Privacy Policy

DuesFlow, Inc. ("DuesFlow", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an Account: Name, email address, password, phone number
• Set Up an Association: Organization name, address, contact information, tax ID (EIN)
• Complete Payment Setup: Bank account information, identity verification documents (collected by Stripe)
• Make Payments: Payment card information (processed by Stripe, not stored by us)
• Use the Marketplace: Property listings, photos, reviews, messages between users
• Contact Support: Communications with our team

1.2 Information Collected Automatically

When you access our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Information: Pages visited, features used, time spent, click patterns
• Location Information: General location based on IP address
• Cookies and Similar Technologies: See our Cookie Policy section below

1.3 Information from Third Parties

We may receive information from:

• Stripe: Payment status, verification results, fraud signals
• Identity Verification Services: Results of background checks (when applicable)
• Social Login Providers: Basic profile information if you sign in with Google, etc.

2. How We Use Your Information

We use collected information to:

2.1 Provide and Operate Our Service

• Process payments and fund transfers
• Facilitate marketplace transactions
• Send transactional emails (receipts, confirmations, notices)
• Enable communication between users
• Provide customer support

2.2 Improve and Personalize

• Analyze usage patterns to improve features
• Personalize your experience
• Develop new products and services

2.3 Security and Compliance

• Detect and prevent fraud
• Enforce our Terms of Service
• Comply with legal obligations
• Respond to legal requests

2.4 Communications

• Send service-related announcements
• Notify you of policy changes
• With your consent, send marketing communications

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: Analytics, fraud prevention, security, service improvement
• Legal Obligations: Compliance with applicable laws
• Consent: Marketing communications, non-essential cookies

4. How We Share Your Information

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: Payment processing, identity verification
• Cloud Hosting: Data storage and infrastructure
• Analytics: Usage analysis (Google Analytics)
• Email Services: Transactional and marketing emails
• Customer Support: Help desk and support tools

4.2 With Other Users

Certain information is shared with other users as necessary for the Service:

• Property owners can see assessment and payment information
• Marketplace hosts and guests share contact information for bookings
• Project posters and contractors share information for work
• Reviews and ratings are visible to community members

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, government inquiries).

4.4 Business Transfers

If DuesFlow is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.5 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Type	Purpose	Duration
Essential	Authentication, security, basic functionality	Session
Functional	Remember preferences, settings	1 year
Analytics	Understand usage, improve service	2 years

5.2 Managing Cookies

You can control cookies through:

• Cookie Consent Banner: Accept or reject non-essential cookies when you first visit
• Browser Settings: Block or delete cookies in your browser preferences
• Opt-Out Links: Google Analytics Opt-out

Note: Blocking essential cookies may impact Service functionality.

6. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide services
• Required by law (tax records, financial transactions)
• Necessary to resolve disputes or enforce agreements

When you delete your account, we delete or anonymize your personal information within 90 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in transit (TLS/HTTPS) and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• PCI-DSS compliance through Stripe

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Your Privacy Rights

8.1 All Users

You have the right to:

• Access your personal information
• Correct inaccurate information
• Delete your account and associated data
• Opt out of marketing communications
• Manage cookie preferences

8.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of data collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, email privacy@duesflow.com or use the "Privacy Request" form in your account settings.

8.3 EEA/UK Residents (GDPR)

If you are in the European Economic Area or United Kingdom, you have rights under GDPR including:

• Access: Obtain a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Object: Object to certain processing activities
• Withdraw Consent: Revoke consent for optional processing

You also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

DuesFlow is based in the United States. If you access our Service from outside the US, your information will be transferred to and processed in the United States.

For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Consent where required

10. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it promptly.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notification for significant changes

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: privacy@duesflow.com
• Support: support@duesflow.com

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@duesflow.com.