Legal

Privacy Policy

Effective: June 17, 2026 · Last updated: June 17, 2026

Magnaflor Corp (“Magnaflor,” “we,” “us,” or “our”) respects the privacy of every wholesale florist customer who uses our portal at magnaflor.com (the “Portal”). This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices you have. By using the Portal you agree to this policy.

1. Information we collect

We only collect information necessary to run a wholesale flower distribution business with you.

Information you give us directly when you sign up or place orders:

  • Business name, contact name, business email address, business phone number
  • Business shipping and billing addresses
  • Wholesale florist license, resale certificate, or similar verification documents (when applicable)
  • Order history, standing-order preferences, sub-client lists, delivery preferences

Information collected automatically when you use the Portal:

  • Login timestamps, pages viewed, actions taken (used to keep your account secure and improve the Portal)
  • Device type, browser type, IP address (used for security and error diagnostics)
  • Cookies and similar technologies (used for authentication and to remember your preferences)

Information from third parties:

  • QuickBooks Online — when your account is linked, we read your customer record, invoices, payment status, and product master data from our QuickBooks account
  • Payment processors — when you complete payments through QuickBooks Online payment links, the processor confirms transaction status; we never receive or store your full card details

2. How we use your information

We use the information we collect to:

  • Provide the Portal and the wholesale ordering, invoicing, and delivery services you request
  • Send you transactional emails: order confirmations, delivery notifications, invoice receipts, account verification, password resets, standing-order reminders
  • Send you operational communications: catalog updates, account-status changes, support responses
  • Maintain account security: detect suspicious sign-ins, protect against fraud, comply with legal obligations
  • Improve the Portal: analyze usage patterns to fix bugs and add features

We do not use your information for advertising, sell your information to third parties, or share your information with advertisers.

3. How we share your information

We share information only in these specific cases:

  • With QuickBooks Online (Intuit): when your account is bound to a QuickBooks customer record, we exchange data with QuickBooks to keep invoicing, payment, and master data in sync. This is governed by your separate agreement with Intuit.
  • With our service providers: cloud infrastructure (Amazon Web Services), email delivery (Amazon SES), authentication (Amazon Cognito), error monitoring, uptime monitoring. These providers process information only on our instructions and under contracts that require them to protect it.
  • For legal reasons: when required by law, court order, or government authority; to enforce our Terms of Service; to protect the rights, property, or safety of Magnaflor, our customers, or others.
  • Business transfers: if Magnaflor is acquired or merges with another business, your information may transfer as part of that transaction; we will notify you in advance.

4. Where your information is stored

Your information is stored on Amazon Web Services in the United States (us-east-2 region, Ohio). Data is encrypted at rest using AWS Key Management Service and encrypted in transit using TLS 1.2 or higher.

5. How long we keep your information

We keep your information for as long as your account is active and for a reasonable period afterwards in case you reactivate. Specific retention periods:

  • Account data: kept while account is active; deactivated accounts retained for 24 months in case of reactivation, then anonymized
  • Order and invoice data: kept for at least 7 years to comply with US tax and accounting requirements
  • Email delivery logs: 13 months for deliverability monitoring
  • Server logs and security audit logs: up to 12 months
  • Cookies: vary by purpose (session cookies expire when you close your browser; persistent cookies are deleted after up to 24 months)

You can request deletion of your account at any time (see Section 8).

6. Cookies and tracking

We use cookies for these purposes only:

  • Authentication: to keep you signed in (required for the Portal to work)
  • Preferences: language selection (EN/ES), display preferences
  • Security: to detect unusual sign-in patterns
  • Analytics: aggregated usage data (no individual tracking, no advertising trackers)

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technology.

7. Children's privacy

The Portal is intended for wholesale flower businesses only. We do not knowingly collect information from anyone under 18. If you believe a child has provided us information, please contact us at the address below and we will delete it.

8. Your rights and choices

Subject to applicable law and verification of your identity, you have these rights regarding your information:

  • Access: request a copy of the information we hold about you
  • Correction: ask us to correct inaccurate information (most fields can be edited directly in the Portal under Account settings)
  • Deletion: ask us to delete your account and personal information (subject to legal retention requirements above)
  • Portability: request your data in a machine-readable format
  • Withdraw consent: revoke permission for non-essential processing at any time
  • Marketing communications: opt out of marketing emails using the unsubscribe link in any email (transactional emails will continue while your account is active)

California residents (CCPA / CPRA): You have the right to know what categories of personal information we collect, request access to or deletion of your personal information, correct inaccurate information, opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights. You may designate an authorized agent to make requests on your behalf.

Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and other state-privacy-law residents: You have substantially similar rights under your state's privacy law and may exercise them by contacting us as below.

Florida residents: Under the Florida Digital Bill of Rights (FDBR), eligible residents may have the right to access, correct, delete, and obtain portable copies of personal data, and to opt out of certain processing activities. The FDBR currently applies to a narrow set of high-revenue businesses; nonetheless we extend equivalent rights as a courtesy to Florida residents.

To exercise any of these rights, email the address in Section 11. We will respond within 30 days (or 45 days if extended for complex requests). To verify your identity we may ask for information that matches what we already hold.

9. Security

We use industry-standard security measures to protect your information:

  • Encryption at rest (AWS Key Management Service) and in transit (TLS 1.2+)
  • Magic-link email authentication for password-free sign-in
  • Regular security audits and dependency vulnerability scans
  • Bounce-and-complaint suppression list to prevent email abuse
  • Audit logs of administrative actions and impersonation sessions
  • Least-privilege IAM controls on all infrastructure access

No system is perfectly secure. We cannot and do not guarantee absolute security of your information. To the maximum extent permitted by law, you use the Portal at your own risk. If we discover a security incident affecting your information, we will notify you within the timelines required by applicable law.

10. Changes to this policy

We may update this Privacy Policy as our practices change or as required by law. When we make material changes, we will:

  • Update the “Last Updated” date at the top
  • Notify you by email at least 30 days before the changes take effect (for material changes)
  • Provide a summary of changes on the magnaflor.com/privacy page

Continued use of the Portal after the effective date of changes constitutes acceptance.

11. Contact us

For privacy questions, account inquiries, or to exercise your rights:

Magnaflor Corp

777 Brickell Avenue, Suite 500

Miami, FL 33131, United States

Email: sales@magnaflor.com

Phone: +1 (305) 707-7155

For QuickBooks-specific data questions, you may also reference Intuit's privacy policy at intuit.com/privacy.