Terms of Service

These Terms of Service govern your use of the website located at https://app.spendflo.com and any related services provided by Spendflo.

By accessing https://app.spendflo.com, you agree to abide by these Terms of Service and to comply with all applicable laws and regulations. If you do not agree with these Terms of Service, you are prohibited from using or accessing this website or using any other services provided by Spendflo.

We, Spendflo, reserve the right to review and amend any of these Terms of Service at our sole discretion. Upon doing so, we will update this page. Any changes to these Terms of Service will take effect immediately from the date of publication.

These Terms of Service were last updated on 9 June 2021.

Limitations of Use

By using this website, you warrant on behalf of yourself, your users, and other parties you represent that you will not:

  1. modify, copy, prepare derivative works of, decompile, or reverse engineer any materials and software contained on this website;
  2. remove any copyright or other proprietary notations from any materials and software on this website;
  3. transfer the materials to another person or “mirror” the materials on any other server;
  4. knowingly or negligently use this website or any of its associated services in a way that abuses or disrupts our networks or any other service Spendflo provides;
  5. use this website or its associated services to transmit or publish any harassing, indecent, obscene, fraudulent, or unlawful material;
  6. use this website or its associated services in violation of any applicable laws or regulations;
  7. use this website in conjunction with sending unauthorized advertising or spam;
  8. harvest, collect, or gather user data without the user’s consent; or
  9. use this website or its associated services in such a way that may infringe the privacy, intellectual property rights, or other rights of third parties.

Intellectual Property

The intellectual property in the materials contained in this website are owned by or licensed to Spendflo and are protected by applicable copyright and trademark law. We grant our users permission to download one copy of the materials for personal, non-commercial transitory use.

This constitutes the grant of a license, not a transfer of title. This license shall automatically terminate if you violate any of these restrictions or the Terms of Service, and may be terminated by Spendflo at any time.

User-Generated Content

You retain your intellectual property ownership rights over content you submit to us for publication on our website. We will never claim ownership of your content, but we do require a license from you in order to use it.

When you use our website or its associated services to post, upload, share, or otherwise transmit content covered by intellectual property rights, you grant to us a non-exclusive, royalty-free, transferable, sub-licensable, worldwide license to use, distribute, modify, run, copy, publicly display, translate, or otherwise create derivative works of your content in a manner that is consistent with your privacy preferences and our Privacy Policy.

The license you grant us can be terminated at any time by deleting your content or account. However, to the extent that we (or our partners) have used your content in connection with commercial or sponsored content, the license will continue until the relevant commercial or post has been discontinued by us.

You give us permission to use your username and other identifying information associated with your account in a manner that is consistent with your privacy preferences, and our Privacy Policy.


Our website and the materials on our website are provided on an 'as is' basis. To the extent permitted by law, Spendflo makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property, or other violation of rights.

In no event shall Spendflo or its suppliers be liable for any consequential loss suffered or incurred by you or any third party arising from the use or inability to use this website or the materials on this website, even if Spendflo or an authorized representative has been notified, orally or in writing, of the possibility of such damage.

In the context of this agreement, “consequential loss” includes any consequential loss, indirect loss, real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data, whether under statute, contract, equity, tort (including negligence), indemnity, or otherwise.

Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

Accuracy of Materials

The materials appearing on our website are not comprehensive and are for general information purposes only. Spendflo does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on this website, or otherwise relating to such materials or on any resources linked to this website.


Spendflo has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement, approval, or control by Spendflo of the site. Use of any such linked site is at your own risk and we strongly advise you make your own investigations with respect to the suitability of those sites.

Right to Terminate

We may suspend or terminate your right to use our website and terminate these Terms of Service immediately upon written notice to you for any breach of these Terms of Service.


Any term of these Terms of Service which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity of the remainder of these Terms of Service is not affected.

Governing Law

These Terms of Service are governed by and construed in accordance with the laws of CA, United States. You irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

Data Breach Policy


A data breach is generally taken to be a suspected breach of data security of personal data which may lead to unauthorised or unlawful processing, accidental loss, destruction of or damage to personal data.

