Personal Data Protection Act (PDPA) Compliant

Data Protection Policy

Effective Date: 27 April 2026  |  Last Reviewed: 27 April 2026

1. Introduction

InvoiceFlow ("we", "us", "our") is committed to protecting the personal data of our users in accordance with the Personal Data Protection Act 2012 (Cap. 26F) of Singapore ("PDPA"). This Data Protection Policy explains how we collect, use, disclose, and safeguard personal data when you use the InvoiceFlow platform and related services.

By using InvoiceFlow, you acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. Who We Are

InvoiceFlow is an AI-powered invoice and document generation platform designed for freelancers, sole proprietors, SME contractors, and agencies operating in Singapore. Our platform assists users in generating invoices, financial documents, and related commercial materials, including Singapore GST calculations.

For data protection enquiries, please contact our Data Protection Officer (DPO) at:

Email: support@invoice-flowai.com

3. Personal Data We Collect

We collect the following categories of personal data in the course of providing our services:

3.1 Account and Identity Data

  • Full name
  • Email address
  • Password (stored in encrypted form)

3.2 Business and Tax Data

  • Business name and trading name
  • Unique Entity Number (UEN) or business registration number
  • GST registration number (if applicable)
  • Business address

3.3 Billing and Payment Data

  • Subscription plan details
  • Payment method information (processed and stored by our third-party payment processor; InvoiceFlow does not store full card details)
  • Billing address
  • Transaction history

3.4 User-Uploaded Content

  • Business logos and branding assets
  • Past invoices or document templates uploaded for reference
  • Any other documents uploaded to the platform

3.5 Client Data Entered by Users

  • Names and contact details of your clients (as entered by you into invoices)
  • Client business names, addresses, and UENs

Note: As a user, you are responsible for ensuring you have the right to provide your clients' personal data to InvoiceFlow for document generation purposes.

3.6 Usage and Analytics Data

  • IP address and device information
  • Browser type and operating system
  • Pages visited, features used, and time spent on the platform
  • Error logs and crash reports

4. Purposes for Which We Collect and Use Personal Data

We collect and use your personal data for the following purposes:

  • To create and manage your InvoiceFlow account
  • To provide, operate, and improve our invoice and document generation services
  • To process subscription payments and manage billing
  • To generate invoices, quotations, and other commercial documents on your behalf
  • To perform AI-assisted GST calculations and document formatting
  • To send service-related communications, including account notifications and security alerts
  • To provide customer support
  • To comply with applicable Singapore laws and regulatory requirements
  • To detect, investigate, and prevent fraudulent use of the platform
  • To analyse usage patterns and improve platform performance (in anonymised or aggregated form where possible)

We will not use your personal data for purposes other than those listed above unless required or permitted by law.

5. Disclosure of Personal Data to Third Parties

We may share your personal data with the following categories of third parties in order to deliver our services:

5.1 AI Model Providers

InvoiceFlow uses AI models from Anthropic (Claude) and OpenAI (GPT) to power document generation and intelligent features. Data submitted through the platform may be processed by these providers' APIs. We encourage you to review their respective privacy and data handling policies:

5.2 Cloud Infrastructure and Database

Our platform is built on Supabase (database and authentication) and Render.com (container hosting). Your data is stored and processed on their infrastructure, which is hosted on industry-standard cloud environments. These providers operate under their own data protection and security frameworks.

5.3 Payment Processor

Subscription payments are processed by Stripe. We do not store your full payment card details on our systems.

We do not sell your personal data to third parties. We do not share your personal data with advertisers.

6. Consent and Withdrawal of Consent

By registering for and using InvoiceFlow, you consent to the collection, use, and disclosure of your personal data in accordance with this Policy.

You may withdraw your consent at any time by contacting our DPO at support@invoice-flowai.com. Please note that withdrawal of consent may affect our ability to continue providing services to you. We will advise you of the consequences before processing your withdrawal request.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account closure or cancellation:

  • Your account data will be retained for 30 days following cancellation to allow for account recovery.
  • After 30 days, your personal data will be deleted or anonymised, except where retention is required by Singapore law (for example, financial records may be retained for up to 5 years in accordance with accounting and tax regulations).
  • Documents you have generated on the platform may be downloaded by you prior to account closure. InvoiceFlow will not be liable for documents not downloaded before deletion.

8. Access to and Correction of Personal Data

You have the right to:

  • Request access to the personal data we hold about you
  • Request correction of any inaccurate or incomplete personal data
  • Request the deletion of your personal data, subject to legal retention requirements

To make such a request, please contact our DPO at support@invoice-flowai.com with the subject line "PDPA Data Request". We will respond within 30 days of receiving your request. We may charge a reasonable fee for access requests in accordance with PDPA guidelines.

9. Data Security

We implement reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication requirements
  • Regular security monitoring and vulnerability assessments

However, no method of electronic transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

10. Cookies and Analytics

We use cookies and similar tracking technologies to operate and improve the platform. This is detailed in our separate Cookie Policy. For usage analytics, we collect and process data in anonymised or aggregated form wherever possible.

11. Minors

InvoiceFlow is intended for use by businesses and individuals aged 18 and above. We do not knowingly collect personal data from persons under 18. If you believe a minor has provided us with personal data, please contact us at support@invoice-flowai.com and we will take steps to delete such data.

12. Changes to This Policy

InvoiceFlow reserves the right to update, modify, or replace this Data Protection Policy at any time and at our sole discretion. Changes will take effect immediately upon publication on our website, unless otherwise stated.

Where we consider a change to be material, we will endeavour to notify registered users via email or in-platform notification as a courtesy. However, it is your responsibility to review this Policy periodically. The "Last Reviewed" date at the top of this page will always reflect when the Policy was last updated.

Your continued use of InvoiceFlow following any changes to this Policy constitutes your acceptance of the revised Policy. If you do not agree with any changes, you must discontinue use of the Service and may close your account.

13. Contact Us

For any questions, concerns, or requests regarding this Data Protection Policy or our data protection practices, please contact:

Data Protection Officer

InvoiceFlow

Email: support@invoice-flowai.com

We take all data protection enquiries seriously and will respond within 30 days.

This Data Protection Policy is governed by the laws of Singapore.

© 2026 InvoiceFlow, Inc. All rights reserved.