Legal

Privacy Policy

This policy explains how Finflo collects, uses, stores, and protects your personal information when you use our document processing service.

Last updated: December 2025

Introduction

Finflo ("we", "our", or "us") operates the Finflo document processing platform available at app.finflo.au (the "Service"). This Privacy Policy describes how we collect, use, and share information about you when you use our Service.

By using Finflo, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

Finflo is based in Australia and we are committed to complying with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), as well as the General Data Protection Regulation (GDPR) for users in the European Economic Area.

Information We Collect

Information You Provide

We collect information you directly provide to us, including:

  • Account Information: When you create an account, we collect your email address and password. You may optionally provide your name.
  • Documents: PDF documents you upload for data extraction, including any personal or sensitive information contained within them.
  • Templates: The extraction templates you create, including field names, descriptions, and configuration settings.
  • Extracted Data: The structured data extracted from your documents by our AI processing.
  • Communications: Any emails, support requests, or feedback you send to us.

Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Usage Data: Information about how you interact with our Service, including pages visited, features used, and actions taken.
  • Device Information: Browser type, operating system, and device type.
  • Log Data: IP address, access times, and referring URLs.
  • Cookies: We use essential cookies for authentication and session management. See the Cookies section below for more details.

About Your Documents

The documents you upload may contain personal information about third parties (such as customer data, employee records, or financial information). You are responsible for ensuring you have the right to upload such documents and that doing so complies with applicable privacy laws.

How We Use Your Information

We use the information we collect to:

Provide and Improve Our Service

  • Process your documents and extract structured data
  • Manage your account and provide customer support
  • Maintain and improve the performance, security, and functionality of our Service
  • Analyse usage patterns to improve user experience
  • Debug and fix technical issues

Communicate With You

  • Send transactional emails (account verification, password resets, extraction notifications)
  • Respond to your enquiries and support requests
  • Send important service announcements and updates
  • With your consent, send product updates and marketing communications

Ensure Security and Compliance

  • Detect, prevent, and address fraud, abuse, or security issues
  • Enforce our Terms of Service
  • Comply with legal obligations

What We Don't Do

  • We do not sell your personal information to third parties
  • We do not use your documents to train AI models
  • We do not share your documents or extracted data with other users
  • We do not use your data for targeted advertising

Data Sharing & Third Parties

We share your information only in the following circumstances:

Service Providers

We use trusted third-party service providers to operate our Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect it.

ProviderPurposeData Shared
RenderApplication hosting & databaseAll application data
Google CloudFile storage & AI processingUploaded documents, extracted data

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:

  • Comply with a legal obligation
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

With Your Consent

If your information needs to be shared for any other reasons, we will reach out for your explicit consent before complying with the request.

Data Storage & Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it.

Where Your Data Is Stored

  • Application & Database: Hosted on Render's infrastructure in the APAC region
  • File Storage: Google Cloud Storage with servers in Australia

Security Measures

  • All data encrypted in transit using TLS 1.2/1.3
  • All data encrypted at rest using AES-256
  • Secure password hashing
  • Regular security monitoring and logging
  • Access controls and authentication requirements

For more details about our security practices, please see our Security page.

Our Commitment to Security

We take the protection of your data seriously and follow industry-standard practices to safeguard it. While no online service can guarantee absolute security, we are committed to transparency and will promptly notify affected users if a security incident were ever to occur.

Data Retention

We retain your information for as long as necessary to provide our Service and fulfil the purposes described in this policy.

Data TypeRetention Period
Account informationUntil you delete your account
Uploaded documentsUntil you delete them or your account
TemplatesUntil you delete them or your account
Extraction resultsUntil you delete them or your account
Server logs30 days
Database backups7 days (rolling)

When you delete data or your account, we will remove your information from our active systems. Some information may persist in backups for a limited period before being permanently deleted.

Your Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honouring these rights for all users.

Right to Access

You can access most of your data directly through the application. For a complete copy of all data we hold about you, contact us at privacy@finflo.au.

Right to Portability

You can export your extraction results to Excel format directly from the application. For a machine-readable export of all your data, contact us.

Right to Deletion

You can delete individual documents, templates, and extractions within the app. To delete your entire account and all associated data, contact us at support@finflo.au.

Right to Object / Opt-Out

You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us.

Right to Complain

If you believe we have not handled your information correctly, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@finflo.au. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

Cookies & Tracking

We use cookies and similar technologies to operate our Service. Here's what you need to know:

Essential Cookies

We use essential cookies that are strictly necessary for the Service to function. These cannot be disabled and include:

  • Session cookies: To keep you logged in and maintain your session
  • CSRF tokens: To protect against cross-site request forgery attacks

Analytics

We may use analytics tools to understand how users interact with our Service. This helps us improve the user experience. Any analytics data is aggregated and does not identify individual users.

What We Don't Use

  • Third-party advertising cookies
  • Social media tracking pixels
  • Cross-site tracking technologies

International Data Transfers

Finflo is based in Australia, and our primary infrastructure is located in Australia and the APAC region.

If you are accessing our Service from outside these regions, please be aware that your information may be transferred to, stored, and processed in countries that may have different data protection laws than your country of residence.

Safeguards

When we transfer data internationally, we rely on:

  • Service provider contracts with appropriate data protection clauses
  • Infrastructure providers with strong security certifications (SOC 2, ISO 27001)
  • Encryption of data in transit and at rest

Children's Privacy

Finflo is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we may have information from or about a child under 18, please contact us at privacy@finflo.au.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For significant changes, we will notify you by email or through a notice on our Service
  • We encourage you to review this policy periodically

Your continued use of the Service after any changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Enquiries

privacy@finflo.au

General Support

support@finflo.au

We aim to respond to all privacy-related enquiries within 30 days.