Privacy Policy
Last updated July 11, 2026
This policy explains what data Compify collects, how and why we use it, who we share it with, how long we keep it, and the choices and rights you have. It applies to compify.dev, app.compify.dev, and the Compify application (together, the “Service”).
1. Who we are
Compify provides a platform for building deterministic AI skills (Kits), connecting third-party tools (Connectors), and chaining them into Workflows. For personal data we handle about you, Compify is the “data controller.” When you run workflows that process data through your own connected accounts, you are the controller of that content and Compify acts as your “data processor.”
Questions or requests about this policy can be sent to privacy@compify.dev.
2. Information we collect
We collect the following categories of data:
- Account data — your name, email address, and organization, collected when you sign up. Authentication is handled by our identity provider (Clerk); if you sign in with Google or another provider, we receive the basic profile and email that provider returns.
- Connector credentials — the OAuth tokens and API keys you grant so Compify can act on your behalf in third-party tools (Gmail, Slack, GitHub, and others). These are encrypted at rest and used only to run the workflows you build.
- Workflow content — the documents, messages, references, and other inputs and outputs that pass through a workflow when it runs.
- Billing data — for paid plans, your subscription tier and billing status. Card and payment details are collected and stored by our payment processor (Stripe); we do not store full card numbers.
- Usage and device data — pages visited, features used, IP address, browser type, and diagnostic logs, used to operate, secure, and improve the Service.
- Cookies — see “Cookies and tracking” below.
3. How we use your information
We use your data to:
- Provide, authenticate, and maintain the Service and your account.
- Execute the workflows you build, including calling connected third-party tools with the credentials you provide.
- Process payments and manage subscriptions.
- Communicate with you about your account, security, and material changes to the Service.
- Monitor, secure, and improve the platform and prevent abuse.
- Comply with legal obligations.
We do not sell your personal data, and we do not use your workflow content, connector data, or credentials to train machine-learning models.
4. Legal bases (GDPR)
Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); your consent (for non-essential cookies and optional communications); our legitimate interests (to secure and improve the Service); and compliance with legal obligations. You can withdraw consent at any time.
5. Workflow content and AI processing
Content you route through a workflow is processed to run that workflow. Some AI features (for example, the skill builder) send the content you provide to our AI processor (Dify) and the underlying model providers it uses, solely to generate the output you requested. This content is not used to train models. You control retention: you can delete Kits, Workflows, and run history at any time, which removes the associated content from active systems.
6. How we share information
We share personal data only as needed to run the Service:
- Subprocessors — vendors that host and operate the Service under contractual data-protection obligations (see next section).
- Third-party tools you connect — when a workflow runs, we send requests to the services you have connected, using your credentials, to perform the actions you configured.
- Legal and safety — when required by law, to enforce our terms, or to protect the rights, property, or safety of Compify, our users, or the public.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.
7. Subprocessors
We use the following categories of subprocessors to deliver the Service. We maintain a current list and will give notice of material changes:
- Clerk — user authentication and session management.
- Stripe — payment processing and subscription billing.
- Dify and its underlying model providers — AI skill and workflow generation.
- Cloud hosting and database infrastructure — running the application and storing data.
- Email delivery — transactional account and security emails.
8. Cookies and tracking
We use strictly necessary cookies to keep you signed in and to secure the Service (set by our authentication provider). We use a limited amount of first-party analytics to understand and improve usage. We do not use third-party advertising cookies. You can control cookies through your browser settings; blocking strictly necessary cookies may break sign-in.
9. Data retention
We keep account data for as long as your account is active and as needed to provide the Service. Connector credentials are retained until you disconnect the account or delete your account. Workflow content and run history are kept until you delete them or close your account. We may retain limited records longer where required for legal, security, or accounting purposes. On account deletion, we remove or de-identify your personal data within a commercially reasonable period, except where retention is legally required.
10. Security
We protect data with encryption in transit (TLS) and at rest. Connector tokens are encrypted at rest with authenticated encryption, access is scoped and least-privilege, and we keep audit logs. No system is perfectly secure, but we work to protect your data with industry-standard safeguards and will notify affected users and regulators of a data breach as required by law.
11. International transfers
We and our subprocessors may process data in countries other than yours. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.
12. Your rights
Depending on where you live, you may have the right to access, correct, export (portability), restrict, or delete your personal data, to object to certain processing, and to withdraw consent. Under the CCPA/CPRA, California residents may request access to and deletion of personal information and may opt out of its “sale” or “sharing” — Compify does not sell or share personal information as those terms are defined. To exercise any right, email privacy@compify.dev; we will respond within the timeframe required by law and will not discriminate against you for exercising a right. You may also lodge a complaint with your local data-protection authority.
13. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact privacy@compify.dev and we will delete it.
14. Changes to this policy
We may update this policy from time to time. We will post the new version here with an updated date and, for material changes, notify you through the Service or by email. Continued use after an update means you accept the revised policy.
15. Contact
Questions, requests, or complaints about privacy? Email privacy@compify.dev. For general support, email support@compify.dev, and for security issues, security@compify.dev.