Last updated: 16 July 2026
This privacy policy applies to the InciFlow mobile application for iOS and Android (the App). The App is published by:
Webmoodz Business Solutions B.V.
Hoofdstraat 43
2678 CE De Lier
The Netherlands
Dutch Chamber of Commerce number: 95668101
Website: https://webmoodz.nl
Email: info@webmoodz.nl
1. Who is InciFlow intended for?
InciFlow is a business application that enables authorised users to receive and manage notifications and to view or change their availability and notification settings.
You cannot create an account in the App. Your account and access rights are provided and managed outside the App by Webmoodz or the organisation with which you are affiliated.
2. Who is responsible for your personal data?
Webmoodz Business Solutions B.V. is responsible for personal data it processes for its own purposes in connection with operating, securing and supporting the App.
When you use InciFlow on behalf of or through an employer, client or other affiliated organisation, that organisation may be responsible for processing your business account data, availability information and notification content. Webmoodz may then process this data as a processor on that organisation's behalf. You may also contact the relevant organisation with questions about that processing.
3. What data do we process?
Depending on how you use the App, the following data is processed:
- Account and authentication data: your email address, password during sign-in, name or username, access token, and the organisation or account with which you are affiliated. The App only transmits your password to authenticate you and does not store it on your device.
- Device and technical data: device name, manufacturer and model, operating system, App version, IP address, language, time zone, network information, push notification token, an internal device UUID, and your notification permission status.
- Notification data: title, content, priority, delivery and receipt information, and whether and when you marked a notification as read.
- Settings and availability: your day and night time windows, selected notification contexts, active status, preferences for regular and critical notifications, and any temporary overrides.
- Usage and security data: information required for session management, troubleshooting, security, and the operation and delivery of push notifications, including App interactions and usage duration that may be automatically recorded by the push service.
The App does not request access to your location, camera, microphone, photos or contacts. InciFlow currently contains no advertising service or separate analytics service.
4. Why do we process this data?
We process this data to:
- allow you to sign in securely and manage your session;
- link your account to the correct device and organisation;
- deliver regular and, where permitted by you, critical push notifications;
- display and update notifications, read statuses, time windows and availability contexts;
- prevent misuse and secure the App and its underlying systems;
- investigate technical issues and provide support;
- comply with legal obligations and establish, exercise or defend legal claims.
Depending on the circumstances, processing is based on the performance of a contract, our legitimate interests and those of the affiliated organisation in providing a secure and reliable business notification service, your choice to allow notifications, or a legal obligation. You can disable notifications at any time in the App or your device settings.
5. Who do we share data with?
We do not sell your personal data or use it for advertising.
To provide the App, data may be processed by:
- the organisation with which you are affiliated, for account management and the business operation of InciFlow;
- OneSignal, Inc., to register the device and deliver and manage push notifications;
- Apple Push Notification service (APNs) on Apple devices and Google Firebase Cloud Messaging (FCM) on Android devices, for the technical delivery of push notifications;
- our hosting, infrastructure and IT service providers, to provide, secure and maintain InciFlow;
- competent authorities or other parties where legally required or necessary to protect our rights.
OneSignal may process a push token, device and App information, IP address, language, time zone, network status, notification status and usage duration. InciFlow links the push registration to an internal device UUID and may provide a username to OneSignal as an alias so that notifications reach the correct user. For more information, see OneSignal's privacy policy.
6. Processing outside the European Economic Area
Some service providers, including OneSignal, are based in or process data from countries outside the European Economic Area, such as the United States. Where required, we use appropriate safeguards, such as a data processing agreement and European Commission-approved Standard Contractual Clauses, or another valid transfer mechanism.
7. How long do we retain data?
We do not retain personal data for longer than necessary for the purposes described above:
- the access token and device UUID remain encrypted on your device until you sign out, your session expires or the App's local data is removed;
- account, device, notification and settings data is retained in the underlying systems while your account is active and afterwards for as long as necessary for security, continuity, legal obligations or arrangements with the affiliated organisation;
- technical log and security data is retained for a limited period appropriate to the purpose for which it was recorded;
- data held by external service providers is deleted or anonymised in accordance with our agreements with those providers and their applicable retention policies.
The exact period may vary where the affiliated organisation determines the retention period or a statutory retention obligation applies.
8. Security
We take appropriate technical and organisational measures to protect personal data. The App transmits data over encrypted HTTPS connections. The access token and internal device UUID are stored in the operating system's secure storage, such as the iOS Keychain or encrypted Android storage. However, no security method can guarantee absolute security.
9. Your choices and rights
You can manage push notifications and critical alerts through the App and your device settings.
Where the General Data Protection Regulation (GDPR) applies, you may request:
- access to your personal data;
- correction of inaccurate data;
- deletion of your data;
- restriction of processing;
- portability of data you provided;
- objection to processing based on a legitimate interest;
- withdrawal of consent, without affecting processing that was lawful before withdrawal.
Send your request to us. We may ask you to verify your identity. Where your organisation is responsible for the relevant processing, we will forward your request or refer you to that organisation.
Because accounts are not created in the App, the current App does not include a self-service account deletion function. You can request deletion using the email address above or through your organisation's administrator. Data that we are legally required to retain may be excluded from deletion.
10. Children
InciFlow is a business application and is not directed at children. We do not knowingly collect children's personal data through the App.
11. Changes
We may update this privacy policy when the App, our practices or applicable laws change. The current version will be published on our website. The date of the latest update is shown at the top.
