Privacy Policy
Version PRIVACY-2026.1 · Effective July 11, 2026
MCD FLOW PRIVACY POLICY
Effective Date: JULY 10 2026 Last Updated: JULY 10 2026 MCD CAD CORP, a Florida corporation operating MCD Flow (“MCD Flow,” “MCD CAD CORP,” the “Company,” “we,” “us,” or “our”), respects your privacy and is committed to handling personal information responsibly, transparently, and securely. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when a person:- visits our websites;
- creates or uses an MCD Flow account;
- uses our platform, applications, workspaces, portals, products, services, integrations, or related features;
- communicates with us;
- participates in a trial, demonstration, promotion, survey, or event; or
- interacts with any service that references this Policy.
1. Scope of This Policy
This Policy applies to personal information processed by MCD CAD CORP in connection with MCD Flow. It does not apply to:- third-party websites, applications, or services that maintain their own privacy policies;
- information processed exclusively by our customers outside MCD Flow;
- internal employment practices relating to MCD CAD CORP employees or applicants where a separate privacy notice applies; or
- information that has been anonymized so that it cannot reasonably be linked to an identified or identifiable individual.
2. Our Role in Processing Information
MCD Flow may act as a controller, business, or equivalent entity when we determine the purposes and means of processing personal information. This may occur when we process:- account registration and administration information;
- customer and prospect contact information;
- billing and subscription information;
- communications with our team;
- usage, security, and diagnostic information;
- marketing preferences; and
- information collected through our websites and corporate tools.
- the customer organization determines why and how the information is used;
- MCD Flow processes the information to provide the Service;
- requests concerning that information generally should first be directed to the relevant customer; and
- our processing may also be governed by a Data Processing Addendum.
3. Information We Collect
3.1 Information You Provide
We may collect information you provide directly, including:a. Registration and profile information
- first and last name;
- email address;
- telephone number;
- profile photograph or image;
- job title, professional role, and specialty;
- language and time zone;
- username;
- password stored using cryptographic protection mechanisms;
- account preferences; and
- authentication or verification information.
b. Company and workspace information
- business or legal name;
- business type;
- address;
- country, state, province, region, city, and postal code;
- contact details;
- tax identification information where necessary;
- logos, colors, and branding preferences;
- team members;
- roles and permissions;
- license or professional information; and
- workspace configuration.
c. Client, lead, and contact information
Users may enter information about other individuals, including:- clients;
- leads;
- representatives;
- consultants;
- architects;
- engineers;
- contractors;
- subcontractors;
- vendors;
- workers;
- collaborators; and
- project-related contacts.
d. Project and operational information
Depending on the features used, we may process:- project names and descriptions;
- project addresses and locations;
- plans, drawings, models, photographs, and videos;
- PDF files, technical documents, and specifications;
- budgets, estimates, proposals, and contracts;
- change orders;
- invoices, payments, receipts, and schedules;
- tasks, phases, milestones, and calendars;
- messages, comments, mentions, and observations;
- markups or annotations made on documents;
- material, equipment, labor, and service catalogs;
- vendor and cost information;
- hours worked, timesheets, and operational records;
- licensing, permitting, or inspection information; and
- any other content uploaded to the Service.
e. Payment and subscription information
We may collect:- selected plan;
- billing cycle;
- subscription status;
- payment history;
- currency;
- billing country;
- billing address;
- payment method type and last digits where provided by the payment processor; and
- transaction or payment-platform customer identifiers.
f. Communications and support
We may collect information when you:- request assistance;
- report an issue;
- provide feedback;
- answer a survey;
- request a demonstration;
- participate in training;
- submit a complaint;
- communicate by email, chat, form, telephone, or video conference; or
- otherwise communicate with us.
g. Voluntarily provided information
We may also process any information that you voluntarily choose to provide through the Service. You should avoid placing unnecessarily sensitive information in open-text fields, messages, notes, or documents.3.2 Information Collected Automatically
When you use the Service, we may automatically collect information such as:- IP address;
- browser type and version;
- operating system;
- language;
- internet service provider;
- device identifiers;
- session identifiers;
- device type;
- screen resolution;
- approximate time zone;
- approximate country, region, or city derived from the IP address;
- pages visited;
- links selected;
- features used;
- session date, time, and duration;
- referring and exit pages;
- login activity;
- navigation and interaction events;
- system logs;
- error reports;
- performance and latency information;
- diagnostic information;
- authentication attempts;
- configuration changes;
- administrative actions;
- security-related activity; and
- information needed to prevent fraud, abuse, or unauthorized access.
3.3 Information From Other Sources
We may receive information from:- the company or organization that created or manages your account;
- a workspace administrator;
- other users who invite you or add you to a project;
- authentication providers;
- payment processors;
- integrations authorized by the user;
- implementation or referral partners;
- analytics and security providers;
- lawfully available public records;
- business events;
- professional networks; and
- other sources permitted by applicable law.
4. Cookies and Similar Technologies
4.1 Technologies We May Use
Our websites and the Service may use:- cookies;
- local storage;
- session storage;
- pixels;
- tags;
- SDKs;
- scripts;
- device identifiers;
- server logs;
- tracking links;
- measurement technologies; and
- similar mechanisms.
4.2 Categories of Cookies
We may use the following categories:a. Strictly necessary cookies
These are essential to:- start and maintain sessions;
- authenticate users;
- remember security settings;
- balance server loads;
- prevent fraud;
- protect forms;
- provide requested features; and
- maintain Service stability.
b. Functionality and preference cookies
These cookies may remember:- language;
- time zone;
- interface preferences;
- workspace settings;
- accessibility options; and
- other user selections.
c. Analytics and performance cookies
These technologies may help us understand:- how many people use the Service;
- which pages or features are used most often;
- how users navigate;
- where errors occur;
- how long a feature takes to load; and
- how performance and user experience can be improved.
d. Marketing and advertising cookies
In the future, and where permitted, we may use technologies to:- measure campaigns;
- attribute conversions;
- control advertisement frequency;
- create audiences;
- display relevant advertising;
- conduct remarketing; and
- evaluate advertising performance.
4.3 Consent Management
Where required, we will provide a cookie banner or preference center allowing users to:- accept all optional cookies;
- reject all optional cookies;
- select specific categories;
- review information about providers and purposes; and
- later withdraw or modify consent.
4.4 Browser Controls
You may also limit or delete cookies through your browser settings. Blocking essential cookies, however, may affect login, security, or operation of the Service.4.5 Opt-Out Preference Signals
Where legally required and technically applicable, we may recognize supported opt-out preference signals, such as Global Privacy Control, for requests relating to sale, sharing, or targeted advertising.4.6 Separate Cookie Policy
We may publish a separate Cookie Policy that identifies in greater detail:- each cookie or technology;
- provider;
- purpose;
- category;
- duration;
- domain;
- legal basis; and
- deactivation mechanism.
5. How We Use Information
We may use personal information for the following purposes:5.1 Providing and administering the Service
- creating and administering accounts;
- authenticating users;
- configuring workspaces;
- enabling projects, files, tasks, and communications;
- processing requests;
- maintaining sessions;
- providing support;
- managing plans and subscriptions; and
- delivering contracted features.
5.2 Performing our contracts
We use information where necessary to:- provide the requested Service;
- perform the Terms of Service;
- administer trials or subscriptions;
- issue invoices;
- process payments;
- manage renewals;
- provide support; and
- meet our contractual obligations.
5.3 Security, integrity, and fraud prevention
We may use information to:- verify identities;
- protect accounts;
- detect suspicious activity;
- prevent fraud;
- investigate incidents;
- maintain audit logs;
- control access;
- combat spam, malware, or abuse;
- enforce internal policies; and
- protect MCD Flow’s rights, systems, and users.
5.4 Operational communications
We may send:- account confirmations;
- verification codes;
- access links;
- security alerts;
- project notifications;
- task-related messages;
- invitations;
- billing notices;
- receipts;
- renewal reminders;
- maintenance notices;
- material Service updates; and
- other communications necessary to operate the account.
5.5 Marketing and promotional communications
Where permitted, we may send information about:- features;
- updates;
- products;
- events;
- training;
- educational content;
- promotions; and
- related services.
5.6 SMS messages and telephone calls
We will send promotional SMS messages or make marketing calls only when we have consent or another valid legal basis. Consent to receive marketing communications will not be a condition of purchasing the Service unless a particular communication is necessary to provide a requested feature. Message frequency may vary, and carrier charges may apply. Where supported, you may reply STOP or follow the identified mechanism to unsubscribe. We will not share SMS opt-in consent information with third parties for their own independent marketing.5.7 Analytics, research, and development
We may use information to:- analyze trends;
- measure adoption;
- diagnose errors;
- evaluate performance;
- develop features;
- conduct testing;
- improve user experience;
- produce statistics;
- forecast capacity needs; and
- understand in aggregate how the Service is used.
5.8 Personalization
We may adapt:- language;
- dashboards;
- workflows;
- configuration recommendations;
- help content;
- displayed features;
- in-product messages; and
- overall experience.
