Privacy Policy

Last updated: May 4, 2026

FundFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multitenant payment management platform.

1. Introduction

At FundFlow, we understand the importance of privacy and are committed to protecting your personal information. This Privacy Policy describes how we collect, use, share, and protect your information when you use our platform.

By using FundFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name, email address, and contact information
  • Organization details and registration information
  • Payment and transaction data
  • Member information and profiles
  • Account credentials and authentication information

2.2 Automatically Collected Information

We may automatically collect certain information about your device and usage patterns, including:

  • IP address and browser type
  • Device information and operating system
  • Usage data and access logs
  • Cookies and similar tracking technologies
  • Referral sources and navigation patterns

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process payments and manage transactions
  • Manage member accounts and organizations
  • Send administrative information and updates
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms
  • Analyze usage patterns to improve user experience

4. Data Security and Isolation

FundFlow uses a multitenant architecture where each organization's data is completely isolated and secure. Your organization's data, including member information, payment records, and receipts, is private to your organization only and is not accessible by other organizations using the platform.

We implement industry-standard security measures to protect your information, including:

  • End-to-end encryption for sensitive data
  • Secure data storage with regular backups
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Compliance with industry security standards

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Payment Gateway Providers: With our payment partners and other processors to facilitate transactions
  • Legal Requirements: When required by law or to comply with legal processes, court orders, or government requests
  • Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have explicitly authorized us to share your information

6. Your Rights

You have the following rights regarding your personal information:

  • Access: Request access to and review your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your information (subject to legal and contractual obligations)
  • Opt-out: Opt-out of certain communications and marketing materials
  • Data Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing activities

To exercise these rights, please contact us using the information provided in the Contact Us section.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When determining retention periods, we consider:

  • The nature and sensitivity of the information
  • Legal and regulatory requirements
  • The purposes for which we process the information
  • Whether we can achieve those purposes through other means

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information from our servers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: