Privacy Policy

InvoiceAsItIs is a product of FYR Pte. Ltd. (UEN: 201906280E), a company incorporated in Singapore. References to "we", "us", or "our" refer to FYR Pte. Ltd.

We collect data in three ways:

Data you provide directly:

• Account registration: name, email, password
• Company profile: company name, UEN, GST number, address, logo
• Client records you create in the CRM
• Quotation and invoice content you generate
• Payment proof files you upload
• Support communications

Data collected automatically:

• Login timestamps and IP addresses
• Browser type and device information
• Pages visited and features used
• Session duration

Data from third parties:

• Payment status from PayNow (via your bank)
• OCR extraction results when you scan documents (processed via Veryfi, not stored permanently)

• To provide and improve the InvoiceAsItIs service
• To generate your quotations, invoices, and PDFs
• To process your subscription and billing
• To send transactional emails (invoice sent, payment reminders, account alerts)
• To provide customer support
• To comply with Singapore legal obligations (IRAS, ACRA, PDPA)
• To send product updates (you can opt out)

We do NOT:

• Sell your data to third parties
• Use your data to train AI models
• Share your client data with other tenants
• Use your data for advertising

Service providers (data processors):

• Supabase (database & auth) — AWS Singapore
• Resend (transactional email delivery)
• Veryfi (OCR document processing)
• Stripe (payment processing for subscriptions)
• Cloudflare (CDN and DDoS protection)

All processors are contractually bound to process data only on our instructions and to maintain appropriate security.

Legal requirements:

We may disclose data if required by Singapore law, court order, or regulatory authority.

• All data stored in AWS ap-southeast-1 (Singapore region)
• Data encrypted at rest (AES-256)
• Data encrypted in transit (TLS 1.2+)
• Access controls via role-based permissions
• MFA available for all accounts
• Regular security audits conducted
• Incident response plan in place

We use essential cookies for:

• Authentication session management
• Security (CSRF protection)
• User preferences (theme, sidebar state)

We do NOT use cookies for:

• Advertising or retargeting
• Cross-site tracking
• Analytics beyond our own platform

See our Cookie Policy for full details.

Under Singapore's Personal Data Protection Act 2012, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Withdrawal: Withdraw consent to processing (may affect ability to use the service)
• Portability: Receive your data in a machine-readable format (JSON)
• Deletion: Request erasure of personal data subject to legal retention requirements

To exercise any right, contact dpo@fyrsg.com. Response within 10 business days.

• Active accounts: data retained while account active
• Cancelled accounts: data retained 90 days, then deleted
• Invoice/quotation records: anonymised and retained 7 years (IRAS requirement)
• Audit logs: retained 12 months
• Support communications: retained 24 months
• OCR scan images: deleted within 24 hours of processing

We may update this policy periodically. Material changes will be notified by email to your registered address at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance.

Data Protection Officer:

FYR Pte. Ltd.
dpo@fyrsg.com
2 Venture Drive #11-31 Vision Exchange Singapore 608526

For general privacy queries:

hello@fyrsg.com