Privacy Policy

1. Introduction

OutflowGuard (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment verification and audit trail service for Xero users.

2. Information We Collect

We collect information that you provide directly to us, including:

• Account information (name, email address, company name)
• Xero organization data necessary for our service to function (supplier details, bank account information changes)
• Payment and billing information
• Communications you send to us

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Monitor supplier bank detail changes in your Xero organization
• Send you alerts and notifications about potential payment redirect risks
• Generate audit trails and reports
• Process payments and send invoices
• Respond to your comments, questions, and requests
• Send you technical notices, updates, and security alerts

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security audits and penetration testing
• Access controls and authentication measures

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Audit trail data is retained for a minimum of 7 years to comply with financial record-keeping requirements. You may request deletion of your account data at any time.

6. Third-Party Services

We integrate with the following third-party services:

• Xero: To access your accounting data (read-only access to supplier information)
• Stripe: To process payments securely
• Supabase: For authentication and database services

7. Your Rights

Depending on your location, you may have the following rights:

• Access to your personal data
• Correction of inaccurate data
• Deletion of your data
• Data portability
• Objection to processing
• Withdrawal of consent

To exercise these rights, please contact us at privacy@outflowguard.com

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@outflowguard.com
• Support: support@outflowguard.com