FlexiLay Pty Ltd (“FlexiLay”, “we”, “us”, “our”) provides a flexible lay‑buy payments platform for shoppers and merchants. This Privacy Policy describes how we collect, use, disclose and protect personal information when you use our website, apps, and Shopify integration.
1. Information we collect
- Account & profile data (name, email, phone, password hash, addresses).
- Transaction data (orders, amounts, instalment schedules, refunds, merchant store ID).
- Payment method tokens stored with our PCI‑compliant payment processor (we do not store full card numbers).
- Device & usage data (IP address, browser/OS, pages viewed, app events, cookies).
- Support communications (messages, attachments, feedback).
2. How we use information
- Provide and operate FlexiLay (checkout, schedules, notifications, refunds).
- Verify identity, prevent fraud and enforce Terms.
- Process payments via our payment processor.
- Communicate about accounts, transactions and support.
- Improve features, security and performance (analytics, troubleshooting).
- Comply with legal obligations and regulatory requests.
3. Legal bases (AU & GDPR regions)
We process personal information on the bases of contract (to provide FlexiLay), legitimate interests (security, fraud prevention, product improvement), consent (where required), and legal obligations.
4. Sharing & disclosures
- Payment processors for card tokenization and charging.
- Shopify (and your connected store) to fulfil orders and manage plans.
- Service providers (cloud hosting, analytics, email, customer support) bound by confidentiality.
- Fraud prevention & compliance partners, and where required by law.
- Business transfers (merger, acquisition or asset sale), subject to this Policy.
5. International transfers
We may process data outside your country. Where required, we implement appropriate safeguards such as standard contractual clauses.
6. Retention
We retain information for as long as necessary to provide FlexiLay, comply with law, resolve disputes, and enforce agreements. Merchant records may be retained to meet financial and tax requirements.
7. Your rights
- Access, correction, deletion (subject to legal/contractual limits).
- Opt‑out of non‑essential marketing emails.
- Data export on request.
8. Security
We use encryption in transit and at rest, role‑based access, logging, and secure development practices. No method is 100% secure; please use strong passwords and keep them confidential.
9. Cookies & analytics
We use necessary cookies for authentication and security, and analytics cookies to improve the service. You can control cookies via your browser settings.
10. Children
FlexiLay is not intended for individuals under 16. We do not knowingly collect data from children.
11. Contact
Email: privacy@flexilay.com
12. Changes
We may update this Policy. We will post the revised version with a new “Last updated” date.