5.9 Legal compliance
We may use information to:- comply with legal, tax, and accounting obligations;
- respond to lawful requests;
- manage disputes;
- establish or defend claims;
- enforce agreements;
- protect rights and property; and
- cooperate with authorities where legally required.
6. Legal Bases for Processing
Where applicable law requires us to identify a legal basis, we may process information based on:- performance of a contract or pre-contractual steps;
- compliance with a legal obligation;
- our legitimate interests or those of a third party;
- your consent;
- protection of vital interests; or
- another basis permitted by law.
- operating and improving the Service;
- protecting security;
- preventing fraud;
- providing support;
- managing business relationships;
- conducting reasonable analytics;
- exercising legal rights; and
- communicating relevant information about our products.
7. How We Disclose Information
We do not disclose personal information indiscriminately. We may share it with the following categories of recipients:7.1 Workspace users and administrators
Information may be available to:- owners;
- administrators;
- team members;
- managers;
- assigned professionals;
- clients;
- vendors;
- subcontractors; and
- other authorized participants.
7.2 Service providers
We may use providers for:- hosting and infrastructure;
- storage;
- content delivery;
- transactional email;
- messaging;
- authentication;
- payment processing;
- fraud prevention;
- support;
- performance monitoring;
- analytics;
- backups;
- security;
- error management;
- electronic signatures;
- video conferencing; and
- other business functions.
7.3 User-requested integrations
When you connect MCD Flow to an external service, we may exchange information necessary to enable that integration. Processing performed by the third party after receiving the information will be subject to its own privacy policy. You should review the permissions and privacy practices of an external service before enabling an integration.7.4 Business partners
We may share limited information with implementation partners, distributors, consultants, or other business partners where necessary to:- provide a requested service;
- implement the platform;
- manage a referral;
- administer a joint relationship; or
- comply with an authorized instruction.
7.5 Analytics and advertising
We may permit analytics providers or, in the future, advertising partners to process device or activity information, subject to:- applicable law;
- user preferences;
- consent mechanisms;
- opt-out choices; and
- our contracts with those providers.
7.6 Business reorganizations
Information may be transferred as part of:- a merger;
- acquisition;
- investment;
- financing;
- asset sale;
- reorganization;
- insolvency proceeding; or
- similar business transaction.
7.7 Legal requests and protection of rights
We may disclose information where we reasonably believe it is necessary to:- comply with a law, subpoena, court order, or valid legal process;
- respond to a competent authority;
- investigate fraud or unlawful activity;
- protect a person’s safety;
- protect our rights, property, and systems;
- enforce agreements; or
- prevent harm.
7.8 With your authorization
We may also share information when you request, authorize, or expressly consent to the disclosure.8. Sale, Sharing, and Targeted Advertising
MCD CAD CORP does not currently sell personal information for money as part of the ordinary operation of MCD Flow. Certain laws, however, broadly define “sale” or “sharing” to include disclosing online identifiers or activity to certain analytics or advertising partners. If we implement practices in the future that constitute a sale, sharing, cross-context behavioral advertising, or targeted advertising under applicable law, we will:- update this Policy;
- provide the appropriate notice;
- obtain consent where required;
- provide an opt-out mechanism;
- honor recognized preference signals where applicable; and
- not unlawfully discriminate against a person for exercising their rights.
9. Deidentified, Aggregated, and Pseudonymized Information
We may transform information into:- aggregated data;
- statistical data;
- deidentified information;
- anonymized information; or
- pseudonymized information.
10. Artificial Intelligence and Automated Features
MCD Flow may introduce features assisted by artificial intelligence, automation, or machine learning. Before customer content is used with such features, we may provide additional notices explaining:- what information is processed;
- the purpose of the processing;
- the provider involved;
- whether information is retained;
- whether information is used to train models;
- what controls are available; and
- the feature’s limitations.
11. Data Retention
We retain information for as long as reasonably necessary to:- provide the Service;
- maintain the account;
- perform the contract;
- respond to requests;
- maintain business records;
- comply with tax, accounting, and legal obligations;
- resolve disputes;
- prevent fraud;
- maintain security;
- enforce agreements; and
- establish or defend legal rights.
- the type of information;
- the nature of the Service;
- customer instructions;
- account duration;
- legal obligations;
- limitation periods;
- risk of harm; and
- technical deletion feasibility.
- delete it;
- anonymize it;
- aggregate it; or
- isolate it from further use until secure deletion is possible.
