PRIVACY POLICY


Effective Date: May 06, 2024
Last Updated on: May 06, 2024


This privacy policy (“Policy”) explains how Spendflo, Inc. or any of its affiliates or subsidiaries. (“We”, “Us”, “Our”) Processes User Data collected from You.

 

1.  DEFINITIONS

 

1.1. “Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others, determines the purposes and means of the processing of User Data.

 

1.2.  “End-User” means any person or entity with whom the Subscriber interacts using the Service(s).

 

1.3.  “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

1.4. “Process means any operation or set of operations which is performed on User Data or on sets of User Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

1.5. “Processor” means a natural or legal person, public authority, agency, or other body which Processes User Data on behalf of the Controller.

 

1.6. “Service(s)” shall have the meaning ascribed to it in the Terms of Use.

 

1.7. “Subscriber” means the natural or legal person that has subscribed to the Service(s) by agreeing to the Terms of Use.

 

1.8. “Subscriber Data” means any information related to Subscriber other than the Personal Data.

 

1.9. “Terms of Use” means the binding contract between Us and You which governs the access and use of the Service(s) by You available at https://www.spendflo.com/terms-conditions

 

1.10. “User Data” includes both Personal Data and Subscriber Data.

 

1.11. “Website(s)” means the websites that We operate.

 

1.12. “You” and “Your” means an identified or identifiable natural person whose User Data We process as a Controller.

 

Any terms used herein below with starting letter capitalized, but not defined under Clause 1 here, shall be defined and meaning ascribed to it as per the Terms of Use.

 

2. USER DATA COLLECTED BY US

 

2.1.  You directly provide Us with most of the data We collect. We collect User Data from You directly as follows: a) When You subscribe for any of Our Service including any subscriptions for free trials during the Trial Period (s) by agreeing to the Terms of Use, We collect sign-up and account information including Your name and e-mail address; b) When You submit web forms on Our Website(s) or as You use interactive features of the Website(s), including providing feedback or suggestions, making requests, or participation in surveys, contests, webinars, events, podcasts, promotions, sweepstakes, requesting customer support, or otherwise communicating with Us; c) When You provide testimonials, forms or information to Us in other contexts; d) If You are a Google user and You authorize Us to collect Google user data via the Google API Services by providing necessary permissions;

 

2.2. We may also receive Your User Data indirectly as follows: a) from third party sources like marketing lists, databases and social media but only where We have checked that these third parties either have Your consent or are otherwise legally permitted or required to disclose Your User Data to Us; b)When You download and/or use the Service(s), We automatically collect information on the type of device You use, and the operating system version, to perform Our agreement with You; c) When You use or view Our Website(s), information is collected via Your browser’s cookies as described in clause 9 herein; d) We may also collect or receive Your User Data from other sources such as Our business or channel partners through whom You create or access Your Account, publicly available sources, email add-ons and/ or through the combining of information We obtain from third parties along with the User Data You provide to Us; or e) When You authorize Us to connect with a third-party service, We will access and store Your User Data that the third-party service makes available to Us, which may include Your email address, location or profile information.

 

2.3. When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving these advertisements as per clause 9.3 of this Privacy Policy.

 

2.4.   The Website(s) includes social media features and widgets that are either hosted by a third-party or hosted directly on the Website(s) and Your interaction with these social media features and widgets is governed by the privacy statement of the companies that provide them. You should check Your privacy settings on these third-party services to understand and change the information sent to Us through these services.

 

3. LEGAL BASIS FOR PROCESSING (EEA REGION)

 

 

3.1. If You are a data subject from the European Economic Area, Our legal basis for collecting and using the User Data described above will depend on the User Data concerned and the specific context in which We collect it.

 

3.2. We will normally collect User Data from You only where We need it to perform a contract with You, where the processing is in Our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms, or where We have Your consent. In some cases, We may also have a legal obligation to collect User Data from You. If We process User Data with reliance on Your consent, You may withdraw Your consent at any time.

 

3.3. If You have questions or need further information concerning the legal basis on which We collect and use Your User Data, please contact Us using the contact details provided under Clause 13.

 

 

4. PURPOSES FOR WHICH USER DATA WILL BE PROCESSED

 

We Process Your User Data to: a) facilitate Your access to the Website(s), Spendflo Platform and Service(s); b) provide customer service and support; c) send You communication on Your use of the Service(s), updates on Our Terms of Use or other policies; d) send You communication on new features in the Service(s) or new service offerings; e) conduct research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve Our Service(s) and facilities in order to enhance Your relationship with Us or for Your benefit, or to improve any of Our Service(s) for Your benefit; f) Organise events or for other marketing/ promotional activities; g) investigate and prevent fraudulent transactions, unauthorized access to the Websites and Service(s), and other illegal activities; h) personalize the Websites and Service(s); and for other purposes for which We obtain Your consent.

 

5. SHARING OF USER DATA

 

5.1. You acknowledge that We will share Your User Data with Our group companies and third-party service providers so that they may offer You Our Service(s) and/or to send information or updates on the Service(s) if You are a Subscriber.

