InvoiceFlowINSTITUTIONAL INFRASTRUCTURE

Privacy Policy

Effective Date: 27 Apr 2026

Welcome to InvoiceFlow. We are committed to protecting your privacy and ensuring the security of your personal and financial data. This Privacy Policy outlines our practices regarding data collection, usage, and protection within our institutional-grade MSME financing platform.

1. Information We Collect

We collect data essential for providing secure financial services and complying with regulatory requirements:

  • Identity Data: Full name, Aadhaar number, PAN, and date of birth for mandatory KYC processing.
  • Business Data: GST details, Udyam registration, corporate buyer details, and uploaded invoices.
  • Financial Data: Bank account numbers, IFSC codes, and transaction histories necessary for capital settlement.
  • Technical Data: IP addresses, browser types, and authentication tokens for security monitoring.

2. How We Use Your Data

InvoiceFlow processes your data strictly for operational and regulatory purposes:

  • Risk Assessment: Analyzing invoice metadata and MSME history to determine accurate yields and risk premiums.
  • Verification: Cross-referencing KYC documents with national databases to prevent identity theft and fraud.
  • Transaction Execution: Facilitating the precise routing of investor capital to MSMEs and managing subsequent repayments.
  • Compliance: Maintaining audit trails as required by financial regulators and anti-money laundering (AML) laws.

3. Data Security and Storage

We employ institutional-grade security architecture. All data is encrypted in transit (TLS 1.3) and at rest. Access to the database is governed by strict Row-Level Security (RLS) policies, ensuring that users can only query their own records. Sensitive documents (Aadhaar, PAN, Invoices) are stored in secure buckets that do not allow public access.

4. Data Sharing

We do not sell your data to third parties. We only share data with:

  • Verified Investors: Limited anonymized invoice details necessary for capital allocation decisions.
  • Banking Partners: Necessary details required to execute NEFT/RTGS/IMPS settlements.
  • Regulatory Authorities: When legally compelled to comply with lawful requests or audits.

5. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or request deletion of your personal data. Note that financial transaction records and KYC data cannot be deleted if doing so violates regulatory retention laws. For any privacy-related requests, please contact our Data Protection Officer at privacy@invoiceflow.com.