Privacy Policy

Information We Collect

When you use our invoice processing platform, we collect different types of information depending on how you interact with our services. Here's what we actually gather and why we need it.

Business Account Information

When you sign up for GlowEnex, we collect basic details about your company: business name, contact person, email address, phone number, and billing address. We also store your login credentials (though passwords are encrypted, so even we can't see them).

Invoice Processing Data

This is the core of what we do. When you upload invoices for processing, we collect:

• Invoice documents: PDFs, images, or other file formats containing invoice data
• Extracted data: Vendor names, amounts, dates, line items, payment terms
• Processing metadata: Upload timestamps, processing status, user actions
• Approval workflows: Who reviewed what and when decisions were made

Usage Information

We track how you use the platform to improve our services. This includes page views, features you access most often, search queries within the system, and error logs when something goes wrong. We also collect device information like browser type and IP address.

How We Use Your Information

Everything we collect serves a specific purpose. We don't gather data just for the sake of it.

Service Delivery

Obviously, we use your invoice data to actually process your invoices. Our system extracts information, categorizes expenses, flags potential issues, and routes documents through your approval workflow. Without processing this data, we couldn't provide the service you're paying for.

Platform Improvement

We analyze aggregated usage patterns to make the platform better. For example, if we notice many users struggle with a particular feature, we redesign it. When our extraction accuracy drops for certain invoice formats, we retrain our models.

Communication

We'll email you about important things like system updates, security alerts, processing errors, and billing matters. You can opt out of marketing emails, but we'll still need to send essential service communications.

Data Storage and Security

Your data lives on secure servers located in South Korea. We take protection seriously because your invoices contain sensitive business information.

Security Measures We've Implemented

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• Access controls: Role-based permissions limit who can see what within your organization
• Authentication: Multi-factor authentication available for all users
• Monitoring: 24/7 security monitoring with automated threat detection
• Backups: Daily encrypted backups stored in separate secure facilities
• Audits: Regular security assessments by third-party experts

Data Retention

We keep your data for as long as you maintain an active account, plus an additional period as required by South Korean business regulations. Specifically:

• Invoice documents: 7 years (accounting regulation compliance)
• Transaction records: 5 years (tax authority requirements)
• Account information: Duration of service plus 3 years
• Usage logs: 2 years for security and debugging purposes

When you close your account, we'll delete personal data within 90 days unless legal obligations require longer retention. You can request immediate deletion of specific data that isn't subject to legal hold.

Who We Share Data With

We don't sell your information. Period. But we do share data with specific parties when necessary to provide our services.

Service Providers

We work with carefully selected companies that help us run the platform. Cloud infrastructure providers host our servers. Email service providers deliver notifications. Payment processors handle billing. Each provider signs strict data protection agreements and can only use your data for the specific services they provide to us.

Legal Requirements

Sometimes we're legally required to share information. This includes responding to valid subpoenas, complying with tax audits, or cooperating with law enforcement when presented with proper legal documentation. We'll notify you about such requests unless prohibited by law.

Business Transfers

If GlowEnex is acquired or merges with another company, your data would transfer to the new entity. We'd notify you beforehand and you'd have the option to delete your account if you don't want your data transferred.

Your Rights and Controls

Under South Korean Personal Information Protection Act (PIPA), you have specific rights regarding your data. Here's what you can do and how to actually do it.

How to Exercise Your Rights

Most data management tasks can be handled directly in your account dashboard under Settings > Privacy Controls. For requests requiring manual review, contact our privacy team at the details below. We'll respond within 7 business days and complete most requests within 30 days.

If you're not satisfied with how we handle your request, you can file a complaint with the Personal Information Protection Commission in South Korea.

Cookies and Tracking

Our platform uses cookies to function properly. Here's what we're tracking and why.

Essential Cookies

These keep you logged in and remember your preferences. Without them, you'd have to re-authenticate constantly and reset your preferences every session. You can't disable these and still use the platform effectively.

Analytics Cookies

We use analytics to understand how people use GlowEnex. This helps us identify confusing features, find bugs, and prioritize improvements. These cookies track things like which pages you visit and how long you spend on different tasks.

Managing Cookies

You can control cookie preferences in your browser settings. Disabling analytics cookies won't affect platform functionality, though it does make it harder for us to improve the service based on actual usage patterns.

International Data Transfers

While our primary servers are in South Korea, some service providers operate globally. This means your data might be processed in other countries with different privacy laws.

When we transfer data internationally, we ensure appropriate safeguards are in place through standard contractual clauses approved by relevant authorities. Your data receives equivalent protection regardless of where it's physically processed.

If you have concerns about international transfers, contact us to discuss your specific situation. In some cases, we can arrange for data to remain within South Korea, though this may limit certain features.

Children's Privacy

GlowEnex is a business service. We don't knowingly collect information from anyone under 18. If we discover we've accidentally collected data from a minor, we'll delete it immediately.

Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice in the platform for at least 30 days.

Minor updates (like clarifying existing practices or fixing typos) won't trigger notifications, but we'll always update the "Last Updated" date at the top of this page.

Continued use of GlowEnex after changes take effect means you accept the updated policy. If you disagree with changes, you can close your account before they go into effect.

Data Breach Notification

If we experience a security breach that affects your data, we'll notify you within 72 hours of discovering the incident. The notification will explain what happened, what data was affected, what we're doing about it, and steps you should take to protect yourself.

We'll also report breaches to the Personal Information Protection Commission as required by South Korean law.