12. Information Security
We use administrative, technical, and organizational safeguards designed to protect information, which may include:- access controls;
- authentication;
- logical workspace separation;
- role-based permissions;
- encryption in transit;
- encryption or protection of certain stored information;
- activity logs;
- backups;
- monitoring;
- vulnerability management;
- vendor controls;
- incident-response procedures; and
- internal training.
- using strong passwords;
- protecting their credentials;
- enabling additional security mechanisms where available;
- keeping devices updated;
- properly limiting permissions; and
- immediately notifying us of unauthorized use.
13. International Transfers
MCD CAD CORP is established in the United States and may use providers located in the United States and other countries. Information may therefore be processed or stored outside your country of residence, where data-protection rules may differ. Where required, we will use appropriate international-transfer mechanisms, such as:- approved contractual clauses;
- data processing agreements;
- adequacy decisions;
- recognized certifications;
- valid consent;
- legal derogations; or
- other permitted mechanisms.
14. Your Rights and Choices
Depending on your location and relationship with us, you may have the right to:- know whether we process your information;
- request access;
- obtain a copy;
- request correction;
- request deletion;
- restrict or object to processing;
- request portability;
- withdraw consent;
- opt out of direct marketing;
- opt out of sale or sharing;
- opt out of targeted advertising;
- limit certain uses of sensitive information;
- learn the categories of information collected;
- learn the categories of sources;
- learn the purposes of processing;
- learn the categories of recipients;
- avoid certain solely automated decisions;
- lodge a complaint with a data-protection authority; and
- not receive unlawful discriminatory treatment for exercising a right.
14.1 Submitting a request
You may submit a request through:- email: [PRIVACY@MCDFLOW.COM];
- privacy request form: [FORM LINK]; or
- any mechanism made available through account settings.
14.2 Verification
We may request reasonable information to verify:- your identity;
- your authority to act for another person; and
- your relationship with an account or workspace.
14.3 Authorized agents
Where permitted, you may use an authorized agent. We may request evidence of authorization and may verify your identity directly.14.4 Customer-controlled information
Where MCD Flow processes information on behalf of a customer organization, we will forward or direct the request to the relevant customer unless applicable law or contract provides otherwise.15. Additional Information for California and Other U.S. State Residents
Where an applicable state privacy law applies, eligible residents may exercise the rights provided by that law. During the preceding twelve months, MCD Flow may have collected the following general categories:- identifiers;
- contact information;
- commercial information;
- professional information;
- internet or network activity;
- approximate geolocation information;
- limited financial information;
- communications;
- user-uploaded content;
- limited inferences relating to preferences or use; and
- other information described in this Policy.
16. Additional Information for the European Economic Area, United Kingdom, and Switzerland
Where the laws of these regions apply:- MCD CAD CORP will generally be the primary controller unless acting as a processor for a customer;
- we will use a valid legal basis for each processing purpose;
- we will provide information concerning international transfers;
- we will honor the rights provided under applicable law; and
- users may lodge a complaint with the data-protection authority in their place of residence, place of work, or the place where they believe a violation occurred.
17. Additional Information for Latin America and Other Jurisdictions
Residents of Latin American countries and other jurisdictions may have rights of access, updating, correction, deletion, objection, revocation, portability, information, or complaint under local law. MCD Flow will address applicable requests according to:- the individual’s jurisdiction;
- our role as controller or processor;
- our contract with the customer;
- legal exceptions; and
- permitted verification procedures.
18. Children’s Privacy
MCD Flow is a business and professional service. It is not directed to individuals under 18 and is not designed for direct use by children. We do not knowingly collect personal information from children under 13. If a school, business, organization, or professional uses the Service to process information concerning minors, that customer is responsible for:- determining the legal basis;
- providing required notices;
- obtaining parental authorization where applicable;
- limiting the information collected;
- properly configuring permissions; and
- complying with applicable laws.
19. Email Communications
You may opt out of promotional messages by using the unsubscribe link included in them. We may continue sending communications necessary for:- security;
- account administration;
- projects;
- billing;
- support;
- legal compliance;
- contractual changes; and
- Service operation.
20. Third-Party Services and Links
The Service may contain links, components, or integrations owned or operated by third parties. We do not control those third parties’ privacy practices and are not responsible for their policies, security, or content. Before providing information or enabling an integration, you should review the third party’s privacy policy and terms.21. Changes to This Policy
We may update this Policy to reflect:- new features;
- operational changes;
- new providers;
- new technologies;
- legal developments;
- changes in our practices; or
- transparency improvements.
- email;
- in-Service notification;
- banner;
- administration panel; or
- another reasonable method.
