Privacy Policy

We collect information you provide directly, such as account details, profile data, invoice content, client and project records, transaction and balance data, team and payout records, uploaded documents, and support or feedback messages.

We also collect technical and usage information such as sign-in events, device and browser information, page visits, security logs, and product interaction events.

• Account and authentication data: email address, encrypted auth identifiers, OAuth provider details, and account preferences.
• Workspace data: transactions, clients, projects, people, payouts, tax settings, balances, user preferences, and related records.
• Invoice data: invoice line items, company and client details, invoice PDFs, guest invoice sessions, and invoice unlock purchase state.
• Uploaded content: files you submit for AI extraction or product workflows, such as receipts, invoices, or images.

We use data to operate and secure the service, authenticate users, save workspace state, process invoices and purchases, respond to support requests, prevent abuse, measure product usage, and improve product features.

We may also use your data to generate structured outputs, summaries, insights, and other product functionality you request inside the app.

If you connect Gmail, we access the connected mailbox only for the scopes and actions needed to provide the integration features you enable.

Connection tokens are stored in encrypted form. Message metadata and parsed transaction candidates may be stored so you can review sync results inside the product.

Raw Gmail message bodies are fetched on demand and are not stored in Supabase.

If you use AI-powered imports or insights, selected content may be sent to Google Gemini or another configured AI provider to generate structured results. You should review AI outputs before acting on them.

Payment card and checkout details are handled by Paddle rather than stored in full by FreelancerrFlow.

We may store billing status, plan selections, Paddle transaction references, order identifiers, and subscription lifecycle events needed to manage your purchases and support requests.

• Paddle: Processes recurring billing flows and one-time digital purchases for the service.

We and our providers may use cookies, local storage, pixels, and similar technologies to keep you signed in, remember preferences, prevent abuse, and understand how the site is used.

If analytics is enabled in the deployment, usage events may be sent to configured analytics services such as Google Analytics or Google Tag Manager. Authentication forms may also use Cloudflare Turnstile when enabled to reduce spam and abuse.

We share information only with service providers, integration partners you explicitly connect, or when required for legal compliance, fraud prevention, security, business transfers, or protection of rights.

We do not sell your personal information for money.

• Supabase: Authentication, database, and core product data storage.
• Google: OAuth sign-in and Gmail integration when you connect your inbox.
• Google Gemini: AI-powered extraction and insight generation for supported workflows.
• Cloudflare Turnstile: Fraud and abuse prevention on authentication forms when enabled.
• Google Analytics / Google Tag Manager: Website and product analytics when enabled by configuration.
• SMTP provider configured by the operator: Delivers transactional and support-related email.

We retain account and workspace data for as long as your account remains active, as needed to provide the service, resolve disputes, enforce agreements, and satisfy legal or tax obligations.

Guest invoice sessions and associated temporary records are intended to expire on a short lifecycle, currently about 24 hours unless claimed or otherwise preserved by a logged-in workflow.

Backups, logs, and archived system records may persist for a limited time after deletion as part of ordinary security and disaster-recovery practices.

You may update certain account information inside the app, disconnect integrations, and request help with deleting or correcting account data by contacting support.

Depending on your jurisdiction, you may also have rights to access, correct, delete, restrict, or object to certain processing, or to request a copy of your data, subject to legal exceptions.

Our providers may process data in countries other than your own. By using the service, you understand that data may be transferred to and processed in the jurisdictions where our providers operate.

We use reasonable administrative, technical, and organizational safeguards to protect information, but no system can be guaranteed completely secure.

For privacy questions or data requests, contact support@freelancerrflow.com.

• Operator: FreelancerrFlow
• Support email: support@freelancerrflow.com
• Mailing address: Indonesia
• Governing law country: Indonesia