Privacy Policy

Who we are

AR Manager (“we”, “our”) is a B2B accounts-receivable SaaS platform operated by Dyflows. We process personal data on behalf of our customers (controllers) solely to deliver the service described below.

What data we collect

• Account data: name, work email, hashed password, 2FA secret
• Client & invoice data you enter: names, email addresses, amounts, due dates
• Communication data: email follow-up content, AI-generated drafts, call logs
• Usage data: page views, action timestamps (no advertising trackers)
• Payment data: Mollie payment IDs — card/bank details are never stored by us

Why we process it (legal basis)

• Contract performance — to provide the service you subscribed to
• Legitimate interest — fraud prevention, service security, analytics
• Legal obligation — audit logs retained for Dutch bookkeeping requirements (7 years)

Who we share data with

• Resend — email delivery (EU-hosted)
• Mollie — payment processing (EU, PCI-DSS certified)
• Anthropic — AI draft generation (data not used for training under our enterprise terms)
• Neon / Vercel — database and hosting (EU regions)

We do not sell personal data to third parties.

Your rights (GDPR)

As a data subject you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. Use the GDPR export in Settings → GDPR Export for a machine-readable copy, or email us at privacy@dyflows.com.

Cookies

We use strictly necessary session cookies (NextAuth) and a preference cookie for your language selection. No advertising or tracking cookies are set.

Retention

Active account data is retained for the duration of the subscription plus 30 days. After cancellation you can request full deletion. Audit logs are kept for 7 years to comply with Dutch financial record-keeping requirements.

Contact

Questions? privacy@dyflows.com