Legal
Last updated: 31 May 2026 · Applies to payflowai.io and app.payflowai.io
These Terms of Service govern access to and use of the PayFlowAI website, application, software, products, features, integrations, subscriptions, and related services made available by PayFlowAI FlexKapG, trading as PayFlowAI (“PayFlowAI,” “we,” “us,” or “our”).
Please read these Terms carefully. By creating an account, clicking to accept these Terms, accessing or using the Service, subscribing to a paid plan, or signing an order form or other document that references these Terms, you agree to be bound by these Terms. If you are using the Service on behalf of a company, organisation, or other legal entity, you represent that you have authority to bind that entity. In that case, “Customer,” “you,” and “your” refer to that entity.
If you do not agree to these Terms, you must not access or use the Service.
Important: PayFlowAI helps businesses track invoices, monitor receivables, generate payment reminder drafts, and manage customer follow-up workflows. PayFlowAI is not a law firm, debt collection agency, accounting firm, tax advisor, payment institution, bank, credit bureau, or financial advisor. You remain responsible for the accuracy of your invoices, customer records, reminder messages, payment instructions, legal compliance, and business decisions.
In these Terms, the following words have the meanings set out below.
“Account” means the account created by or for Customer to access and use the Service.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where “control” means ownership or control of more than fifty percent (50%) of the voting interests or equivalent decision-making authority.
“AI Output” means text, suggestions, summaries, classifications, recommendations, payment reminder drafts, insights, risk indicators, or other output generated by or through artificial intelligence, machine learning, language models, automation, or similar technology within the Service.
“Authorised User” means an employee, contractor, representative, or other individual authorised by Customer to access and use the Service on Customer’s behalf and for Customer’s internal business purposes.
“Beta Features” means any feature, functionality, integration, tool, or service made available on a beta, preview, pilot, experimental, early access, trial, or evaluation basis.
“Confidential Information” has the meaning given in Section 11.
“Customer Data” means all data, content, records, files, text, information, documents, invoices, invoice line items, customer information, client records, payment status information, payment history, uploaded materials, email content, reminder content, notes, business data, and other materials submitted to, uploaded into, transmitted through, generated in, or otherwise made available to PayFlowAI by or on behalf of Customer or its Authorised Users through the Service.
“Documentation” means user guides, instructions, product descriptions, help centre materials, onboarding materials, technical documentation, and other written materials made available by PayFlowAI in relation to the Service, as updated from time to time.
“Fees” means the subscription fees, usage fees, implementation fees, add-on fees, professional services fees, taxes, and other amounts payable by Customer in connection with the Service.
“Intellectual Property Rights” means patents, copyrights, moral rights, database rights, trademarks, trade names, service marks, trade secrets, know-how, design rights, and all other intellectual property or proprietary rights, whether registered or unregistered, anywhere in the world.
“Order Form” means any online checkout page, subscription page, pricing page, order form, statement of work, quote, invoice, purchase confirmation, or other ordering document that identifies the Service, plan, subscription, term, pricing, usage limits, or other commercial terms agreed between Customer and PayFlowAI.
“Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws including the GDPR.
“Service” means the PayFlowAI hosted software platform, website, web application, APIs, AI features, invoice tracking tools, receivables dashboard, reminder generation tools, email workflows, integrations, subscription plans, support, Documentation, and related services made available by PayFlowAI.
“Subscription Term” means the subscription period stated in the applicable Order Form, online checkout, subscription page, or account settings, including any renewal period.
“Third-Party Services” means third-party applications, platforms, software, services, processors, email providers, payment providers, hosting providers, analytics tools, large language model providers, authentication providers, accounting platforms, CRM platforms, or integrations that interoperate with or are used in connection with the Service.
“Usage Data” means technical, diagnostic, usage, telemetry, analytics, log, performance, and metadata relating to use of the Service, including feature usage, system performance, error logs, device and browser information, and aggregated usage statistics. Usage Data does not include the substantive content of Customer Data unless such data has been anonymised and aggregated so that it cannot reasonably identify Customer, Authorised Users, Customer’s clients, or any individual.
PayFlowAI provides software designed to help businesses manage accounts receivable workflows, including invoice tracking, overdue invoice visibility, customer follow-up, AI-generated reminder drafts, email reminder workflows, invoice status management, payment recording, customer notes, dashboard reporting, and related administrative functionality.
The Service is intended to support business productivity and internal receivables management. It does not replace professional advice, human judgement, legal review, accounting review, tax advice, or customer relationship management by Customer.
PayFlowAI may update, improve, modify, suspend, discontinue, or remove features from the Service from time to time. We will use commercially reasonable efforts not to materially reduce the core functionality of a paid subscription during the applicable paid Subscription Term, unless required for security, legal, operational, technical, or third-party dependency reasons.
To use the Service, Customer or its Authorised Users may be required to create an Account, provide accurate registration information, and maintain accurate account, company, billing, and contact details.
Customer is responsible for ensuring that all account information is complete, accurate, and up to date. PayFlowAI may rely on account contact details for notices, billing communications, operational messages, security alerts, and other Service-related communications.
Customer may permit Authorised Users to access the Service solely for Customer’s internal business purposes and subject to these Terms. Customer is responsible for all acts and omissions of its Authorised Users and for ensuring that Authorised Users comply with these Terms.
Unless otherwise expressly permitted by the applicable subscription plan or Order Form, each Account or user login may only be used by one individual. User accounts may not be shared, transferred, resold, or used by multiple people.
Customer is responsible for maintaining the confidentiality of login credentials, authentication methods, and devices used to access the Service. Customer must promptly notify PayFlowAI if it becomes aware of unauthorised access to or use of the Service, Customer Data, or any Account.
PayFlowAI is not responsible for losses arising from Customer’s failure to maintain secure credentials, devices, networks, access controls, internal permissions, or authentication practices.
Subject to these Terms, the applicable Order Form, and Customer’s payment of all applicable Fees, PayFlowAI grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable right during the applicable Subscription Term to access and use the Service and Documentation solely for Customer’s internal business purposes.
No rights are granted except as expressly stated in these Terms. PayFlowAI and its licensors reserve all rights not expressly granted.
Customer must not, and must not permit any Authorised User or third party to:
PayFlowAI may suspend or restrict access to the Service if it reasonably believes Customer or any Authorised User has violated this Section, created security risk, caused operational harm, failed to pay Fees, or used the Service in a manner that may expose PayFlowAI, Customer, other users, or third parties to liability.
Customer is solely responsible for:
PayFlowAI is not responsible for inaccurate invoices, incorrect customer records, incorrect reminder messages, failed payment requests, customer disputes, tax treatment, accounting treatment, legal escalation, or business decisions made by Customer.
The Service may include AI-powered features that generate suggested payment reminder emails, summarise receivables, classify invoice status, propose follow-up language, identify overdue trends, draft customer communications, or provide operational insights.
AI Output is generated by automated systems and may be inaccurate, incomplete, outdated, inappropriate, duplicated, misleading, or unsuitable for Customer’s specific circumstances. Customer must independently review and approve all AI Output before using, sending, relying on, or acting upon it. AI Output must never be sent to a client or third party without prior human review and approval by an Authorised User.
AI Output is provided for general business productivity purposes only. It is not legal, accounting, tax, financial, credit, debt collection, or professional advice. Customer should consult qualified professionals where appropriate.
Customer is solely responsible for decisions made based on AI Output. Customer should not rely on AI Output as the sole basis for decisions that may materially affect a customer, debtor, supplier, employee, contractor, or other third party.
PayFlowAI may use third-party AI, language model, infrastructure, or automation providers to deliver AI features. Customer authorises PayFlowAI to process Customer Data with such providers as necessary to provide the Service, subject to applicable data protection terms and confidentiality obligations set out in Schedule 1 to these Terms.
Unless otherwise stated in a separate written agreement, PayFlowAI will not intentionally use Customer Data to train public third-party foundation models. PayFlowAI may use Usage Data and anonymised, aggregated data to operate, secure, analyse, and improve the Service.
The Service may allow Customer to generate, copy, send, schedule, or track invoice reminder emails and related communications. Customer is responsible for reviewing and approving all reminder content before sending.
Customer is responsible for the legality, accuracy, tone, timing, recipient selection, payment instructions, invoice references, and business appropriateness of any communication sent through, copied from, or generated by the Service.
PayFlowAI may use Third-Party Services to send or facilitate emails. PayFlowAI does not guarantee that any email will be delivered, opened, read, accepted by the recipient’s mail server, avoid spam filters, or result in payment.
Customer is responsible for configuring sender domains, DNS records, SPF, DKIM, DMARC, reply-to addresses, email permissions, and related settings where required.
Customer must not use the Service to send unsolicited, unlawful, misleading, abusive, or non-compliant communications. Customer is responsible for complying with applicable electronic communications, anti-spam, marketing, debt collection, and customer communication laws.
PayFlowAI may limit, throttle, suspend, or disable email-related functionality where it reasonably believes the Service is being misused, where deliverability or sender reputation may be harmed, or where required by a Third-Party Service.
The Service may integrate with or rely on Third-Party Services, including hosting providers, database providers, authentication providers, email delivery providers, payment processors, analytics tools, accounting platforms, CRM platforms, AI providers, and other technology providers.
Customer’s use of Third-Party Services may be subject to separate terms, policies, fees, permissions, and data processing arrangements between Customer and the relevant third party. PayFlowAI is not responsible for Third-Party Services, including their availability, security, functionality, errors, delays, outages, data practices, pricing, or changes.
PayFlowAI may add, remove, suspend, replace, or modify integrations with Third-Party Services at any time. PayFlowAI will not be liable for any loss or damage arising from Third-Party Services, including changes to APIs, authentication, pricing, service availability, rate limits, policies, or provider terms.
As between Customer and PayFlowAI, Customer retains all right, title, and interest in and to Customer Data. These Terms do not transfer ownership of Customer Data to PayFlowAI.
Customer grants PayFlowAI and its Affiliates, personnel, subcontractors, and Third-Party Services a limited, worldwide, non-exclusive right to access, host, copy, process, transmit, display, modify, and use Customer Data solely as necessary to:
Customer is solely responsible for the accuracy and completeness of Customer Data. PayFlowAI does not independently verify invoices, customer details, payment status, outstanding balances, tax information, bank details, or customer communications.
During the Subscription Term, Customer may export certain Customer Data using available Service functionality, where provided. Additional export support may be subject to technical limitations, plan limitations, and additional fees.
Following termination or expiration of Customer’s subscription, PayFlowAI may retain Customer Data for a limited period to allow export, account recovery, legal compliance, dispute resolution, backup, audit, fraud prevention, security, and legitimate business purposes.
Unless otherwise required by applicable law or agreed in writing, PayFlowAI may delete or anonymise Customer Data after account closure or subscription termination in accordance with its then-current retention practices. Customer is responsible for exporting Customer Data before terminating the Service.
“Confidential Information” means non-public information disclosed by one party to the other party that is designated as confidential or that should reasonably be understood to be confidential given the nature of the information and circumstances of disclosure. Confidential Information includes business plans, product plans, pricing, technical information, security information, software, trade secrets, Customer Data, and the non-public features and functionality of the Service.
Confidential Information does not include information that the receiving party can demonstrate:
The receiving party must protect the disclosing party’s Confidential Information using at least reasonable care and must not use or disclose it except as necessary to perform obligations or exercise rights under these Terms, as permitted in writing by the disclosing party, or as required by law.
A receiving party may disclose Confidential Information to its employees, contractors, advisors, Affiliates, subcontractors, and service providers who need to know the information for purposes related to these Terms and who are bound by confidentiality obligations no less protective than those set out here.
If a receiving party is required by law, regulation, court order, or governmental authority to disclose Confidential Information, it must, where legally permitted, provide reasonable notice to the disclosing party and reasonably cooperate with efforts to limit or protect the disclosure.
PayFlowAI’s processing of Personal Data is described in its Privacy Policy, available at https://www.payflowai.io/privacy. Customer should review the Privacy Policy carefully.
To the extent PayFlowAI processes Personal Data contained in Customer Data on Customer’s behalf, Customer is the controller or business, and PayFlowAI is the processor or service provider, as applicable under data protection laws.
To the extent PayFlowAI processes Personal Data for its own account administration, billing, security, analytics, service improvement, marketing, or legal compliance purposes, PayFlowAI acts as an independent controller.
Where required by applicable data protection laws, including Regulation (EU) 2016/679 (GDPR), the Data Processing Addendum set out in Schedule 1 to these Terms applies to PayFlowAI’s processing of Personal Data on Customer’s behalf and forms part of these Terms.
Customer represents and warrants that it has provided all required notices and obtained all required rights, permissions, lawful bases, and consents necessary for PayFlowAI and its subprocessors to process Customer Data and Personal Data as contemplated by these Terms.
PayFlowAI will implement and maintain commercially reasonable administrative, technical, and organisational measures designed to protect Customer Data against unauthorised access, accidental loss, destruction, alteration, or disclosure. The technical and organisational measures currently implemented by PayFlowAI are described in Annex B to Schedule 1.
However, no system, software, network, transmission, storage method, or internet-based service is completely secure. PayFlowAI does not guarantee that Customer Data will be immune from unauthorised access, cyberattack, loss, corruption, or interruption.
Customer is responsible for implementing appropriate security measures within its own environment, including strong passwords, multi-factor authentication where available, access management, user offboarding, endpoint security, email security, internal policies, and backup practices.
PayFlowAI may collect and use Usage Data to operate, maintain, secure, support, analyse, and improve the Service, including to monitor performance, detect errors, prevent abuse, understand feature adoption, develop new functionality, and improve user experience.
PayFlowAI may use and disclose Usage Data in aggregated or anonymised form for business, analytical, benchmarking, product development, and marketing purposes, provided that such data does not identify Customer, Authorised Users, Customer’s clients, or any individual.
Customer must pay all Fees in accordance with the applicable subscription plan, checkout page, Order Form, invoice, or billing terms.
Unless otherwise stated, Fees are payable in advance, are non-cancelable, and are non-refundable except as expressly stated in these Terms or required by applicable law.
Customer must provide accurate, current, and complete billing information and, where applicable, a valid payment method. Customer authorises PayFlowAI and its payment processors to charge all applicable Fees, taxes, and charges to the payment method provided.
If payment fails or Fees remain unpaid, PayFlowAI may retry payment, contact Customer, suspend access, downgrade the Account, restrict functionality, or terminate the subscription. Customer remains responsible for all unpaid Fees.
Fees are exclusive of taxes unless expressly stated otherwise. Customer is responsible for all applicable taxes, duties, levies, VAT, sales taxes, use taxes, withholding taxes, and similar governmental charges, except taxes based on PayFlowAI’s net income.
If Customer is required by law to withhold taxes, Customer must gross up payments so that PayFlowAI receives the full amount invoiced, unless otherwise prohibited by law.
PayFlowAI may change Fees, pricing plans, usage limits, or billing methods from time to time. For existing paid subscriptions, changes will apply at the next renewal or as otherwise communicated, unless required sooner by law, tax changes, third-party provider cost increases, or changes requested by Customer.
PayFlowAI may offer free trials, beta access, promotional plans, discounts, or credits. PayFlowAI may modify or withdraw trials or promotions at any time. At the end of a trial, Customer may be required to subscribe to a paid plan to continue using the Service.
These Terms begin when Customer first accepts them, creates an Account, accesses the Service, or signs an Order Form referencing them, and continue until terminated in accordance with these Terms.
Unless otherwise stated in the applicable Order Form or subscription settings, paid subscriptions automatically renew for successive periods equal to the expiring subscription period, unless cancelled before renewal in accordance with the cancellation process made available by PayFlowAI.
Customer may cancel its subscription through the Account settings or by contacting PayFlowAI at contact(at)payflowai.io, unless a different cancellation process is stated in the applicable Order Form.
Cancellation will take effect at the end of the then-current billing period unless otherwise stated. Customer will remain responsible for all Fees incurred before cancellation. Unless required by law or expressly stated otherwise, PayFlowAI does not provide refunds or credits for partial billing periods, unused features, unused seats, or unused subscription time.
Either party may terminate these Terms or an applicable Order Form if the other party materially breaches these Terms and fails to cure the breach within thirty (30) days after receiving written notice. PayFlowAI may terminate immediately if Customer breaches Sections 5, 7, 8, 10, 12, 20, or 21, if continued access creates legal, security, operational, or reputational risk, or if required by a Third-Party Service provider or applicable law.
PayFlowAI may suspend access to the Service, in whole or in part, if:
Where commercially reasonable and legally permitted, PayFlowAI will provide notice and an opportunity to resolve the issue.
Upon termination or expiration:
Sections relating to definitions, payment obligations, use restrictions, Customer responsibilities, AI disclaimers, Customer Data, confidentiality, privacy and data protection, intellectual property, disclaimers, indemnity, limitation of liability, termination effects, governing law, notices, and miscellaneous provisions survive termination.
PayFlowAI and its licensors own all right, title, and interest in and to the Service, Documentation, software, technology, interfaces, designs, workflows, AI systems, models, prompts, templates, product features, know-how, processes, analytics, Usage Data, improvements, and all related Intellectual Property Rights.
Except for the limited rights expressly granted in these Terms, Customer receives no ownership interest or other rights in the Service.
Customer owns Customer Data, subject to the rights granted to PayFlowAI under these Terms.
If Customer or any Authorised User provides suggestions, ideas, enhancement requests, corrections, recommendations, or other feedback regarding the Service (“Feedback”), PayFlowAI may use, disclose, reproduce, licence, distribute, and exploit Feedback without restriction, attribution, or compensation. Customer grants PayFlowAI a perpetual, irrevocable, worldwide, royalty-free licence to use Feedback for any purpose.
Customer may not use PayFlowAI’s name, logo, trademarks, service marks, or branding without PayFlowAI’s prior written consent.
Unless Customer opts out by written notice, Customer grants PayFlowAI a non-exclusive, worldwide, royalty-free licence to use Customer’s name and logo solely to identify Customer as a PayFlowAI customer on PayFlowAI’s website, pitch decks, customer lists, and marketing materials. PayFlowAI will use commercially reasonable efforts to comply with Customer’s brand guidelines provided in writing.
PayFlowAI may provide onboarding, implementation, configuration, consulting, training, support, or other professional services under a separate Order Form or statement of work.
Unless otherwise agreed in writing, professional services are provided on a commercially reasonable efforts basis and do not guarantee any specific business outcome, collection result, cash flow improvement, implementation timeline, integration result, or customer payment.
Any deliverables provided as part of professional services are licensed to Customer solely for use with the Service and for Customer’s internal business purposes, unless otherwise expressly agreed in writing.
PayFlowAI may make Beta Features available from time to time. Beta Features are provided for evaluation only, may be changed or discontinued at any time, may be incomplete or unstable, and may contain bugs, errors, or inaccuracies.
Beta Features are provided “as is” without warranties, indemnities, commitments, support obligations, or service level commitments. Customer uses Beta Features at its own risk.
Each party represents that it has the legal authority to enter into these Terms and perform its obligations.
To the maximum extent permitted by law, the Service, Documentation, AI Output, Beta Features, and all related materials are provided “as is” and “as available.” PayFlowAI disclaims all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, quiet enjoyment, accuracy, availability, reliability, and uninterrupted or error-free operation.
PayFlowAI does not warrant that:
PayFlowAI does not provide legal advice, accounting advice, tax advice, financial advice, debt collection services, payment services, credit reporting, credit scoring, or regulated financial services. Customer is responsible for obtaining professional advice where needed.
Customer will defend, indemnify, and hold harmless PayFlowAI, its Affiliates, officers, directors, employees, contractors, agents, licensors, and service providers from and against any claims, demands, actions, proceedings, damages, losses, liabilities, costs, and expenses, including reasonable legal fees, arising out of or relating to:
PayFlowAI will defend Customer against any third-party claim alleging that Customer’s authorised use of the Service, in accordance with these Terms, directly infringes a third party’s intellectual property rights, and will pay damages finally awarded by a court or agreed in settlement by PayFlowAI.
PayFlowAI has no indemnity obligation for claims arising from:
If the Service is or may become subject to an infringement claim, PayFlowAI may, at its option:
This Section states PayFlowAI’s entire liability and Customer’s exclusive remedy for intellectual property infringement claims.
The indemnified party must promptly notify the indemnifying party of the claim, provide reasonable cooperation, and allow the indemnifying party to control the defence and settlement, provided that no settlement may impose obligations or admissions on the indemnified party without its prior written consent.
To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, exemplary, punitive, or enhanced damages, or for any loss of profits, revenue, goodwill, business opportunity, anticipated savings, data, use, reputation, or business interruption, arising out of or relating to these Terms or the Service, even if advised of the possibility of such damages.
To the maximum extent permitted by law, PayFlowAI’s total aggregate liability arising out of or relating to these Terms or the Service will not exceed the greater of:
Multiple claims will not expand this limitation.
Nothing in these Terms limits liability that cannot be limited under applicable law, including liability for fraud, fraudulent misrepresentation, intentional misconduct, or death or personal injury caused by negligence where such limitation is prohibited.
PayFlowAI will use commercially reasonable efforts to make the Service available, subject to planned maintenance, emergency maintenance, downtime, security incidents, internet failures, Third-Party Service issues, force majeure events, and other circumstances beyond PayFlowAI’s reasonable control.
Unless a separate written service level agreement applies, PayFlowAI does not guarantee any specific uptime, support response time, resolution time, or availability level.
Support may be provided through email at contact(at)payflowai.io, in-app support, documentation, or other channels made available by PayFlowAI. Support availability may depend on Customer’s subscription plan.
PayFlowAI may update these Terms from time to time. If changes are material, PayFlowAI will use commercially reasonable efforts to provide notice, such as by email, in-app notice, website posting, or account notification.
Updated Terms will become effective on the date stated in the notice or posted version. Continued use of the Service after updated Terms become effective constitutes acceptance of the updated Terms.
If Customer does not agree to updated Terms, Customer must stop using the Service and cancel its subscription before the updated Terms take effect.
Customer must comply with all applicable laws and regulations in connection with its use of the Service, including laws relating to privacy, data protection, electronic communications, anti-spam, consumer protection, debt collection, accounting, tax, sanctions, anti-bribery, anti-corruption, and export controls.
Customer represents that it is not located in, organised under the laws of, or ordinarily resident in any country or territory subject to comprehensive sanctions, and that it is not identified on any applicable sanctions or restricted party list.
Customer must not use the Service in violation of export control or sanctions laws or for prohibited end uses.
Neither party will be liable for delay or failure to perform obligations, except payment obligations, caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, labour disputes, government action, epidemics, pandemics, power failures, internet failures, cyberattacks, denial-of-service attacks, cloud provider failures, Third-Party Service failures, or changes in law.
Notices to PayFlowAI must be sent to:
PayFlowAI FlexKapG Attn: Legal Doeblinger Haupstrasse 33/14, 1190 Vienna, Austria, Email: legal(at)payflowai.io
Notices to Customer may be sent to the email address associated with Customer’s Account, billing contact, Order Form, or account administrator.
Notices by email are deemed received when sent, unless the sender receives an automated failure notice. This Section does not apply to service of legal proceedings where applicable law requires another method.
These Terms and any dispute or claim arising out of or relating to them, the Service, or their formation are governed by the laws of the Republic of Austria, without regard to conflict of law rules.
The Handelsgericht Wien (Commercial Court of Vienna) will have exclusive jurisdiction to resolve any dispute arising out of or relating to these Terms or the Service, unless applicable law requires otherwise.
Customer may not assign, transfer, delegate, or sublicence these Terms or any rights or obligations under them without PayFlowAI’s prior written consent.
PayFlowAI may assign, transfer, or delegate these Terms or any rights or obligations under them to an Affiliate, successor, acquirer, or in connection with a merger, acquisition, corporate reorganisation, financing, or sale of all or substantially all of its assets.
These Terms, together with any applicable Order Form, Privacy Policy, Data Processing Addendum (Schedule 1), and documents expressly incorporated by reference, constitute the entire agreement between Customer and PayFlowAI regarding the Service and supersede all prior or contemporaneous agreements, understandings, and communications.
