ProcFu Security Overview

ProcFu is designed to extend and automate workflows from platforms such as Podio, MySQL, and Notion. The platform follows a data-minimization approach to ensure user and organizational data remains secure and private.

Data Handling & Storage

• No Permanent Data Storage:
  ProcFu does not store your Podio, MySQL, or Notion data unless you explicitly choose to do so or use a feature that requires temporary storage.

• Default Data Collection:
  By default, ProcFu only collects information about:
  • Your user account
  • The structure (schema) of your Podio/MySQL/Notion apps or tables

• Mini Apps:
  • ProcFu stores the structure of your Mini Apps and the configuration data you provide when creating them.
  • Item data is only included if you configure caching for Mini App screens. Cached data is stored only for the specified cache duration and then automatically deleted.

• AI Assistance
  • ProcFu does not store or cache any of your item data except it's ID. We collect the item data in-memory, make it available to OpenAI, and then forget it.
  • OpenAI states: "We do not train on API, ChatGPT Enterprise, and ChatGPT Team customer data⁠ by default." (ref) and in the FAQ’s, states: “Data submitted through the OpenAI API is not used to train OpenAI models or improve OpenAI’s service offering.”

• Data Syncs:
  • ProcFu stores only the structure of the apps and database tables involved.
  • Actual item data is stored in your own connected database and not on ProcFu’s servers.

• Script Variables:
  Data may be stored if you explicitly use functions such as var_set or shared_var_set within your scripts. This is entirely user-controlled.

Data Exposure & Responsibility

ProcFu provides tools that allow you to configure data exposure settings.

• Any data you choose to display in public-facing Mini App screens will be publicly visible as configured.

• Similarly, misconfiguration of authentication or permissions may expose data. These configurations are user-controlled and fall outside ProcFu’s liability.

ProcFu’s design intentionally limits storage and exposure to the minimum necessary to deliver its functionality.

Authentication & Access Control

• Two-Factor Authentication (2FA):
  2FA is available for all app authentications at the time of creation, providing an additional layer of security for users.

• Access Control:
  Access to data and configuration is restricted to authenticated users through secure credential-based access.

GDPR

Canada's PIPEDA has an adequacy ruling under the EU's GDPR, meaning personal data can flow from the EU to Canada without needing additional safeguards.

ProcFu uses Digital Ocean in Toronto for all primary servers and storage. See our Privacy Policy for details of sub-processors and whom we share data with.

Data Processing Agreement (DPA)

Organizations may optionally sign a Data Processing Agreement (DPA) with Globi to formalize data protection and compliance commitments.
👉 Link to DPA

Security Commitment

ProcFu prioritizes:

• Data minimization

• Transparency of data handling

• User control over data exposure

• Optional enhanced authentication through 2FA

By design, ProcFu acts as a secure intermediary and automation platform, not a data repository.