Last Updated: March 2026

At HarmonFlow, we believe that privacy is the foundation of community trust. Because our platform manages sensitive association data—including financial rotations (ROSCAs), voting records, and personal stories—we adhere to a Transparency-by-Design framework.

1. Data We Collect

To maintain the "Flow" of your association, we collect the following:

 Account Information: Name, email, and professional details for Member Directories and Job Boards.

 Financial Metadata: Transaction timestamps and amounts for ROSCAs and donations.

Note: We do not store full credit card numbers; these are handled by PCI-compliant partners (e.g., Stripe).

 Governance Data: Encrypted records of votes cast to ensure auditability without compromising individual ballot privacy (where anonymous voting is enabled).

 Community Content: Text and media uploaded to "Stories," "Chat," and "Job Boards."

2. How We Use Your Data

We use collected information strictly to:

 Automate Financial Cycles: Ensuring ROSCA payouts happen on time and to the correct member.

 Validate Governance: Maintaining a secure "Source of Truth" for board elections and policy changes.

 Enable Connection: Allowing members to discover opportunities on the Job Board and interact via Chat.

 System Optimization: Using anonymized telemetry to ensure our Kubernetes-based infrastructure scales during high-traffic events.

3. Data Sovereignty & Portability

 Your Data, Your Ownership: Harmonflow does not claim ownership of association data.

 The Right to Exit: Associations can export their entire member directory and transaction ledger at any time. We believe in "No-Lock-In" architecture.

 Data Retention: Upon association dissolution, data is purged from our production clusters following a 30-day "Safety Recovery" window.

4. Security & Infrastructure

As a platform built on enterprise-grade cloud standards:

 Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

 Isolation: We utilize namespace isolation within our clusters to ensure one association’s data never leaks into another’s.

 Audit Logs: Every administrative action is logged to provide a transparent trail for association auditors.

5. Third-Party Sharing

We do not sell your data. We only share information with essential service providers:

 Payment Processors: To facilitate ROSCAs and Donations.

 Cloud Providers: To host the infrastructure (AWS/Google Cloud).

 Email/SMS Gateways: To send automated notifications for payouts and voting deadlines.

6. Children’s Privacy

Harmonflow is intended for adult association members and professional organizations. We do not knowingly collect data from individuals under the age of 18.

The "Harmonflow Promise"

"We treat your community's data with the same rigor we apply to mission-critical infrastructure. Privacy isn't a feature; it's the environment in which your association lives."