If there is a conflict between these Terms and an Order Form, the Order Form controls only with respect to the conflicting commercial terms expressly stated in that Order Form. These Terms control in all other respects unless the Order Form expressly states that it overrides a specific section.
If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that these Terms will otherwise remain in full force and effect.
No failure or delay by either party in exercising any right under these Terms will constitute a waiver of that right. A waiver of any right is effective only if given in writing and will not be deemed a waiver of any subsequent breach or default.
The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, employment, franchise, or agency relationship between the parties.
These Terms are for the benefit of Customer and PayFlowAI only and do not confer any rights on any third party.
Section headings are for convenience only and do not affect the interpretation of these Terms.
These Terms are written in English. In the event of any conflict between an English version and a translation, the English version will prevail.
Effective date: 31 May 2026
This Data Processing Addendum (“DPA”) forms part of the PayFlowAI Terms of Service (the “Agreement”) between PayFlowAI FlexKapG (“PayFlowAI” or “Processor”) and the Customer (“Controller”). Capitalised terms not defined in this DPA have the meanings given in the Agreement.
This DPA applies where PayFlowAI processes Personal Data on behalf of Customer in the course of providing the Service, as required by Article 28 of Regulation (EU) 2016/679 (the “GDPR”) and other applicable data protection laws.
For the purposes of this DPA:
“Data Protection Laws” means all applicable laws and regulations relating to the processing of Personal Data, including the GDPR, the Austrian Data Protection Act (Datenschutzgesetz, DSG), and any successor or supplementing legislation.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
“Data Subject” means an identified or identifiable natural person to whom Personal Data relates.
“Processing” has the meaning given in the GDPR and includes any operation or set of operations performed on Personal Data.
“Sub-processor” means any processor engaged by PayFlowAI to process Personal Data on behalf of Customer.
“Supervisory Authority” means the competent data protection authority, including the Austrian Data Protection Authority (Datenschutzbehörde, DSB).
“Security Incident” means any confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
Customer acts as the data controller in respect of Personal Data contained within Customer Data and processed by PayFlowAI on Customer’s behalf.
PayFlowAI acts as the data processor in respect of such Personal Data, processing it solely on documented instructions from Customer and for the purposes of providing the Service.
Where PayFlowAI processes Personal Data for its own purposes (such as account administration, billing, fraud prevention, or legal compliance), PayFlowAI acts as an independent data controller and such processing is governed by the Privacy Policy rather than this DPA.
Subject matter: Personal Data contained within Customer Data submitted to the Service.
Nature of processing: Collection, storage, retrieval, use, display, transmission, structuring, AI analysis, and deletion of Personal Data as necessary to provide the Service.
Purpose of processing: To provide the Service in accordance with the Agreement, including invoice tracking, accounts receivable management, AI-generated reminder drafts, email workflows, dashboard reporting, and related functionality.
Categories of Personal Data: Name, email address, postal address, telephone number, company name, invoice references, payment amounts, payment status, payment history, bank or payment account references, and any other Personal Data included in Customer Data by Customer or its Authorised Users.
Categories of Data Subjects: Customer’s clients, debtors, suppliers, employees, contractors, or other individuals whose Personal Data is included in Customer Data by Customer.
Duration: The duration of the Agreement, subject to DPA Section 11 (Return and Deletion).
PayFlowAI will process Personal Data only on documented instructions from Customer, including as set out in the Agreement and this DPA, unless required to do so by applicable law, in which case PayFlowAI will inform Customer of that legal requirement before processing (unless prohibited by law).
Customer instructs PayFlowAI to process Personal Data as necessary to provide the Service, respond to support requests, comply with legal obligations, and exercise rights under the Agreement.
If PayFlowAI believes that an instruction infringes Data Protection Laws, PayFlowAI will promptly inform Customer.
PayFlowAI will ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
PayFlowAI will limit access to Personal Data to those personnel who require access to provide the Service or as otherwise required by applicable law.
