ShooflyAI Privacy Policy

Shoofly Intelligence Cloud (SIC)

Effective date: 05/01/2025

Last updated: 05/01/2025

Company: ShooflyAI, LLC (“Shoofly,” “we,” “us,” “our”)

Address: 904 Summit Crossing Way, Cumming, Georgia 30041, United States

Contact: [email protected]

ShooflyAI, LLC is a Georgia-based company providing AI-powered automation platforms and professional services to organizations across multiple industries. Privacy, security, and data ownership are core principles of how we design, build, and operate our services, including the Shoofly Intelligence Cloud (“SIC”).

This Privacy Policy explains how we collect, use, disclose, and protect information when:

  • You visit our websites or interact with our marketing materials
  • You use SIC and any related Shoofly products, applications, APIs, and integrations (collectively, the “Services”)
  • We provide professional services where we access Client systems or data to deliver contracted work

If there is any conflict between this Privacy Policy and a signed agreement with a Client (for example, a Master Services Agreement, Data Processing Addendum, or an education data sharing agreement), the signed agreement controls for that Client relationship.

Quick summary (not a substitute for the full policy)

  • You own your data. Client Data remains the Client’s property.
  • SIC is single-tenant. Each Client gets a dedicated SIC environment isolated from other Clients.
  • No data selling. We do not sell Client Data, and we do not use it for third-party behavioral advertising.
  • AI model controls. We configure third-party AI providers to prevent training on Client Data where technically supported and contractually available, and otherwise rely on alternative deployment methods or explicit written authorization.
  • Exports on request. Clients can request a structured export of their data.
  • Deletion after exit. We delete or de-identify Client Data within a commercially reasonable period after services end, typically 30 days after active deletion, with backups overwritten within 90 days unless otherwise agreed. Subject to backup retention and legal requirements.
  • Security-first operations. Encryption, access controls, monitoring, and least-privilege are standard.

1. Definitions

  • “Client” means an organization that contracts with Shoofly to use SIC or other Services.
  • “End User” means an individual who uses the Services under a Client account (for example, a Client employee, contractor, or authorized user).
  • “Client Data” means information that a Client or its End Users provides to the Services or authorizes us to access so we can deliver the Services.
  • “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual.
  • “SIC” (Shoofly Intelligence Cloud) means Shoofly’s secure, single-tenant application and data environment where we host Client-specific AI agents, workflows, integrations, and related data.
  • “Subprocessor” means a third party engaged by Shoofly to process Client Data on our behalf to deliver the Services.

2. Scope and who this policy applies to

This Privacy Policy applies to:

1. Website visitors and marketing contacts who interact with our public sites, forms, emails, and content.

2. Clients and End Users who use SIC and other Services.

3. Professional services engagements where we implement, configure, or operate workflows on behalf of a Client.

In some engagements, Shoofly may act as:

  • A data controller (or “business”) for our own business operations (for example, running our website, sales, recruiting, billing, and vendor management).
  • A data processor (or “service provider”) when processing Client Data within SIC under a Client’s documented instructions.

3. What we collect

3.1 Information you provide

Depending on how you interact with Shoofly, we may collect:

  • Contact information (name, business email, phone number, company, role)
  • Account information (usernames, authentication identifiers, administrative settings)
  • Communications (support tickets, emails, chat messages, meeting notes)
  • Content and configuration data you upload or connect (documents, knowledge bases, prompts, workflow configurations, integration settings)

3.2 Information we receive from Clients and integrations

When Clients connect systems to SIC (for example, email, calendars, CRMs, ticketing systems, collaboration tools, or databases), we may process:

  • Identity and access data (user lists, roles, and permissions)
  • Business records and operational data relevant to automations
  • Files, messages, or records required to run configured workflows

3.3 Automatically collected information

When you use our websites or Services, we may collect:

  • Device and browser information (browser type, OS, device identifiers)
  • Log and event data (IP address, timestamps, pages visited, feature usage)
  • Security and diagnostic telemetry (authentication events, error logs, performance metrics)

3.4 Sensitive data minimization

Shoofly’s Services generally do not require and are not designed to intentionally collect:

  • Social Security numbers
  • Payment card numbers
  • Full medical or health records

Clients should not provide these categories to SIC unless explicitly required by a written agreement that defines additional safeguards.

