Effective Date: June 1, 2025
Privacy Policy
Introduction
This Privacy Policy governs the use, collection, processing, and protection of personal and business data by Pryseflow Ltd (“Pryseflow”, “we”, “us”, or “our”). By using our platform, the user agrees to be legally bound by this policy. The policy covers usage globally and aligns with the UK GDPR, EU GDPR, POPIA (South Africa), NDPR (Nigeria), Kenya's Data Protection Act, and Ghana's Data Protection Act.
Data We Collect
We collect user data through direct input, automated technologies, and third-party integrations. This includes:
- Full names, business names, and contact information
- Billing and invoicing data
- Payment metadata (no full payment card details are stored)
- Session data, IP address, and device metadata
- User support communications
- Usage logs and analytic identifiers
Payment Gateway Data Usage (Paystack, M-Pesa, Stripe,PayPal)
Pryseflow integrates external payment gateways to facilitate secure transactions. We emphasize:
Paystack: Used primarily in West Africa. We never store or access users’ full card or mobile money details. All transactions are tokenized and handled via secure HTTPS connections. Logs retained are minimal and only for auditing.
M-Pesa: Used in East Africa. Mobile number, transaction ID, and amount may be processed through APIs. Pryseflow cannot reverse transactions or view balances.
Stripe: Used globally. PCI DSS-compliant service. Users’ credit card data is encrypted and handled off-platform. Stripe’s own privacy terms apply.
PayPal: Used for international digital payments. PayPal processes payments externally under their own terms and privacy policy. Pryseflow does not access or store users’ PayPal login or payment credentials. Users are responsible for managing their PayPal account security independently.
Pryseflow never mediates or interferes with money movement. Users agree that they engage payment systems directly, and Pryseflow shall not be held liable for transactional issues.
Purpose of Data Processing
Data is processed for:
- Fulfilling our service obligations (subscription management, invoicing)
- Fraud prevention and platform security
- Legal and tax compliance
- Improving user experience via analytics
- Communicating account and service updates
Legal Basis for Processing
Data is processed under the following legal grounds:
- Performance of a contract
- Legal obligations
- Legitimate interests (e.g., fraud protection)
- User consent (where required, such as marketing)
User Accountability
Users are solely responsible for:
- Ensuring their invoicing and billing are lawful
- Entering only truthful and accurate data
- Adhering to local tax, financial, and regulatory compliance
- Avoiding misuse of the platform for fraudulent, malicious, or illegal activities
Pryseflow reserves the right to suspend or terminate accounts without notice for any violations. We shall not be liable for user-generated misconduct. Logs may be retained and submitted to authorities where necessary.
Data Retention
Data is retained based on legal obligations:
- Account records: 6 months after deactivation
- Audit logs and IP logs: 90 days
- Customer support logs: 24 months Deletion requests will be honoured unless restricted by law.
Data Sharing and Processors
We may share data only with:
- Cloud infrastructure providers under strict contracts (e.g., AWS, GCP)
- Email, SMS, or marketing tools (with opt-in consent)
- Regulatory authorities upon valid legal requests
- Payment processors during transaction workflows
International Data Transfers
We transfer data internationally using appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (for UK/EU)
- Binding Corporate Rules (where applicable)
Data Subject Rights
Depending on location, users have the right to:
- Access, correct, or delete personal data
- Restrict or object to processing
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
Security Measures
Pryseflow applies industry best practices:
- SSL/TLS encryption
- Multi-factor authentication
- Access controls
- Security audits and employee training
Cookies
We use cookies to support user authentication, analytics, and site functionality. Users may disable cookies in their browser settings, although some functions may not work.
Minors
Pryseflow does not knowingly collect or process data of individuals under 18. If discovered, such data will be deleted immediately.
Changes to Policy
We may update this policy. Users will be notified via email or dashboard. Continued use of our services confirms acceptance.
Indemnity and Limitation of Liability
Users indemnify Pryseflow from all liabilities resulting from their misuse of the platform. We are not liable for:
- Transaction failures on third-party gateways
- False records or illegal business conduct by users
- Tax evasion or financial misstatements
Our liability is limited to the subscription amount paid in the last 12 months.
Contact Information
Pryseflow Ltd Capital Office,
152-160 City Road, London EC1V 2NX
Email: howcanwehelp@pryseflow.com