On this page
CloudFlow Connect ("CloudFlow", "we", "us" or "our") is committed to protecting your privacy. This policy explains what personal data we collect through our website at cloudflowconnect.com, why we collect it, how we use and safeguard it, and the choices and rights you have. It applies to visitors to our website and people who contact us. It does not cover the separate processing we carry out for our business customers under their own agreements, where they are the data controller and we act as their processor.
1. Who we are
CloudFlow Connect provides an AI-powered application-processing platform for high-volume recruitment. For the personal data described in this policy, CloudFlow Connect is the data controller. If you would like to reach our team about privacy, please use the contact form on our website.
A note for CloudFlow: before publishing, add your registered company name, company number, registered address and (if you have appointed one) the name and contact details of your Data Protection Officer or UK/EU representative. Regulators expect a clearly identified controller and a contact route; if you operate in the EU/UK, a postal contact is commonly required.
2. Information we collect
Information you give us
When you submit our contact or demo-request form, we collect the details you provide — typically your name, email address, phone number and the contents of your message. You choose what to include in your message.
Information we collect automatically
When you visit the website, we and our analytics providers may automatically collect limited technical and usage information, such as your device and browser type, approximate location derived from your IP address, pages viewed, referring pages, and interactions with the site. Some of this is collected through cookies and similar technologies (see Cookies & analytics), and only where you have consented to non-essential cookies.
3. How we use your information
We use the personal data we collect to:
- respond to your enquiries and demo requests, and follow up with you;
- provide, operate and improve our website and services;
- understand how the site is used so we can improve content and performance;
- protect the website against spam, abuse and security threats; and
- comply with our legal obligations.
We do not sell your personal data, and we do not use it for automated decision-making that produces legal or similarly significant effects about you.
4. Legal bases for processing
Where the UK GDPR and EU GDPR apply, we rely on the following legal bases:
- Consent — for non-essential cookies and analytics, and where you otherwise agree to a specific use. You can withdraw consent at any time.
- Legitimate interests — to respond to enquiries, secure and improve our website, and understand aggregate usage, balanced against your rights.
- Legal obligation — where we must process data to comply with the law.
5. The live demo tool
Our website includes an interactive demo where you can paste a job specification and a résumé to see how CloudFlow extracts requirements and scores a candidate. This demo runs entirely in your browser. The job spec and résumé text you enter are processed locally on your device and are not transmitted to, or stored on, our servers by the demo. If you optionally use the "fetch from URL" feature, your browser requests that URL directly. Please avoid pasting real candidates' personal data into the demo unless you have a lawful basis to do so.
6. Cookies & analytics
We use cookies and similar technologies to make the site work and, with your consent, to measure and improve it. When you first visit, our cookie banner lets you accept or reject non-essential cookies, and we apply your choice through Google Consent Mode. Non-essential analytics do not run unless you accept.
The analytics and security services we use include:
- Google Analytics 4 and Google Tag Manager — to understand website usage;
- Microsoft Clarity — for aggregated usage insights such as heatmaps and session trends;
- Google reCAPTCHA Enterprise — to protect forms from spam and abuse. Your use of reCAPTCHA is subject to Google's privacy policy and terms.
You can also control cookies through your browser settings. Blocking some cookies may affect how the site functions.
7. Third parties & data sharing
We share personal data only with service providers who help us operate the website and respond to you, and only as needed to provide their service to us. These include:
- Amazon Web Services (AWS) — hosting and the secure function that receives contact-form submissions;
- Google — analytics, tag management and reCAPTCHA;
- Microsoft — Clarity analytics.
We may also disclose personal data where required by law, to enforce our terms, or to protect the rights, property or safety of CloudFlow, our users or others. We do not sell personal data.
8. International data transfers
Some of our providers may process data outside your country, including outside the UK or European Economic Area. Where that happens, we rely on appropriate safeguards — such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision — to protect your data.
9. Data retention
We keep personal data only for as long as necessary for the purposes described in this policy. Enquiry and contact details are kept for as long as needed to handle your request and for a reasonable period afterwards for follow-up and record-keeping, then deleted or anonymised. Analytics data is retained according to our providers' settings and our configured retention periods.
10. Your rights
Depending on your location, you may have the right to:
- access the personal data we hold about you;
- ask us to correct inaccurate or incomplete data;
- ask us to delete your data;
- object to, or ask us to restrict, certain processing;
- withdraw consent where we rely on it; and
- request a copy of your data in a portable format.
To exercise any of these rights, please contact us using the contact form. You also have the right to complain to your local data protection authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk.
11. Data security
We use appropriate technical and organisational measures — including encryption in transit, access controls and reputable infrastructure providers — to protect personal data against loss, misuse and unauthorised access. No method of transmission or storage is completely secure, but we work to protect your information and to respond appropriately if an incident occurs.
12. Children's privacy
Our website and services are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide a more prominent notice.
14. How to contact us
If you have questions about this policy or how we handle your personal data, or if you wish to exercise your rights, please reach us through the contact form on our website and we will respond as soon as we can.