Payments are in test mode. Use card 4242 4242 4242 4242 for demo checkouts.

Legal

GDPR & India DPDP

We design for the stricter of GDPR and India's DPDP Act 2023.

Your rights

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion, subject to statutory financial-record retention.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction & objection — limit or object to certain processing.
  • Withdraw consent — for any processing based on consent.

How to request

If you are a user of a customer organization, contact your Org Admin — they have self-serve tools to fulfill most requests. You can also email privacy@reimburseflow.com directly. We respond within 30 days.

Erasure vs. financial retention

Where deletion conflicts with statutory financial or audit retention, we anonymize affected records and document the legal basis for retaining them.

Breach notification

If a personal data breach affects you, we notify the relevant supervisory authority and affected controllers within 72 hours of becoming aware, as required by GDPR Article 33.

Supervisory authority

You have the right to lodge a complaint with your local supervisory authority (e.g. your EU member state DPA, or the Data Protection Board of India under DPDP).

Records of Processing Activities (RoPA)

We maintain a RoPA. Enterprise customers can request a summary under NDA.

Contact

Privacy contact: privacy@reimburseflow.com