Privacy
Policy
Last updated: June 15, 2026
This Comprehensive Privacy Policy is issued in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and adopts international standards for Data Processing Agreements (DPA) for B2B software.
At Flouvia (legally represented by Andre Valle Ortega), we believe transparency is the pillar of B2B trust. This document clearly explains how we protect your data and your company's data when using the CORD platform (cord.flouvia.com).
01 Identity of the Controller
For legal and operational purposes, it is important to distinguish how we interact with data:
- As Data Controller: We act as controllers over the data of you and your team (our direct clients) when creating an account or subscribing.
- As Data Processor: We act as processors over the data of your own clients. We only process this information following your instructions on the platform.
02 Personal Data Collected
We collect information through three main channels:
- Identity Data: Name, email address, and passwords (managed securely via Clerk).
- Tax Data (CFDI 4.0): RFC, Legal Name, Tax Regime, Zip Code, and Digital Seal Certificates (CSD).
- Financial Data: Billing information. Note: CORD does not store credit cards. They are tokenized directly by Stripe, Inc.
- Business Data: Product catalog, price lists, and data of the companies you quote to.
03 Purposes
The collected data is used exclusively for the following essential purposes:
- Generate, store, and send B2B quotes, and process the stamping of electronic invoices.
- Manage the billing of your monthly subscription and calculate excess usage.
- Secure Artificial Intelligence: Process text to build quotes. Flouvia contractually prohibits our providers (e.g. Anthropic) from using your data to train public models.
- Send transactional emails and notifications.
04 Anonymized and Aggregated Data
We may create aggregated, de-identified or anonymized data from the information we collect by removing any identifier that makes the data point to a particular user (such as names or RFCs). We may use such anonymized data for our legitimate business purposes, such as analyzing trends, improving the platform or promoting our business, with the guarantee that such data can never be used to identify you.
05 Cookie Policy
CORD uses cookies and tracking technologies in a minimalist and non-invasive manner. We do not sell your browsing data to third-party advertising networks.
- Strictly Necessary Cookies: Used by Clerk to keep your session active, authenticate your identity, and prevent Cross-Site Request Forgery (CSRF) attacks. Without these cookies, the application cannot function securely.
- Performance and Analytics Cookies: Used via Vercel Analytics to measure page load times, UI errors, and feature adoption. This data is aggregated and completely anonymized.
06 DPA and Sub-processors
By using CORD, you and Flouvia enter into a Data Processing Agreement. You authorize us to process your clients' information using third-party infrastructure. Below is our Official List of Service Providers (Sub-processors), selected under strict global regulatory standards (SOC 2, PCI-DSS):
| Technology Partner | Function in the System |
|---|---|
| Stripe | Processor for payments and recurring subscriptions. |
| Clerk | Authentication and session infrastructure. |
| Neon / AWS | Database hosting (PostgreSQL). |
| Anthropic | Exclusive algorithmic processing for AI. |
| PAC (SAT) | Certification (stamping) of electronic invoices. |
07 International Data Transfers
CORD is operated globally through top-tier cloud providers. By using the Services, you expressly acknowledge and consent that your information (and that of your clients) may be transferred, processed, and hosted on servers located in the United States of America or other countries, whose data protection laws may differ from those of your country of residence. We guarantee that our sub-processors operate under global compliance frameworks such as SOC 2 and comply with international data transfer standards.
08 Business Transfers (M&A)
All data we collect may be transferred to a third party if Flouvia undergoes a merger, acquisition, corporate restructuring, bankruptcy, or other transaction where such third party assumes control of our business (in whole or in part). In such event, we will make reasonable efforts to notify you via the platform or email before your information becomes subject to different privacy and security policies.
09 Retention and Security
We implement administrative and technical security measures (TLS encryption in transit and AES-256 at rest) to protect your data against unauthorized access. Stamped invoices (CFDI) will be kept for the minimum period required by Mexican tax authorities (5 years).
10 Security Breach Protocol
In the unlikely event of a security breach in our infrastructure or that of our sub-processors that compromises the confidentiality of your corporate data, Flouvia will activate its incident response protocol. We commit to notifying the account Administrator within 72 business hours after confirming the breach, detailing the scope of the incident and the mitigation measures taken.
11 Data Portability and Deletion
You are the sole owner of your operational information. If you decide to cancel your subscription, you have the right to request the export of your catalogs and clients in a structured format (CSV/JSON). Once the account is canceled and the mandatory tax retention period has concluded, Flouvia will irreversibly and permanently delete your operational databases from our servers.
12 Minors Privacy
CORD is a B2B software platform designed exclusively for businesses and professionals. We do not knowingly collect or solicit Personal Information from anyone under the age of 18. If we learn that we have collected information from a minor without proper verifiable corporate consent, we will delete that information from our servers as quickly as possible.
13 Privacy Rights
You may exercise your rights of Access, Rectification, Cancellation, or Opposition. Most of these rights can be exercised directly from the Settings panel of your account.
For complex requests, the Administrator must send an email to legal@flouvia.com, detailing the request and attaching an official ID.
14 Changes to the Policy
If we make significant changes, or if we add a new Sub-processor to our official list, we will notify the organization's Administrator via email or through a prominent notice within the CORD application. Your continued use of the Services after such changes will constitute your explicit acceptance of them.