 

5.2. When We Process Your order where You are a Subscriber, we may send Your User Data to and also use the resulting information from credit reference agencies to prevent fraudulent purchases.

 

5.3. We share User Data with Our third-party service providers that host and maintain Our Website(s), applications, backup, storage, payment processing, analytics and other services. These third-party service providers may have access to or Process Your User Data for the purpose of providing these services to Us.

 

5.4. We may share Your User Data with third-party providers who assist Us in marketing and promotions in compliance with applicable laws.

 

5.5. We may be required to disclose Your User Data in response to: a) lawful requests by public authorities, including to meet national security or law enforcement requirements and/or b) subpoenas, court orders, or legal process, or to establish or exercise Our legal rights or defend against legal claims.

 

5.6. We may also share User Data to assist investigation and prevention of illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms of Use, or as otherwise required by law.

 

5.7. It is expressly clarified that We will not share any Personal Data collected from Google API Services with third-party providers, including any third party AI models. However, We may share Subscriber Data with certain third party providers or AI models, for the limited purposes of improving our Platform and providing better Services to You under any agreement that You may have with Us. Such sharing of Subscriber Data would be strictly governed by the privacy policy of third-party providers and We make sure that the third-party providers that we engage with are GDPR compliant.


6. INTERNATIONAL TRANSFER

 

6.1. We mainly Process Personal Data in the United States of America. However, We may transfer Personal Data outside the United States of America for the purposes referred to in Section 4. We will ensure that the recipient of Your Personal Data offers an adequate level of protection that is at least comparable to that which is provided under applicable data protection laws.  

 

6.2. If You are a resident of the European Economic Area and when Your Personal Data is processed outside EEA, We will ensure that the recipient of Your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of Personal Data as approved by the European Commission (Article 46 General Data Privacy Regulation, 2016), or We will ask You for Your prior consent to such international data transfers.

 

 

7. RETENTION OF USER DATA

 

7.1. We retain the User Data collected where an ongoing legitimate business requires retention of such User Data.

 

7.2. ‍Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

8. SECURITY OF USER DATA


We use appropriate technical and organizational measures to protect the User Data that We collect and Process. The measures We use are designed to provide a level of security appropriate to the risk of Processing Your User Data. If You have questions about the security of Your User Data, please contact Us immediately as described in this Policy.

If You are a Google user and have authorized Us to collect Google user data with necessary permissions in order for Us to render Our Service(s) to You under an agreement, then We may be using Google’s API services to access Google user data. Spendflo Platform’s or any of our application’s use and transfer of information received from Google APIs to any other application will adhere to Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including its Limited Use requirements.

9. YOUR RIGHTS

You are entitled to the following rights:

9.1 You can request Us for access, correction, update or request deletion of Your User Data.

 

9.2 You can object to the Processing of Your User Data, ask Us to restrict processing of Your User Data or request portability of Your User Data.

 

9.3 You have the right to opt-out of marketing communications We send You at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails We send You. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact Us.

 

9.4 Similarly, if We have collected and processed Your User Data with Your consent, then You can withdraw your consent at any time. Withdrawing Your consent will not affect the lawfulness of any processing We have conducted prior to Your withdrawal, nor will it affect processing of Your User Data conducted in reliance on lawful processing grounds other than consent.

 

9.5 You have the right to complain to a data protection authority about Our collection and use of Your User Data. For more information, please contact Your local data protection authority.

 

9.6 If You seek access to, or wish to correct, update, modify or delete Your User Data that We process, please contact Us at the details provided in clause 12. We respond to all requests We receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws.

10. NOTICE FOR CALIFORNIA RESIDENTS

 

10.1. Clause 8 applies only to California residents and the Personal Information We collect as Business. “CCPA” means the California Consumer Privacy Act of 2018 as amended by the CPRA. “CPRA” means the California Privacy Rights Act. For the purposes of this section, the terms “Business”, “Business Purpose”, “Consumer“Personal Information”, “Sale/Sell”, “Service Provider” and “Sensitive Personal Information” and “Share” shall have the meaning given to them under the CCPA.

10.2. The categories of Personal Information We have collected in the twelve (12) months prior to the Effective Date and that We may collect include:

a. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, passport number, or other similar identifiers;

b. Signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information;

c. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement;

d. Geolocation data;

e. Audio, electronic, visual, thermal, olfactory, or similar information.

10.3. Disclosure of Personal Information. We have disclosed the categories of Personal Information listed in clause 10.2 above for a business purpose in the twelve (12) months prior to the Effective Date and may disclose such Personal Information to service providers or contractors or to any other third parties who support our business provided (a) they do not Sell or Share such Personal Information or (b) retain, use or disclose such information for any purpose other than for the specific purpose of performing the services specified in our contract with them or (c) combine such information with any other information received directly by them. We do not Sell or Share (as the terms are defined in the CPRA) the Personal Information We collect without providing You a right to opt out. We do not Sell or Share Personal Information of minors of at least the age of thirteen (13) but less than sixteen (16) years without receiving such minor’s consent or the consent of the minor’s guardian if the minor is less than thirteen (13) years. We have not Sold or Shared any Personal Information in the twelve (12) months prior to the Effective Date. We shall not disclose further the Personal Information collected for verification of a consumer’s request or retain it longer than it is necessary for the purpose of verification.

10.4. You are entitled to the following rights under the CCPA:

10.4.1. You can request Us to disclose details and categories of Your Personal Information collected by Us;

10.4.2. You can request Us to disclose Your Personal Information collected twelve (12) months prior to the Effective Date, this right shall apply only to personal information collected after January 1, 2022

10.4.3. You can request Us to disclose (a) Your Personal Information Sold or Shared and (b) the service provider or contractor, or a third-party (as defined in the CPRA) to whom such information is Sold or Shared

10.4.4. You can request Us to correct Your inaccurate Personal Information.

10.4.5. You have the right to request the deletion of your personal information held by Us or by Our service provider, contractor, or any other third party to whom We have disclosed personal information to. We shall hold a confidential record of all deletion requests for the purpose of preventing the selling of such personal information for which You have submitted a deletion request.

10.4.6. You have the right to opt out of any Sale or Sharing of Your Personal Information if any such sale or sharing occurs.

10.4.7. You can request us to limit the use of Your Sensitive Personal Information.

10.4.8. You can request the transfer of specific pieces of Your Personal Information to any other entity.

10.4.9. You have the right to not be discriminated against for exercising Your rights under CCPA.

California Consumers may make a request pursuant to their rights under the CCPA by contacting Us at the details provided in clause 12. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code We will verify any requests before acting on the request and respond to all requests We receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with the CCPA. Consumers may also designate an authorised agent to exercise these rights on their behalf.

11. COOKIE POLICY

 

11.1. Cookies are text files that are placed on Your computer to collect standard internet log information and visitor behaviour information by Us. When You visit the Website(s), We may collect User Data automatically from You through cookies or similar technology. We also set cookies to collect information that is used either in aggregate form to help Us understand how our Website(s) are being used or how effective Our marketing campaigns are, to help customise the Website(s) for You or to make advertising messages more relevant to You.

 

11.2. Essential Cookies: We set essential cookies that enable core functionality such as security, network management, and accessibility. You may not opt-out of these cookies. However, You may disable these by changing Your browser settings, but this may affect how the Website(s) functions.

 

11.3. Analytics, Customisation and Advertising Cookies: We set these cookies to help Us improve Our Website(s) by collecting and reporting information on how You use it. The cookies collect information in a way that does not directly identify anyone.  

 

 

12. PRIVACY OF CHILDREN

12.1. We recognize the importance of children's safety and privacy. We do not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided Us with Personal Data, they should write to us at the email address provided in clause 12.

 

13. NOTICE TO END-USER AND OTHER EXCLUSIONS

 

13.1. Our Service(s) are intended for use by enterprises. Where the Services are made available to an End-User through a Subscriber, that enterprise is the Controller of the End-User’s User Data. For example, suppliers who are invited by Our Subscribers to interact with them through the Service(s) would be End-Users. In such a case, the End-User’s data privacy questions and requests should be submitted to the Subscriber in its capacity as the End-User’s Controller. If the End-User is an individual who interacts with a Subscriber using Our Services, the End-User will be directed to contact Our Subscriber for assistance with any requests or questions relating to their User Data. We are not responsible for Subscribers’ privacy or security practices which may be different from this notice. Subscribers to Our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations, relating to the collection of User Data in connection with the use of Our Services by End-Users.

 

13.2. Our Website(s) contain links to other websites. Our Policy applies only to our Website(s), so if You click on a link to another website, You should read their privacy policy. We encourage You to review the privacy statements of any such other websites to understand their User Data practices.

 

13.3. This Policy does not apply to aggregated information which summarizes statistical information about groups of members, and which does not include name, contact information, or any other information that would allow any particular individual to be identified.

 

14.  CONTACT INFORMATION

You may contact us if You have any enquiries or feedback on Our User data protection policies and procedures, or if You wish to make any request, in the following manner:

Kind Attention: Ajay Vardhan

Email Address: ajay@spendflo.com

Address: 2261 Market Street #4821, San Francisco, CA 94114, United States

15. CHANGES TO THE POLICY

 

We keep this Policy under regular review and may update this webpage at any time. This Policy may be amended at any time and You shall be notified only if there are material changes to this Policy.

PREVIOUS VERSIONS

1) Spendflo Privacy Policy - April 26, 2024 : www.spendflo.com/privacy-policy-v3

2) Spendflo Privacy Policy - April 15, 2024 : www.spendflo.com/privacy-policy-v2

3) Spendflo Privacy Policy - May 19, 2023 : www.spendflo.com/privacy-policy-v1