PayFlowAI will implement and maintain the technical and organisational measures described in Annex B to this DPA, designed to ensure a level of security appropriate to the risks presented by the processing, having regard to the nature, scope, context, and purposes of processing and the risks to the rights and freedoms of Data Subjects.
In assessing the appropriate level of security, PayFlowAI takes into account the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
Customer provides general authorisation for PayFlowAI to engage Sub-processors as necessary to provide the Service, subject to the conditions set out in this Section.
The current list of Sub-processors is set out in Annex A to this DPA.
PayFlowAI will notify Customer of any intended changes to the list of Sub-processors (additions or replacements) by updating Annex A and providing notice via email or the Service at least fourteen (14) days before the change takes effect, giving Customer an opportunity to object.
If Customer has a legitimate data protection objection to the appointment of a new Sub-processor, Customer must notify PayFlowAI in writing within fourteen (14) days of receiving notice. The parties will discuss the objection in good faith. If the parties cannot resolve the objection, Customer may terminate the relevant subscription on written notice, in which case PayFlowAI will refund any prepaid Fees for the unused remainder of the Subscription Term.
PayFlowAI will impose data protection obligations on Sub-processors equivalent in substance to those set out in this DPA, in particular as regards providing sufficient guarantees to implement appropriate technical and organisational measures. PayFlowAI remains liable to Customer for the performance of Sub-processors’ obligations.
PayFlowAI will, taking into account the nature of the processing, assist Customer by appropriate technical and organisational measures, insofar as possible, to fulfil Customer’s obligation to respond to requests from Data Subjects exercising their rights under Chapter III of the GDPR (including rights of access, rectification, erasure, restriction, portability, and objection).
PayFlowAI will notify Customer promptly upon receiving a request from a Data Subject relating to Personal Data processed on Customer’s behalf, and will not respond to such requests directly without Customer’s prior authorisation, unless required by applicable law.
PayFlowAI will assist Customer in ensuring compliance with the following obligations, taking into account the nature of processing and information available to PayFlowAI:
PayFlowAI will make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR, and will allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to the following conditions:
Upon termination or expiry of the Agreement, PayFlowAI will, at Customer’s choice, delete or return all Personal Data processed on Customer’s behalf, and delete all existing copies, unless applicable law requires storage.
Customer must export Customer Data using the Service’s export functionality prior to termination. If Customer requires additional assistance with data return, this may be subject to additional fees and a separate written agreement.
PayFlowAI will notify Customer without undue delay, and in any event within seventy-two (72) hours of becoming aware, of a Security Incident affecting Personal Data processed on Customer’s behalf.
The notification will include, to the extent then available:
If information is not available at the time of initial notification, PayFlowAI will provide it in subsequent notifications as it becomes available.
Notification of a Security Incident does not constitute an acknowledgment of fault or liability.
PayFlowAI will not transfer Personal Data to a country outside the European Economic Area (EEA) unless appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
Details of transfers and applicable safeguards are set out in Annex A.
Each party’s liability under this DPA is subject to the limitations set out in Section 22 of the Agreement, except to the extent that applicable Data Protection Laws prohibit such limitation.
The following Sub-processors are approved as at the date of this DPA. PayFlowAI may update this list in accordance with DPA Section 7.
Sub-processor
Entity
Country
Processing Activity
Transfer Safeguard
Supabase
Supabase Inc.
United States
Database hosting, authentication, storage
Standard Contractual Clauses (Module 2)
Vercel
Vercel Inc.
United States
Application hosting, CDN, edge infrastructure
Standard Contractual Clauses (Module 2)
Resend
Resend Inc.
United States
Transactional and reminder email delivery
Standard Contractual Clauses (Module 2)
OpenAI
OpenAI, L.L.C.
United States
AI language model processing, reminder generation
Standard Contractual Clauses (Module 2)
Stripe
Stripe Payments Europe, Ltd.
Ireland (EEA)
Subscription billing and payment processing
Adequacy, EEA entity
Google Analytics
Google Ireland Ltd.
Ireland (EEA)
Usage analytics and performance measurement
Adequacy, EEA entity
PayFlowAI implements and maintains the following technical and organisational measures to protect Personal Data processed on behalf of Customer.
Questions about these terms?
Contact us