Privacy Policy

Effective Date: 26th June 2025

Payflo Payments Pty Ltd ("we", "us" or "our") is committed to protecting your privacy. This policy explains how our Point-of-Sale (POS) app collects, uses, shares, and secures your data, in compliance with the Australian Privacy Act 1988 (Cth), EU GDPR, and California CCPA.

1. Scope & Applicability

This policy applies to all users across Android (Google Play) and iOS (App Store) platforms.

2. Information We Collect

• Camera Access: Barcode/QR scanning, capturing product/receipt images.
• Device & Technical Info: Device ID, OS version, crash logs, diagnostics.
• Usage Data: Screen views, taps, feature usage, timestamps.
• Location Data: Approximate/precise (with permission) for fraud detection and setup.
• Account & Business Info: Name, email, phone, business name, ABN, address.
• Financial & Transaction Data: Payment details, transaction history, order IDs.
• Third-Party Data: From integrations (e.g., POS systems, payment gateways).

3. Legal Basis (GDPR)

• Contractual necessity: To provide and maintain services.
• Legal obligation: For tax, audit, and regulatory compliance.
• Legitimate interests: Performance improvement, fraud prevention, security.
• Consent: Optional features like marketing or precise location.

4. How We Use Your Data

• To run POS operations (scanning, billing, records).
• Payment processing, refunds, reconciliation.
• Business account setup and authentication.
• App performance monitoring, debugging, and UI improvements.
• Sending notifications, support, and marketing (if opted in).
• Compliance with legal/written obligations.

5. Data Sharing

We do not sell your personal data. We share only with:

• Service providers: Cloud hosting, analytics, payment processors under strict NDA.
• Business partners: POS and banking integrations for core services.
• Legal authorities: When required by law.
• Corporate transactions: In cases like mergers or asset sales.
• Advisers: Accountants, lawyers under confidentiality.

6. Data Retention

We retain personal data only as long as needed for legal, business, or service reasons, then securely delete or anonymise it.

7. Data Security

We protect your data with:

• Encryption in transit (TLS) and at rest.
• Secure cloud infrastructure (ISO-compliant).
• Role-based access control and two-factor authentication.
• Regular security audits and penetration tests.

No system is completely secure, but we follow industry best practices.

8. Your Rights

• Access: Request your data copy.
• Rectification: Correct incorrect/incomplete data.
• Erasure: Ask to delete your data (subject to legal constraints).
• Restriction: Limit processing in certain cases.
• Portability: Export your data in machine-readable form.
• Objection: Stop processing based on legitimate interests.
• Withdraw consent: E.g., for marketing.

California (CCPA): Similar rights to know, delete, and non-discrimination.

9. Cross-Border Transfers

Your data may be transferred to jurisdictions such as the USA, EU, and Singapore. We ensure adequate safeguards (e.g. SCCs) for GDPR compliance.

10. Children's Privacy

Not intended for users under 16. We do not knowingly collect minors' data—if discovered, it will be deleted promptly.

11. Cookies & Analytics

• We use essential cookies/SDKs (e.g., Firebase, Google Analytics) for usage stats and crash reporting.
• No cross-app/web tracking.

12. Platform Compliance

Google Play Data Safety

We encrypt all data in transit. Users can request deletion via privacy@payflo.com.au.

Apple App Store Nutrition Label

• Data Linked to You: Contact info, identifiers, usage, diagnostics.
• Data Not Collected: Sensitive categories (health, race, biometrics).
• Purposes: App functionality, analytics, support—not advertising or third-party tracking.

13. Changes to This Policy

We may update this policy occasionally. We'll update the effective date and notify users through the app or website.

Android-Specific Note

On Android, camera data is used strictly for scanning and image capture within the app. We do not store camera data unless explicitly used by the user. Camera access may be disabled in device settings if desired.

Contact Us

For support, data access, deletion, or questions, please contact:
Email: privacy@payflo.com.au
Website: https://www.payflo.com.au