3.5 De-identified and aggregated data

We may create de-identified or aggregated data that does not reasonably identify an individual or a specific Client. We use it to improve service reliability, security, and performance.

4. How we use information

We use information for the following purposes:

  • Provide and operate the Services (including SIC hosting, workflow execution, and integrations)
  • Support and customer success (respond to requests, troubleshoot, deliver onboarding and training)
  • Security and fraud prevention (monitor for abuse, investigate anomalies, enforce access controls)
  • Service improvement (reliability, performance tuning, feature development)
  • Billing and administration (invoicing, accounting, contract management)
  • Legal compliance (meet legal obligations, respond to lawful requests)

What we do not do

  • We do not sell Client Data.
  • We do not use Client Data for third-party cross-context behavioral advertising.
  • We do not build marketing profiles from Client Data.

5. SIC architecture and isolation

5.1 Single-tenant SIC

As of this policy’s effective date, SIC is single-tenant:

  • Each Client receives a dedicated SIC environment.
  • Client environments are logically isolated from one another.
  • We do not commingle Client Data at rest across different Clients.

If we introduce additional deployment models in the future, we will maintain strong isolation controls and update this policy and applicable Client agreements as needed.

5.2 Hosting and data location

SIC runs on reputable cloud infrastructure and managed database providers with strong security and compliance programs.

  • We currently architect SIC so that Client Data is stored and processed in United States data centers.
  • We do not intentionally transfer Client Data outside the United States except:
  • as necessary to provide the Services with appropriate safeguards, and
  • where permitted or required by a Client’s agreement or applicable law.

If a Client requires specific data residency commitments, those will be documented in the Client’s contract and will control.

6. AI models and data use

6.1 Shoofly model training

Shoofly does not use identifiable Client Data processed in SIC to train or improve generalized models that are deployed across multiple Clients.

If we ever propose training a model specifically for a Client (for example, a Client-specific fine-tune), we will do so only if documented and permitted in a written agreement with that Client.

6.2 Third-party AI providers

SIC may use third-party AI model providers as part of configured Services.

Where technically supported and contractually available, we configure third-party AI providers so they do not use Client Data sent through SIC to train or improve their generalized foundation models.

If such controls are not technically supported or contractually available, we may rely on alternative deployment methods (including offline or client-isolated models). If Client Data must be processed by a provider without those controls, we will do so only with the Client’s explicit written authorization and as documented in the applicable agreement.

Where such a configuration is not technically possible, we do not route Client Data to that provider unless this is clearly disclosed and expressly permitted under the relevant Client agreement (for example, an explicit opt-in).

7. Cookies and similar technologies

We use cookies, pixels, SDKs, local storage, and similar technologies (collectively, “Cookies”) on our websites and, where applicable, within SIC and the Services. Cookies may be set by Shoofly (first-party cookies) or by our service providers (third-party cookies).

7.1 Cookie categories, purpose, and typical retention

The Cookies we use generally fall into the categories below. We may provide exact names, and retention periods vary by configuration and are made available through our cookie banner or notice, where required.

Category What it does Typical retention Your choices
Strictly necessary Enables core site and Service functionality such as security, authentication, load balancing, and session management Session to short-lived persistent These Cookies are required for the site and Services to function; blocking them may prevent use
Functional / preferences Remembers settings such as language, region, and other preferences Persistent (often weeks to 12 months) You can clear or block these in browser settings; some features may not work as intended
Analytics / performance Helps us understand how the website and Services are used, measure performance, and diagnose issues Persistent (often days to 24 months) Where required, you can opt in or out via cookie banner controls; you can also use browser settings and, where available, provider opt-outs
Marketing (if used) Measures marketing effectiveness and may support campaigns Varies by provider Where required, we will request consent and provide opt-out controls; we do not permit use of SIC Client Data for cross-context behavioral advertising

7.2 Website analytics and marketing

On our public websites, we may use limited analytics to understand website traffic and improve content and performance. If we introduce marketing pixels or similar technologies, we will update this policy and, where required, provide notice and choices.

7.3 SIC and product environments

Within SIC and other product environments, Cookies are used primarily for:

  • Authentication and session management
  • Security and fraud prevention
  • Reliability and performance monitoring
  • Product analytics to improve user experience and service quality for that Client

SIC is not intended to be an advertising platform, and we do not use SIC Client Data for third-party cross-context behavioral advertising.

7.4 Managing your preferences

You can manage Cookies in several ways:

  • Cookie banner and preference center (where required): In certain jurisdictions (for example, the EEA and UK), we provide a cookie banner that allows you to accept or reject non-essential Cookies and change your preferences later.
  • Browser settings: Most browsers let you remove or reject Cookies. Doing so may affect the availability and functionality of the Services.
  • Device controls: Some devices provide controls to limit certain tracking (for example, advertising identifiers). These controls are separate from browser Cookie settings.

7.5 Do Not Track

Some browsers include a “Do Not Track” (DNT) setting. Because there is no industry standard for responding to DNT signals, we do not respond to them uniformly. We will continue to monitor developments in this area and update our practices where appropriate.

8. How we share information

We share information only as needed and with appropriate safeguards:

8.1 Subprocessors and service providers

We engage subprocessors to provide infrastructure, hosting, monitoring, support tooling, and other functions necessary to operate SIC and the Services. Subprocessors are contractually required to:

  • Maintain confidentiality
  • Implement appropriate security measures
  • Use data only to provide services to Shoofly and our Clients

Clients may request our current subprocessor list by contacting [email protected]. Where required by contract, we provide advance notice of material changes.

8.2 Within a Client organization

Client Data may be accessible to authorized users within the Client’s organization based on permissions the Client configures.

8.3 Legal, compliance, and safety

We may disclose information to comply with lawful requests or to protect rights, safety, and property.

Government and law enforcement requests: If we receive a request for Client Data, we will review it for legal validity, limit disclosures to what is legally required, and, where legally permitted, notify the affected Client.

9. Logging, telemetry, and internal analytics

We use logs and telemetry to operate and secure SIC.

  • We aim to minimize sensitive content in logs, focusing on metadata where feasible.
  • We configure systems and practices to avoid logging passwords, authentication secrets, and similar highly sensitive values.
  • Access to logs is restricted to authorized personnel under least-privilege principles.

10. Data ownership, exports, retention, and deletion

10.1 Data ownership

Clients retain ownership of Client Data. Our agreements do not transfer ownership of Client Data to Shoofly.

10.2 Data export

Clients may request a structured export of their data (for example, CSV or JSON) within a commercially reasonable period, consistent with the volume and type of data and agreed security controls.

10.3 Retention

We retain Personal Information and Client Data only as long as necessary to:

  • Provide the Services
  • Comply with legal and accounting obligations
  • Resolve disputes and enforce agreements
  • Meet requirements in a Client contract

10.4 Deletion after termination

Upon contract termination or written instruction, we will delete or irreversibly de-identify Client Data from active systems within a commercially reasonable period, subject to backup retention policies, legal requirements, and contractual obligations.

Default timeline (unless otherwise explicitly agreed in a Client agreement):

  • Active systems deletion: within 30 days
  • Backups overwritten: within 90 days as part of normal overwrite cycles

These timelines may be extended where required by law, to resolve disputes, to enforce agreements, or where a Client’s written instructions or agreement specify different retention or deletion requirements.

11. Security

Shoofly implements administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of Client Data, including:

  • Encryption in transit and at rest
  • Role-based access control and least-privilege access
  • Security monitoring, logging, and alerting
  • Secure development practices and vulnerability management
  • Vendor and subprocessor risk management

No method of transmission or storage is 100 percent secure. We work to continuously improve security controls appropriate to the sensitivity of the data processed.

12. Security incidents

If we become aware of a security incident involving Client Data, we will:

  • Investigate and contain the incident
  • Notify affected Clients without unreasonable delay and consistent with contractual and legal requirements
  • Provide available information on scope, mitigation steps, and recommended actions

13. Business transfers

If ShooflyAI, LLC is involved in a merger, acquisition, reorganization, financing, bankruptcy, dissolution, or sale or transfer of some or all of its business or assets, Personal Information and Client Data may be transferred as part of that transaction. Any such transfer will be subject to appropriate confidentiality, security, and data protection safeguards. Where required by law or contract, we will provide notice to affected Clients.

14. Your privacy rights

Depending on your location and relationship with Shoofly, you may have rights to request:

  • Access to Personal Information
  • Correction of inaccurate Personal Information
  • Deletion of Personal Information, subject to legal and contractual limits
  • Opt-out of marketing communications

If we process your information on behalf of a Client, please direct requests to that Client. We will support Clients in responding to valid requests.

We may need to verify identity and relationship to the Client before fulfilling certain requests.

Additional disclosures for certain jurisdictions

  • California: Shoofly does not “sell” or “share” Personal Information as those terms are defined under the CCPA/CPRA, and we do not share Personal Information for cross-context behavioral advertising.
  • EEA/UK/Switzerland (where applicable): We process Personal Information based on contract necessity, legitimate interests, legal obligations, and consent where required.

15. Education and children’s data (special considerations)

Shoofly does not offer direct-to-consumer services targeted at children.

When we work with schools or education institutions, we may process education records or student data under applicable laws and agreements. In those cases:

  • We process student data only for authorized educational purposes
  • We do not sell student data or use it for behavioral advertising
  • We return or delete student data according to applicable contracts and legal requirements

16. Third-party links

Our websites or Services may include links to third-party sites. This policy does not apply to third-party practices. We encourage you to review their privacy policies.

17. Changes to this policy

We may update this Privacy Policy from time to time. We will:

  • Update the effective date at the top
  • Post the updated policy on our site
  • Provide notice of material changes where appropriate

If a signed Client agreement governs a particular relationship, that agreement controls in the event of a conflict.

Functional / preferences Remembers settings such as language, region, and other preferences Persistent (often weeks to 12 months) You can clear or block these in browser settings; some features may not work as intended

Analytics / performance Helps us understand how the website and Services are used, measure performance, and diagnose issues Persistent (often days to 24 months) Where required, you can opt in or out via cookie banner controls; you can also use browser settings and, where available, provider opt-outs

Marketing (if used) Measures marketing effectiveness and may support campaigns Varies by provider Where required, we will request consent and provide opt-out controls; we do not permit use of SIC Client Data for cross-context behavioral advertising

18. Contact us

If you have questions about this Privacy Policy or our privacy practices, contact:

ShooflyAI, LLC

Attn: Privacy

904 Summit Crossing Way

Cumming, Georgia 30041

United States

[email protected]

[Appendix to Follow]

Appendix A: California Privacy Notice (CCPA/CPRA)

This Appendix applies to California residents to the extent Shoofly processes Personal Information as a controller (“business”) for its own operations (for example, our website, marketing, sales, and account administration). If we process Personal Information on behalf of a Client as a service provider (for example, within SIC), requests should generally be directed to the relevant Client. We will support Clients in responding to valid requests.

A1. Notice at collection

The table below describes the categories of Personal Information we may collect, how we obtain it, why we collect it, and the categories of third parties to whom we may disclose it.

Category (CCPA/CPRA) Examples Sources Business or commercial purposes Disclosed to
Identifiers Name, business email, phone, company, account identifiers, IP address, device identifiers You, your organization, your device/browser Provide the Services, account setup, support, security, and communications Service providers and subprocessors; Clients (as applicable)
Customer records Account settings, support communications, contracts and invoices (where applicable) You, your organization, our systems Account administration, support, billing, compliance Service providers; professional advisors
Commercial information Transaction and billing details related to purchasing Services (not payment card numbers) You, our payment and billing systems (where applicable) Provide paid Services, accounting, tax, and fraud prevention Service providers; payment processors (where applicable)
Internet or network activity Website interactions, product usage, telemetry, error logs Your device/browser, SIC, and product systems Operate and secure Services, performance monitoring, improve reliability, and UX Service providers and subprocessors
Audio or electronic content (where enabled) Calls, messages, transcripts, files, documents, prompts, and configuration data provided to SIC You, your organization, connected integrations Provide requested workflows and automations, support, and troubleshooting Service providers and subprocessors; Clients (as applicable)
Geolocation (approximate) Approximate location derived from IP Your device/browser Security, fraud prevention, analytics (limited) Service providers
Professional or employment-related Job title, role, employer, business contact context You, your organization Sales, account management, support, service delivery Service providers
Inferences (limited) High-level inferences from usage data, such as feature adoption trends (not profiling for ads) Our systems Improve Services, capacity planning, product development Service providers
Sensitive Personal Information (limited) Account access credentials and authentication data You, your organization, our systems Security, authentication, fraud prevention, account access Service providers and subprocessors (as needed for security/hosting

Data minimization: Shoofly’s Services do not require and are not designed to intentionally collect Social Security numbers, payment card numbers, or full medical or health records. Clients should not provide these categories unless expressly required by a written agreement that defines additional safeguards.

A2. Selling or sharing Personal Information

Shoofly does not sell Personal Information. Shoofly also does not share Personal Information for cross-context behavioral advertising.

A3. Retention

We retain Personal Information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the nature of the information, its purpose, and legal or contractual requirements.

A4. Your California privacy rights

Subject to applicable law and verification, California residents may have the right to:

  • Know the categories and specific pieces of Personal Information collected, used, disclosed, and the purposes for such processing
  • Delete Personal Information, subject to exceptions
  • Correct inaccurate Personal Information
  • Opt out of the sale or sharing of Personal Information (not applicable as described above)
  • Limit the use and disclosure of Sensitive Personal Information (to the extent applicable)
  • Non-discrimination for exercising privacy rights

A5. How to submit a request

To submit a request, contact us at [email protected] and include “California Privacy Request” in the subject line. We may need to verify your identity and, where relevant, your relationship to a Client account before responding.

Authorized agents: You may designate an authorized agent to request on your behalf. We may require proof of the agent’s authorization and may also require you to verify your identity directly with us.

A6. Business transfers

If Shoofly is involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or the sale or transfer of all or part of our business or assets, Personal Information may be transferred as part of that transaction, subject to appropriate confidentiality and security safeguards.

SMS/Text Messaging

Consent to Receive Text Messages

By opting in to receive text messages from ShooflyAI, LLC, you consent to receive recurring promotional, marketing, and informational text messages, including messages sent via automated technology. You may opt in through our website chat widget, registration forms, or by texting a keyword to our designated number.

Message Frequency and Rates

Message frequency varies based on your interactions with our services. Message and data rates may apply depending on your mobile carrier and plan. ShooflyAI, LLC is not responsible for any charges incurred from your carrier.

Opting Out

You can opt out of receiving text messages at any time by replying STOP to any message. After opting out, you will receive a one-time confirmation message and will no longer receive text messages from us unless you opt in again. For help, reply HELP or contact us at [email protected].

Data Sharing and Third Parties

We do not sell, rent, or share your phone number or SMS opt-in data with third parties or affiliates for their marketing purposes. Carrier information is not shared with or sold to third parties for promotional purposes. SMS consent is not a condition of purchasing any goods or services from ShooflyAI, LLC.

Types of Messages

Text messages may include:

  • Webinar and event reminders
  • Workshop and coaching enrollment confirmations
  • Promotional offers and announcements
  • Service updates and follow-ups

Contact Information

For questions about our SMS messaging practices, contact us at:
ShooflyAI, LLC
Email: [email protected]
Phone: +1 478-375-8115