What counts as an execution in OctaviaFlow?

One execution = one workflow run, regardless of how many steps it contains. A 2-step and a 20-step workflow both cost exactly 1 execution. There are no per-row or per-task charges.

What is the Founding Member plan?

The Founding Member plan is ₹499/month (~$6) locked for life — the price never increases as long as you remain subscribed. It includes 30,000 executions/month, unlimited workflows, all connectors including premium, and direct email access to the founder within 24 hours. Only 50 seats are available ever — once full, this tier closes permanently.

How does OctaviaFlow compare to Zapier?

OctaviaFlow's free tier gives 2,000 executions/month — 20× more than Zapier's free tier of 100 tasks. The Founding Member plan at ₹499/mo offers 30,000 executions, while Zapier charges ~₹4,000/mo for equivalent volume. OctaviaFlow also has no per-task or per-row charges.

Is OctaviaFlow GDPR compliant?

Yes. OctaviaFlow is GDPR compliant and SOC 2 Type II certified. Your Customer Data is never sold and is processed only to operate the platform on your behalf. Enterprise customers receive a Data Processing Agreement (DPA) as part of their contract.

Does OctaviaFlow offer self-hosted deployment?

Yes. Self-hosted and private cloud deployment options are available on Enterprise plans. This includes Docker images, Helm charts, and support for air-gapped environments.

Legal

Privacy Policy

Your data belongs to you. We are transparent about what we collect, why we collect it, and how we protect it. OctaviaFlow is GDPR compliant and SOC 2 Type II certified.

Effective Date: March 1, 2026Last Updated: March 1, 2026

01Overview

OctaviaFlow, Inc. (“OctaviaFlow”, “we”, “us”, or “our”) operates the AI-native data integration and workflow automation platform available at *.octaviaflow.com (collectively, the “Platform”). This Privacy Policy describes how we collect, use, store, share, and protect information about you when you access or use our Platform, visit our website, or interact with us.

By using OctaviaFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Platform.

Plain English Summary: We collect only what we need to operate the platform and improve your experience. We do not sell your personal data. Ever. Your workflow data — the data flowing through your pipelines — belongs to you, and we process it only on your behalf.

02Information We Collect

Account & Identity Information

When you create an account or contact us, we collect:

Name and email address
Company name, job title, and team size (optional, for onboarding)
Password (stored as a salted, one-way hash — we never see your plaintext password)
Profile photo (if you choose to upload one)
Billing name and address (for paid plans; credit card details are handled exclusively by Stripe)

Usage & Platform Data

To operate and improve OctaviaFlow, we automatically collect:

Workflow configurations, connector settings, and pipeline metadata
Execution logs, error messages, and run history
Feature usage patterns (which connectors, triggers, and AI features you use)
API request logs, including timestamps and response codes
Browser type, operating system, and device information
IP address and approximate geographic region
Referral source and UTM parameters (to understand how users find us)

Customer Data (Your Pipeline Data)

When you use OctaviaFlow to move data between systems, the data passing through our platform is your Customer Data. This may include records from your databases, CRM, e-commerce platform, or other connected applications. We process Customer Data solely to deliver the service you have configured. We do not analyze, monetize, or share Customer Data for our own purposes.

Customer Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Where you have enabled field-level encryption, sensitive fields are encrypted before processing.

Communications

Support tickets, chat messages, and email correspondence
Survey responses and product feedback
Comments in community forums or documentation (if applicable)

03How We Use Information

We use the information we collect to:

Operate & Deliver the Platform

Authenticate your identity and maintain your account session
Execute your workflows, data pipelines, and scheduled jobs
Deliver real-time notifications and alerts you have configured
Provide AI features including natural language workflow creation, smart data mapping, cost optimization recommendations, and auto-healing
Generate execution logs, usage reports, and billing statements

Improve & Develop the Platform

Analyze aggregate usage patterns to improve product features and UI/UX
Diagnose and resolve technical issues, bugs, and performance problems
Train and improve our AI models using anonymized, aggregated data — never your raw Customer Data
Conduct A/B tests and experiments on new features (you can opt out)

Communicate With You

Send transactional emails: account creation, password resets, billing receipts, workflow failure alerts
Provide customer support and respond to your inquiries
Send product updates, changelogs, and security notices (you may not opt out of security notices)
Send marketing emails about new features, case studies, and promotions (you can unsubscribe at any time)

Legal & Security

Detect, prevent, and respond to fraud, abuse, and security threats
Enforce our Terms & Conditions and other agreements
Comply with applicable laws, regulations, and legal processes
Protect the rights, property, and safety of OctaviaFlow, our users, and the public

05Data Security

Security is not an afterthought at OctaviaFlow — it is a core design principle. We implement the following controls:

Encryption in transit: All data transmitted between your browser, our APIs, and our internal services uses TLS 1.2 or higher
Encryption at rest: All stored data is encrypted with AES-256
Field-level encryption: Connector credentials and sensitive data fields are encrypted with per-tenant keys before storage
Multi-tenant isolation: Each customer's data is logically isolated using tenant-level encryption and network segmentation
SOC 2 Type II: We maintain SOC 2 Type II certification, audited annually by an independent third party
Secrets management: API keys and OAuth tokens are stored in HashiCorp Vault, never in plaintext databases
Access controls: Internal access to production systems is role-based, requires MFA, and is fully audited
Penetration testing: We conduct regular third-party penetration tests and vulnerability assessments
Incident response: We have a documented incident response plan. In the event of a data breach, we will notify affected users within 72 hours as required by GDPR

While we implement industry-leading security practices, no system is completely invulnerable. We encourage you to use a strong, unique password and enable two-factor authentication on your account. Report any suspected security issues to security@octaviaflow.com.

06Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

Account data: Retained for the duration of your account. Deleted within 30 days of account closure upon request
Workflow execution logs: Retained for 90 days on paid plans, 30 days on the Free tier (configurable on Business and Enterprise plans)
Customer Data (pipeline data): We do not store your Customer Data beyond the time needed to execute your workflows. Temporary processing buffers are purged within 24 hours
Billing records: Retained for 7 years as required by accounting regulations
Support communications: Retained for 3 years after the last interaction
Security logs: Retained for 1 year for fraud prevention and security audit purposes

You may request early deletion of your data at any time by contacting privacy@octaviaflow.com. We will fulfill deletion requests within 30 days, except where we are legally required to retain certain records.

07Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Rights Available to All Users

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Data portability: Receive your data in a structured, machine-readable format (JSON or CSV)
Opt-out: Unsubscribe from marketing emails at any time via the link in any email we send

Additional Rights Under GDPR (EEA / UK Users)

Restriction: Request that we restrict processing of your data in certain circumstances
Objection: Object to processing based on legitimate interests or for direct marketing
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing
Lodge a complaint: File a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France)

Additional Rights Under CCPA (California Residents)

Know what personal information is collected about you and for what purpose
Know whether your personal information is sold or disclosed, and to whom
Opt out of the sale of personal information (we do not sell personal data)
Equal service and price regardless of whether you exercise your CCPA rights

To exercise any of these rights, contact us at privacy@octaviaflow.com. We will respond within 30 days. We may need to verify your identity before processing your request.

08Cookies & Tracking

We use cookies and similar technologies to operate and improve the Platform:

Essential Cookies

Required to operate the Platform. These cannot be disabled without breaking core functionality. They include session authentication tokens, CSRF protection tokens, and user preference settings (e.g., timezone).

Analytics Cookies

We use privacy-respecting analytics tools to understand how users interact with OctaviaFlow. Analytics data is aggregated and anonymized. We do not use Google Analytics; we prefer tools that respect user privacy and do not track across websites.

Marketing Cookies

With your consent, we may use cookies to measure the effectiveness of our marketing campaigns. You can opt out via our cookie preference center or by sending a request to privacy@octaviaflow.com.

You can control cookies through your browser settings. Note that disabling all cookies may impair certain Platform features. Most modern browsers provide ways to block, delete, or manage cookies.

09Third-Party Services

OctaviaFlow connects to 600+ third-party applications through our connector library. When you authorize a connection (e.g., Salesforce, Slack, Snowflake), you grant OctaviaFlow API access to that service on your behalf. We store the resulting OAuth tokens or API credentials in encrypted form using HashiCorp Vault.

Third-party services have their own privacy policies and terms of service, which govern how they handle your data independently of OctaviaFlow. We encourage you to review the privacy policies of any third-party applications you connect to our Platform.

We are not responsible for the privacy practices of third-party services. Our AI features — including natural language processing and smart data mapping — may use models hosted by providers such as OpenAI or Anthropic, subject to our data processing agreements with those providers. Metadata and anonymized schema information may be processed by these AI providers to power our AI features, but your raw Customer Data is not sent to AI providers without your explicit configuration.

10Children's Privacy

OctaviaFlow is a business platform intended for use by organizations and professionals aged 18 and older. We do not knowingly collect personal information from children under 16 (or under 13 in the United States). If we discover that we have inadvertently collected information from a child below the applicable age threshold, we will delete that information promptly.

If you believe we have collected information from a minor, please contact us immediately at privacy@octaviaflow.com.

11International Data Transfers

OctaviaFlow operates globally with infrastructure in the United States, European Union (Frankfurt), Singapore, and additional regions. If you are located in the EEA, UK, or Switzerland, your data may be transferred to and processed in countries outside your region, including the United States.

We ensure that all cross-border data transfers comply with applicable law through:

Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers from the EEA to third countries
Data Processing Agreements (DPAs): Executed with all sub-processors and applicable customers
EU-U.S. Data Privacy Framework: Where applicable, we rely on adequacy decisions and approved transfer mechanisms

Enterprise customers may configure their data to remain within a specific geographic region (e.g., EU-only). Contact enterprise@octaviaflow.com to discuss data residency requirements.

12Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

Update the “Last Updated” date at the top of this page
Send an email notification to all registered account holders
Display a prominent notice on the Platform for at least 30 days

For material changes that affect how we use your data, we will seek your renewed consent where required by law. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

13Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact our Privacy Team:

OctaviaFlow Privacy Team

Email: privacy@octaviaflow.com

For security vulnerabilities: security@octaviaflow.com

For enterprise data residency inquiries: enterprise@octaviaflow.com

General inquiries: hello@octaviaflow.com

You may also review our Terms & Conditions and End User License Agreement (EULA) for additional information about your rights and obligations when using OctaviaFlow.