Process to handle Data Breach

Should an incident of data breach occur, Spendflo will take all remedial actions to lessen the harm or damage. The following action plan will be implemented:

Immediate gathering of essential information relating to the breach

Spendflo will promptly appoint dedicated personnel to be in charge of the investigation and process. The dedicated personnel shall promptly gather the following essential information:

  • When did the breach occur?
  • Where did the breach take place?
  • How was the breach detected and by whom?
  • What was the cause of the breach?
  • What kind and extent of personal data was involved?
  • How many data subjects were affected?
  • Who needs to be made aware of the breach?

Are there any methods to recover any losses and limit the damage the breach may cause?

The dedicated personnel may consider designating an appropriate individual / team (‘the coordinator’) to assume overall responsibility in handling the data breach incident, such as leading the initial investigation, informing relevant parties regarding the breach and what they are expected to do to assist in the containment exercise and the subsequent production of a detailed report on the findings of the investigation. The coordinator may need to report and synchronise with different functional divisions / departments / units and escalate the matter to senior management so that remedial actions and executive decisions can be made as soon as possible.

Assessing the risk of harm

Some data security breaches will not lead to risks beyond possible inconvenience, an example is where a laptop is irreparably damaged, but its files were backed up and can be recovered. While these types of incidents can still have significant consequences, the risks are very different from those posed by, for example, theft or identity fraud.

Each data breach will follow the risk assessment process below:

  • The kind of personal data being leaked
  • The amount of personal data involved and the level of sensitivity
  • The circumstances of the data breach i.e. online or traceable
  • The likelihood of identity theft or fraud
  • Whether the leaked data is adequately encrypted, anonymised or otherwise rendered inaccessible, e.g. if passwords are needed for access
  • Whether the data breach is ongoing and whether there will be further exposure of the leaked data
  • Whether the breach is an isolated incident or a systematic problem
  • In the case of physical loss, whether the personal data has been retrieved before it can be accessed or copied
  • Whether effective mitigation / remedial measures have been taken after the breach occurs
  • The ability of the data subjects to avoid or mitigate possible harm
  • The reasonable expectation of personal data privacy of the data subject

Contacting the interested parties, containment and recovery

Once the risk has been assessed, the dedicated personnel in charge will take actions to stop the breach and if necessary this may involve law enforcement agencies i.e. police.

The following containment measures will be followed:

  • Stopping the system if the data breach is caused by a system failure
  • Changing the users’ passwords and system configurations to contract access and use
  • Considering whether internal or outside technical assistance is needed to remedy the system loopholes and/or stop the hacking
  • Ceasing or changing the access rights of individuals suspected to have committed or contributed to the data breach
  • Notifying the relevant law enforcement agencies if identity theft or other criminal activities are or will be likely to be committed
  • Keeping the evidence of the data breach which may be useful to facilitate investigation and the taking of corrective actions

Notification of breaches

Spendflo appreciates the distress such incidents can cause. We endeavour to keep the data subject abreast with the investigation and remedial actions. In case of a personal data breach, without undue delay and where feasible we aim to notify the data subject within 72 hours of becoming aware of the breach.

It is important not only to investigate the causes of the breach but also to evaluate procedures taken to mitigate possible future incidents. Spendflo attempts to learn from the experience, review how data collected is being handled to identify the roots of the problem, allow constant review to take place and to devise a clear strategy to prevent future recurrence.

The review will take into consideration:

  • Ongoing improvement of security in the personal data handling processes
  • The control of the access rights granted to individuals to use personal data. Are principals “need-to-know” and “need-to-access” being adopted
  • The adequacy of the IT security measures to protect personal data from hacking, unauthorised or accidental access, processing, erasure, loss or use
  • Ongoing revision of the relevant privacy policy and practice in the light of the data breach
  • The effective detection of the data breach. The keeping of logs and trails of access enabling early warning signs to be identified
  • The strengthening of the monitoring and supervision mechanism of data users, controllers and processors
  • Review of the ongoing training to promote privacy awareness and to enhance the prudence, competence and integrity of the employees particularly those who act as controllers and processors
  • Review of this policy and procedures listed.