email, contact forms, or support channels.
  • WhatsApp Business configuration: When you connect a phone number to the Service, we collect the phone number and associated WhatsApp Business Account (WABA) identifiers required to send and receive messages on your behalf through the Meta WhatsApp Cloud API.

2.2 Information Generated Through Your Use of the Service

When you use the CustomerFlows platform, the following data is generated and stored:

  • Lead and contact records: Names, phone numbers, email addresses, and other details of the leads and customers that you or your end-customers create within the platform.
  • Conversation data: WhatsApp messages, chatbot interactions, and other communications processed through the unified inbox. These messages are transmitted via the Meta WhatsApp Cloud API and stored within our systems to enable inbox, pipeline, and automation features.
  • Pipeline and deal data: Deal names, values, stages, notes, and associated activities.
  • Automation and workflow data: Rules, triggers, conditions, and execution logs for workflows you create.
  • AI interaction data: Prompts and responses generated when the AI chatbot qualifies leads or assists with conversations. AI features are powered by third-party providers including OpenAI and Anthropic. We send conversation context to these providers to generate responses; see Section 4 for details on how these providers handle data.

2.3 Information Collected Automatically

When you visit our website or use the application, we automatically collect:

  • Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
  • Usage data: Pages viewed, features used, clicks, session duration, referring URL, and interactions within the application.
  • Tracking data: If you arrive at our website via a marketing campaign, we collect campaign attribution data including UTM parameters, Google Click Identifiers (GCLID), and Meta Click Identifiers (FBCLID) to attribute leads to their marketing source.
  • Cookies and similar technologies: See Section 5 for details.

2.4 Information About Your End-Customers

When your end-customers interact with your business through CustomerFlows (for example, by sending a WhatsApp message to your connected business number), the following data is collected and stored within your CustomerFlows account:

  • Phone number and WhatsApp profile name
  • Message content and timestamps
  • Engagement data (e.g., messages read, links clicked)
  • Any information your end-customer voluntarily provides during a chatbot conversation (e.g., name, service type, address, preferred appointment time)

You are the data controller for your end-customer data. We process this data on your behalf as a data processor. You are responsible for ensuring that your collection and use of end-customer data complies with all applicable laws, including obtaining any necessary consents for WhatsApp communication.

3. How We Use Your Information

3.1 To Provide and Operate the Service

  • Creating and managing your account
  • Processing WhatsApp messages and chatbot conversations
  • Displaying leads, contacts, and deals in your CRM pipeline
  • Executing automation workflows you configure
  • Running AI-powered lead qualification and conversation assistance
  • Processing subscription payments and managing billing
  • Providing customer support

3.2 To Improve the Service

  • Analyzing usage patterns to improve features and user experience
  • Identifying and fixing bugs and performance issues
  • Developing new features based on aggregated usage trends
  • Training and improving our AI models using anonymized and aggregated data (we do not use your identifiable business data or your end-customer data to train AI models without your explicit consent)

3.3 To Communicate With You

  • Sending transactional emails (account confirmation, password reset, billing receipts)
  • Sending product updates and feature announcements relevant to your account
  • Responding to your support requests and inquiries
  • Sending marketing communications if you have opted in (you may unsubscribe at any time)

3.4 To Ensure Security and Prevent Fraud

  • Detecting and preventing unauthorized access, fraud, and abuse
  • Enforcing our Terms of Service
  • Complying with legal obligations

3.5 For Marketing Attribution

  • Connecting ad clicks to lead creation and deal outcomes within your account, so you can see which marketing campaigns produce revenue
  • Generating aggregated, anonymized benchmarks for our published research and statistics (no individual business data is ever identifiable in published material)

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Third-Party Service Providers

We use the following third-party services to operate CustomerFlows. Each provider receives only the minimum data necessary to perform its function:

  • Stripe, Inc. (Payment processing): Billing name, email, payment card details, billing address.
  • Meta Platforms, Inc. (WhatsApp Cloud API) (Messaging infrastructure): Phone numbers, message content, delivery status, WABA configuration.
  • OpenAI, Inc. (AI chatbot and lead qualification): Conversation context sent for AI response generation.
  • Anthropic, PBC (AI chatbot and lead qualification): Conversation context sent for AI response generation.
  • Google LLC (Google Analytics) (Website analytics): IP address (anonymized), page views, session data, device info.

