Skip to main content
Neoflo handles financial records, operational data, and business-critical information on behalf of enterprise customers. We treat your data with the same care you would — keeping it encrypted, isolated, and accessible only to those who genuinely need it. This page explains exactly how your data moves through the Neoflo platform, from the moment it enters to the moment it is permanently deleted.

Data Lifecycle

1

Data Ingestion

Data enters Neoflo through one of three channels: direct API integration, secure file transfer, or a native ERP connector (SAP, NetSuite, Dynamics, and others). Regardless of the method, all data is encrypted in transit using TLS 1.2 or higher. Credentials for your ERP systems and third-party APIs are never stored in plaintext — they are placed in a secure vault and referenced only at the time of use.
2

Data Processing

Your data is processed in isolated environments scoped to your organisation. Neoflo’s AI agents operate within this boundary and do not share state or data with other customer environments. AI models used by Neoflo do not train on your data without your explicit, written consent — your business data is yours alone.
3

Data Storage

All stored data is encrypted at rest using AES-256. You choose the region where your data is stored, and Neoflo honours that selection throughout the lifetime of your account. Data is retained only for as long as it is needed to deliver the services you have contracted, or as required by applicable law.
4

Data Deletion

When your contract ends or you submit a deletion request, Neoflo permanently deletes your data from all systems — including backups — within the timeframe specified in your agreement. Deletion certificates are available upon request, giving you documented confirmation that your data has been removed.

Access Controls

Keeping your data private means controlling who can access it — both inside your organisation and within Neoflo.
  • Need-to-know access for Neoflo staff: Only Neoflo employees who require access to deliver your contracted services are granted access to your data. Access is provisioned on a least-privilege basis and reviewed regularly.
  • Full access logging: Every instance of staff access to your data is logged, timestamped, and retained in an auditable record. You can request an access log at any time.
  • Team-level role management: You can configure access roles for your own team members — controlling who can view dashboards, export reports, manage integrations, or administer account settings.

AI and Data Privacy

Neoflo’s platform combines agentic AI with human expertise. We take a clear, principled stance on how AI interacts with your data.
  • Your data never trains shared models: Neoflo’s shared AI models are not trained on your customer data. The outputs produced for your account are not fed back into models that serve other customers.
  • Fine-tuning is account-specific: If Neoflo fine-tunes a model to improve performance on your specific workflows and processes, that model is dedicated to your account. It is not shared with or accessible by other customers.
  • Human oversight remains in place: Neoflo’s model combines AI agents with expert human reviewers. Sensitive decisions are reviewed by qualified staff before outcomes are delivered, ensuring accuracy and accountability.

GDPR Compliance

Neoflo is compliant with the EU General Data Protection Regulation (GDPR). If your organisation processes personal data of EU residents, the following applies:
  • Data Processing Agreements (DPAs): Neoflo provides a standard DPA that documents the roles, responsibilities, and obligations of each party. Contact us to execute a DPA before going live.
  • EU data residency: You can specify that your data is stored and processed within the EU. Neoflo will not transfer your data outside of your specified region without your consent.
  • Data subject rights: Neoflo supports your obligations under GDPR to respond to data subject requests, including access, rectification, erasure, and portability.
To request a Data Processing Agreement (DPA) for GDPR compliance, contact us at hello@neoflo.ai. We recommend executing the DPA before your first data flows are established.

CCPA Compliance

Neoflo is compliant with the California Consumer Privacy Act (CCPA). In this context, Neoflo acts as a service provider to your business — not as a data broker or third party that independently uses your data.
  • No sale of personal data: Neoflo does not sell personal information belonging to your customers or employees. Full stop.
  • Service provider relationship: Under CCPA, Neoflo processes personal data solely on your instructions and for the purpose of delivering contracted services.
  • Consumer rights support: Neoflo can assist you in responding to consumer requests for access, deletion, or opt-out as required under CCPA.