1. Introduction

Welcome to Arvalox ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounts receivable management platform and related services (collectively, the "Service").

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data and tell you about your privacy rights and how the law protects you.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Account Information: Name, email address, password, and user role
• Third-Party Authentication: When you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
• Organization Information: Business name, address, phone number, tax information
• Financial Information: Subscription and billing information (processed by Paystack)
• Customer Data: Customer names, contact details, billing addresses, and payment information you input

2.2 Business Data

• Invoice details, amounts, and payment records
• Transaction histories and financial calculations
• Customer payment terms and credit limits
• Usage analytics and feature utilization data

2.3 Technical Data

• Login timestamps and activity logs
• Device information and IP addresses
• Browser type and version
• Usage patterns and feature interactions

3. How We Use Your Information

We use your information to:

• Provide and maintain our accounts receivable management services
• Process payments and manage your subscription
• Generate invoices and financial reports
• Send automated emails including invoices and payment reminders
• Provide customer support and respond to your inquiries
• Monitor usage and enforce subscription limits
• Improve our services and develop new features
• Comply with legal obligations and prevent fraud

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third parties who help us operate our service:

• Google OAuth: For secure authentication when you choose to sign in with Google. Google's use of your information is governed by their Privacy Policy.
• Paystack: Payment processing for subscriptions and transactions
• Email Service Providers: For sending transactional emails and notifications
• Cloud Infrastructure Providers: For hosting and data storage
• Analytics Providers: For understanding service usage and performance

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our terms of service

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption of data in transit and at rest
• Multi-tenant architecture with data isolation
• Role-based access controls and authentication
• Regular security updates and monitoring
• Secure password storage using industry-standard hashing

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Until account deletion or 7 years after last activity
• Financial records: 7 years for legal and tax compliance
• Usage analytics: Up to 2 years for service improvement
• Email communications: Until you opt out or account deletion

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request copies of your personal information
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data (subject to legal requirements)
• Portability: Export your data in common formats (CSV, PDF)
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests

To exercise these rights, please contact us at privacy@arvalox.com.

8. International Data Transfers

Arvalox operates globally and may transfer your personal information to countries outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by relevant authorities
• Adequacy decisions for countries with appropriate data protection laws
• Certification schemes and codes of conduct where applicable

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage patterns. Types of cookies we use:

• Essential cookies: Necessary for basic functionality and security
• Performance cookies: Help us understand how you use our service
• Preference cookies: Remember your settings and customizations

You can control cookies through your browser settings, but some features may not work properly if disabled.

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notification to registered users
• Displaying prominent notices within our application

Changes become effective 30 days after posting unless otherwise specified.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: