Privacy Policy

1. Introduction

PayFlow Guardian (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our accounts receivable management service at payflowguardian.com.

By using PayFlow Guardian, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

2. Information We Collect

We collect the following types of information:

• Account information: Your email address and password when you create an account.
• Business information: Your business name and bank account details you provide during onboarding, used to send payment instructions to your clients.
• Invoice data: Client names, email addresses, invoice amounts, due dates, and descriptions that you enter into the platform.
• Client communication data: Messages and responses sent by your clients through our payment response system.
• Usage data: Log data including IP addresses, browser type, pages visited, and actions taken within the app, used for debugging and improving the service.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the PayFlow Guardian service
• Send automated payment reminder emails to your clients on your behalf
• Analyze client responses using AI to generate actionable recommendations
• Send you notifications about client activity and invoice status changes
• Improve and develop new features for the service
• Respond to your support requests and communications
• Detect and prevent fraud and unauthorized access

We do not sell, rent, or share your personal information or your clients' information with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored securely using Supabase, a PostgreSQL-based database platform with enterprise-grade security. All data is encrypted at rest and in transit using industry-standard TLS encryption.

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

Access to your data is restricted to authorized personnel only, and we regularly review our security practices.

5. Third-Party Services

We use the following third-party services to operate PayFlow Guardian:

• Resend — Used to send transactional emails (payment reminders, notifications) to you and your clients. Resend processes email addresses and message content as necessary to deliver emails.
• Anthropic Claude API — Used to analyze client messages and generate email draft suggestions. Client message content may be sent to Anthropic's API for processing. Anthropic does not use API inputs to train its models.
• Vercel — Used to host and deploy the PayFlow Guardian application. Vercel may process request metadata as part of serving the application.
• Supabase — Used for database storage and user authentication. All user data resides within Supabase's infrastructure.

Each of these services has their own privacy policies governing their data handling practices.

6. Data Retention

We retain your account data and invoice history for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Email logs and reminder history may be retained for up to 12 months for audit and debugging purposes.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your account and associated data
• Export your data in a portable format
• Opt out of non-essential communications

To exercise any of these rights, please contact us at support@payflowguardian.com.

8. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: