CollectFlow Privacy Policy

1. Data We Collect

We may collect the following types of data:

• Account Data – name, email, phone, and company details.
• Billing Data – payment details processed securely via Stripe Payments Europe Ltd.
• Debtor Data – information uploaded by the Customer (e.g. names, contact details, invoices).
• Technical Data – log files, IP addresses, browser information, and system usage data.

2. How We Use Data

We process data to:

• Provide and operate our Services.
• Send reminders and notifications to Debtors on behalf of Customers.
• Process payments securely.
• Improve platform performance and user experience.
• Comply with legal, accounting, and regulatory obligations.

3. Legal Basis

We process personal data under the following legal bases:

• Contractual necessity – to deliver our Services.
• Legitimate interests – to operate and improve our platform.
• Legal compliance – to meet obligations under tax and data protection law.
• Consent – for optional communications such as marketing emails (where applicable).

4. Sharing of Data

We may share data with carefully selected third-party service providers to operate our Services effectively:

• SMS Provider (Australia) – sends invoice and payment reminders by SMS.
• Email Provider (United States) – sends transactional and notification emails.
• Stripe Payments Europe Ltd – handles subscription billing and payment processing.
• Hosting Provider (Netherlands) – provides secure EU-based infrastructure for the CollectFlow platform.
• Regulatory or legal authorities – if required by applicable law.

We do not sell, rent, or trade personal data under any circumstances.

5. International Transfers

Data is primarily hosted in the Netherlands (EU/EEA). However, some processing involves transfers to Australia (for SMS) and the United States (for email).

Where data is transferred outside the European Economic Area (EEA), CollectFlow ensures compliance with Chapter V of the GDPR by relying on adequacy decisions (where available) or implementing Standard Contractual Clauses (SCCs) approved by the European Commission to ensure equivalent protection. These safeguards ensure that all personal data receives the same level of protection required under EU law, regardless of location.

6. Data Retention

Customer Account Data is retained for the duration of the subscription and for six (6) years thereafter to comply with tax and recordkeeping laws. Debtor Data is deleted within ninety (90) days of account closure or contract termination.

7. Security Measures

CollectFlow implements technical and organisational measures to protect personal data, including:

• Encrypted data transmission (HTTPS).
• Secure password protection and authentication.
• Server hosting within the EU under strict access controls.
• Regular monitoring and backups to ensure data integrity and availability.

8. Your Data Rights

Under GDPR, you have the right to:

• Access and obtain a copy of your personal data.
• Request correction or deletion.
• Restrict or object to processing.
• Request data portability to another provider.

To exercise these rights, contact privacy@collectflow.ie. We will respond to all valid requests within one month as required by law.

9. Contact & Complaints

If you have any questions or concerns about this Privacy Policy or your data, contact us at privacy@collectflow.ie. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Commission (Ireland) at https://www.dataprotection.ie.

10. Updates to this Policy

CollectFlow may update this Privacy Policy at any time and without prior notice. The latest version will always be available at https://collectflow.ie/privacy-policy. Continued use of our Services after an update constitutes acceptance of the revised policy.