Regarding AI providers: When we send conversation data to OpenAI or Anthropic for AI-powered features, we use their API services. Per their API data usage policies, data submitted through the API is not used to train their models. We do not opt into any optional training data sharing programs on your behalf.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If Keilani Media Group LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on our website.

4.4 With Your Consent

We may share your information in other ways if you give us explicit consent to do so.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

  • Strictly Necessary: Authentication, session management, security (e.g., Session ID, CSRF token). Required for the Service to function.
  • Analytics: Understanding how visitors use our website and application (e.g., Google Analytics _ga, _gid). You may opt out.
  • Marketing Attribution: Connecting ad clicks to conversions (e.g., GCLID, FBCLID, UTM parameters stored in first-party cookies). You may opt out.

5.2 Your Cookie Choices

  • Browser settings: Most browsers allow you to block or delete cookies through their settings. Blocking strictly necessary cookies may prevent the Service from functioning correctly.
  • Google Analytics opt-out: You can install the Google Analytics Opt-out Browser Add-on.
  • Do Not Track: We respect "Do Not Track" (DNT) signals sent by your browser. When we detect a DNT signal, we disable non-essential analytics and tracking cookies.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Account data: Retained for the duration of your active subscription plus 90 days after account closure to allow for reactivation or data export.
  • Billing records: Retained for 7 years to comply with tax and accounting obligations.
  • End-customer data within your account: Retained for the duration of your subscription. Upon account closure, this data is permanently deleted within 90 days unless you request earlier deletion.
  • Conversation data (WhatsApp messages): Retained for the duration of your subscription. Messages are stored within our systems to power the inbox, pipeline, and automation features.
  • Website analytics data: Aggregated analytics data is retained indefinitely. Individual session data is retained for 26 months in accordance with Google Analytics defaults.
  • AI interaction logs: Retained for 30 days for debugging and quality assurance, then automatically deleted.
  • Support correspondence: Retained for 2 years after the last interaction.

Upon request, we will delete your personal information within 30 days, subject to any legal retention requirements. See Section 8 for how to submit a deletion request.

7. Data Security

We implement industry-standard technical and organizational measures to protect your information:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Stored data is encrypted at rest using AES-256 encryption.
  • Access control: Employee and contractor access to customer data is restricted on a need-to-know basis and protected by multi-factor authentication.
  • Infrastructure security: Our application is hosted on infrastructure that maintains SOC 2 Type II compliance. Database backups are encrypted and stored in geographically separated locations within the United States.
  • Incident response: We maintain an incident response plan. In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

8.1 All Users

Regardless of your location, you may:

  • Access your data: Request a copy of the personal information we hold about you.
  • Correct your data: Request correction of inaccurate or incomplete information.
  • Delete your data: Request deletion of your personal information, subject to legal retention requirements.
  • Export your data: Request a machine-readable export of your account data.
  • Opt out of marketing emails: Unsubscribe at any time using the link in any marketing email, or by contacting us.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to opt out of sale: We do not sell your personal information. If this changes in the future, we will provide a "Do Not Sell My Personal Information" link.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • Right to correct: You may request that we correct inaccurate personal information.
  • Right to limit use of sensitive personal information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.

To exercise any of these rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

8.3 Residents of Other U.S. States

Several U.S. states have enacted consumer privacy laws that grant residents rights similar to those described above, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and Montana (MCDPA). If you are a resident of any state with an applicable consumer privacy law, you may exercise your rights by contacting us at [email protected].

9. Children's Privacy

CustomerFlows is designed for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a person under 18, please contact us at [email protected] and we will promptly delete it.

10. Third-Party Links

Our website and application may contain links to third-party websites, integrations, and services (e.g., Google Ads, Stripe billing portal, WhatsApp). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with.

11. International Data Transfers

CustomerFlows is operated from the United States and our data is stored within the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this page.
  • We will notify registered users via email at least 14 days before the changes take effect.
  • We will post a prominent notice on our website.

Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about our data practices, contact us at:

Keilani Media Group LLC
d/b/a CustomerFlows
30 N Gould St
Sheridan, WY 82801
United States

Email: [email protected]
Phone: +1 (307) 317-0832

We aim to respond to all privacy inquiries within 10 business days.