Who We Are

FluxIsSpark operates from South Korea and provides invoice processing automation services primarily to businesses in the South Korean market. Our registered address is 덕양구 행신동 720-13번지 고양시 경기도 KR, and you can reach us at +82314106100.

When we say "we," "us," or "our" in this policy, we're referring to FluxIsSpark. When we say "you" or "your," we mean both the business entity using our services and the individual users within that organization.

What Information We Collect

Information You Give Us Directly

When you sign up for our services or contact us, you share certain information:

• Business contact details — company name, business registration number, billing address
• Individual user information — names, email addresses, phone numbers, job titles
• Account credentials — usernames and securely hashed passwords
• Payment information — processed through secure third-party payment processors (we don't store full card numbers)
• Communication records — emails, support tickets, and feedback you send us

Information from Your Use of Our Service

Our invoice automation system processes the documents you upload:

• Invoice documents — including vendor names, amounts, dates, line items, and related metadata
• Processing preferences — your workflow rules, approval hierarchies, and automation settings
• Usage data — which features you use, when you log in, processing volumes
• Technical data — IP addresses, browser types, device information, error logs

How We Use Your Information

We use the information we collect for specific purposes:

Purpose	Information Used	Legal Basis
Providing invoice automation services	All invoice data, user accounts, processing preferences	Contract performance
Customer support and troubleshooting	Account details, usage data, communication records	Contract performance and legitimate interest
Billing and payment processing	Business details, payment information, usage volumes	Contract performance
Service improvement and development	Aggregated usage data, feature adoption metrics	Legitimate interest
Security and fraud prevention	Technical data, access logs, usage patterns	Legal obligation and legitimate interest
Legal compliance and record-keeping	All data as required by applicable laws	Legal obligation

We don't use your invoice data for marketing purposes. We don't sell your data to third parties. We don't train AI models on your specific business documents without explicit consent.

How We Share Your Information

We keep your data within our organization except in these situations:

Service Providers

We work with carefully selected third parties who help us operate our service. These include cloud hosting providers, payment processors, and security service providers. All service providers are bound by confidentiality agreements and process data only according to our instructions.

Legal Requirements

We may disclose information when required by South Korean law, court orders, or government requests. We'll notify you of such requests unless legally prohibited from doing so.

Business Transfers

If FluxIsSpark is acquired or merged with another company, your information may be transferred to the new entity. We'll notify you before this happens and explain any changes to how your data is handled.

How We Protect Your Information

Security isn't just a checkbox for us — it's built into how we operate:

• Encryption in transit — all data moving between your browser and our servers uses TLS 1.3 encryption
• Encryption at rest — invoice data and sensitive information are encrypted in our databases
• Access controls — employee access to customer data is strictly limited based on job function and logged for audit purposes
• Regular security audits — we conduct quarterly security reviews and annual penetration testing
• Secure development practices — code reviews, vulnerability scanning, and security training for our team
• Data center security — our cloud infrastructure providers maintain SOC 2 Type II certification
• Incident response plan — we have documented procedures for detecting and responding to security incidents

No system is perfectly secure, but we invest heavily in protecting your data. If a security incident affects your information, we'll notify you promptly and explain what happened and what we're doing about it.

How Long We Keep Your Information

We keep different types of information for different periods:

• Active account data — retained while your account is active and you're using our services
• Invoice data — retained according to your account settings (typically 3-7 years to comply with accounting record requirements)
• Deleted account data — most data deleted within 90 days, though some information may be retained for legal or security purposes
• Billing records — kept for 7 years to comply with South Korean tax and accounting regulations
• Support communications — typically retained for 2 years for quality assurance and legal protection
• Aggregated analytics — anonymized usage statistics may be retained indefinitely

You can request early deletion of your data, but we may need to retain certain information to comply with legal obligations or resolve disputes.

Your Rights and Choices

Under South Korean Personal Information Protection Act and other applicable laws, you have several rights:

Access and Portability

You can request a copy of your personal information in a commonly used format. For invoice data, you can export your documents directly from your account dashboard at any time.

Correction

If information we hold about you is inaccurate, you can update it through your account settings or contact us for assistance.

Deletion

You can request deletion of your account and associated data. We'll delete information within 90 days unless we're legally required to retain it.

Processing Restrictions

You can ask us to limit how we process your information in certain circumstances — for example, while we investigate a data accuracy concern.

Objection

You can object to processing based on legitimate interests. We'll stop unless we have compelling grounds to continue.

International Data Transfers

Our primary operations are in South Korea, but we use cloud service providers whose infrastructure may store data in multiple locations. When we transfer data outside South Korea, we ensure appropriate safeguards are in place through:

• Standard contractual clauses approved by relevant data protection authorities
• Service providers with recognized data protection certifications
• Technical security measures including encryption and access controls

Most of our infrastructure remains within South Korea and nearby regions to ensure optimal performance and data sovereignty for our Korean business customers.

Cookies and Tracking Technologies

We use cookies and similar technologies to make our service work and understand how it's used:

• Essential cookies — required for authentication, security, and basic functionality (can't be disabled)
• Performance cookies — help us understand which features are used and identify technical problems
• Preference cookies — remember your settings and customization choices

We don't use advertising cookies or share cookie data with third-party advertisers. You can control non-essential cookies through your browser settings, though this may limit some functionality.

Children's Privacy

Our services are designed for businesses and not intended for individuals under 18. We don't knowingly collect information from children. If we discover we've inadvertently collected such information, we'll delete it promptly.

Changes to This Policy

We'll update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and post a notice in your account dashboard at least 30 days before the changes take effect.

Continued use of our services after changes take effect means you accept the updated policy. If you disagree with changes, you can close your account before they take effect.

Additional Information for South Korean Users

Under South Korea's Personal Information Protection Act (PIPA), we're required to provide additional disclosures:

• Personal Information Protection Officer — responsible for handling privacy matters and data protection compliance
• Processing and retention periods — detailed in the "How Long We Keep Your Information" section above
• Rights under PIPA — including access, correction, deletion, and processing suspension rights
• Complaint procedures — you can file complaints with the Personal Information Protection Commission

For specific questions about PIPA compliance or to exercise your rights under Korean law, contact us using the information below.