← Home

Privacy Policy

Last updated June 14, 2026

Who we are

Treeflow is an AI tool that helps business owners build quiz funnels, publish them, and collect leads. This policy explains what personal data we handle, why, and the choices you have. If you have any questions, contact us at emails@odune.nl.

Two kinds of data, two roles

Your account data. When you sign up and use Treeflow, we are the data controller for your account and the quizzes you create.

Your quiz respondents’ data. When someone takes a quiz you published and submits their details, you (the quiz owner) are the data controller for those leads. Treeflow acts as a processor on your behalf: we store and deliver that data to you, but it is yours, and you are responsible for how you contact those people and for the consent text shown on your quiz.

Information we collect

  • Account information: your email address, an authentication identifier (and, if you use Google sign-in, the basic profile your provider returns). Passwords are stored only as salted hashes by our authentication provider.
  • Content you create: the quizzes, questions, outcomes, and settings you build, plus any website URL or business description you submit for generation.
  • Lead data your quizzes collect: the name, email, optional phone number, quiz answers, and consent record submitted by your respondents.
  • Usage and analytics events: anonymous, in-product events (for example quiz views, starts, completions) tied to a randomly generated session identifier, and basic acquisition attribution.
  • Billing information: if you subscribe, your payment is handled by Stripe. We do not see or store your card number; we keep a Stripe customer reference and your plan status.

How we use it

  • To provide the service: generate, edit, publish, and host your quizzes.
  • To capture leads and deliver them to you, including by email notification.
  • To process subscriptions and manage your plan.
  • To send essential account and service emails.
  • To measure and improve the product using aggregated, mostly anonymous usage data.
  • To keep the service secure and prevent abuse.

We do not sell your personal data, and we do not use it for third-party advertising.

Service providers we share with

We use a small set of trusted providers to run the service. They process data only to provide their part of it:

  • Supabase: database, authentication, and storage.
  • Vercel: application hosting and delivery.
  • Stripe: subscription payments.
  • Resend: transactional email (such as lead notifications).
  • Anthropic: the AI model that generates your quiz from the website content or description you provide. We do not send your respondents’ lead data to the model.
  • Jina: reads the public website URL you submit so the AI can use it.
  • Google: only if you choose to sign in with Google.

Cookies and local storage

We use cookies and browser local storage that are strictly necessary to run the service: keeping you signed in, remembering a quiz-taker’s session so events are not double counted, saving small preferences, and recording how you first arrived. We do not use third-party advertising or cross-site tracking cookies.

How long we keep data

  • Account and quiz data: for as long as your account is active.
  • Deleted quizzes: moved to a trash for 30 days, then permanently removed along with their leads, unless you restore them first.
  • Lead data: retained until you delete it or close your account.
  • Billing records: kept as required for accounting and legal obligations.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, email us at emails@odune.nl. If you are a quiz respondent and want your data removed, contact the business whose quiz you took, since they control that data; we will support them in honoring your request.

International transfers

Our providers may process data on servers located outside your country, including in the United States. Where required, transfers rely on appropriate safeguards such as standard contractual clauses.

Security

We protect data with encryption in transit, scoped database access controls, and least-privilege practices. No system is perfectly secure, but we work to keep your data safe and to limit who can access it.

Children

Treeflow is not intended for children, and we do not knowingly collect personal data from anyone under 16.

Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will update the date above and, where appropriate, let you know.

Contact

Questions about this policy or your data? Email emails@odune.nl.