Exflo Privacy Policy

Effective: May 15, 2026

1. Data We Collect

• Account Data: Name, email, phone number (optional)
• Transaction Data: Financial records you input
• Usage Data: Activity logs, language preferences, timezone
• Device Data: Browser type, operating system (for optimization)

2. How We Use Data

• Provide and improve our services
• Process payments via Paddle/Midtrans
• Generate AI analysis and financial predictions
• Send service-related notifications
• Prevent fraud and abuse

3. Third Parties

We use the following third-party services:

• Supabase: Authentication and data storage
• Paddle: International payment processing (USD)
• Midtrans: Domestic payment processing (IDR)
• Google AI (Gemini): AI financial analysis
• WAHA: WhatsApp integration

We do not sell your data to third parties.

4. Data Security

• End-to-end encryption for sensitive data
• JWT authentication with Supabase
• 3D Secure for credit card payments

5. Data Retention

• Account data is retained while your account is active
• After account deletion, data is removed within 30 days
• Payment logs are retained per regulations (minimum 5 years)

6. Your Rights

• Access your personal data
• Request correction of inaccurate data
• Request account and data deletion
• Opt out of marketing communications

7. Cookies

We use essential cookies for service functionality. We do not use third-party tracking cookies.

8. Contact

For privacy-related inquiries, contact: support@exflo.cloud

Last updated: May 15, 2026