Last updated: 1 March 2026
This Privacy Policy explains how FlowFi Pty Ltd (ACN 695 755 312, ABN 74 695 755 312) ("FlowFi", "we", "us", "our") collects, uses, discloses, and protects your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We collect the following types of information:
Account information: your name, email address, and business details when you create an account.
Financial data: transaction records, invoices, and banking information that you connect or upload to FlowFi for the purpose of financial management, BAS preparation, and reporting.
Usage data: information about how you interact with FlowFi, including pages visited, features used, and device information.
We use your information to provide and improve FlowFi's services, including AI-powered transaction categorisation, BAS preparation, invoicing, cash flow forecasting, and financial reporting. We may also use your information to communicate with you about your account, respond to support requests, and send product updates.
FlowFi uses artificial intelligence to categorise transactions, generate forecasts, and provide financial insights. Your financial data may be processed by AI systems to deliver these features. We do not use your data to train general-purpose AI models. AI processing is limited to providing you with personalised financial management services within your account.
Your data is stored securely using industry-standard encryption (AES-256 at rest, TLS 1.2 or higher in transit). We use Supabase for database and authentication services, with data hosted on Australian servers (AWS Sydney region). We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or misuse.
FlowFi implements strict technical controls to limit and monitor access to your data:
Database isolation: Your financial data is isolated at the database level using Row Level Security (RLS). This means that all application queries, including our API, can only access data belonging to the authenticated user. This protection is enforced by the database itself, not just application code.
Administrative access: A limited number of FlowFi personnel may access production infrastructure for the purposes of system maintenance, debugging, and support. All administrative data access is logged with audit trails, restricted to the minimum necessary, and subject to confidentiality obligations. We do not routinely access individual customer accounts.
Automated processing: Certain automated processes (such as aggregated business metrics) access data in a summarised form that does not include personally identifiable financial details. These processes are audit-logged and restricted by authentication controls.
We do not sell your personal information. We may share your information with trusted service providers who help us operate FlowFi (such as hosting and payment providers), and where required by Australian law or regulation.
Under the Australian Privacy Principles, you have the right to access and correct your personal information. You may also request deletion of your account and associated data. To exercise these rights, contact us at privacy@flowfi.com.au.
We use cookies and similar technologies to improve your experience, analyse usage patterns, and ensure the security of our platform. You can manage your cookie preferences through your browser settings.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.
If you have questions about this Privacy Policy or how we handle your data, contact us at: privacy@flowfi.com.au
FlowFi Pty Ltd
ACN 695 755 312
ABN 74 695 755 312