Privacy Policy

Last Updated: March 23, 2026

Compliance Notice

InstaInvoice operates in accordance with Papua New Guinea ICT regulations and Bank of Papua New Guinea (BPNG) guidelines for financial data handling and protection.

Introduction

InstaInvoice ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing and financial management platform.

As a financial services platform operating in Papua New Guinea, we comply with:

  • Papua New Guinea ICT Act and regulations
  • Bank of Papua New Guinea (BPNG) Financial Services Guidelines
  • PNG Data Protection requirements
  • International data security standards (ISO 27001)

Information We Collect

Personal Information

We collect information that you provide directly to us when you:

  • Register an account: Name, email address, phone number, business name, ABN/TIN
  • Set up business profile: Business address, logo, banking details, payment terms
  • Create invoices and quotes: Client information, product/service details, pricing, payment terms
  • Process payments: Bank account information, transaction records, payment history
  • Contact us: Support inquiries, feedback, correspondence

Financial Information

In compliance with BPNG guidelines, we collect and securely store:

  • Banking details for payment receipt and invoice generation
  • Transaction records and payment history
  • Invoice and quote data including amounts and payment terms
  • Expense records and categorization
  • Financial reports and statements

Automatically Collected Information

  • Usage Data: Features accessed, time spent, actions performed
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, error logs, security events
  • Location Data: General geographic location based on IP address

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery

  • Creating and managing your account
  • Processing invoices, quotes, and payment requests
  • Generating financial reports and analytics
  • Managing client and product databases
  • Processing and tracking expenses

Communication

  • Sending invoice and payment notifications
  • Providing customer support and responding to inquiries
  • Sending service updates and important announcements
  • Delivering subscription and billing information

Security and Compliance

  • Detecting and preventing fraud and unauthorized access
  • Maintaining audit trails as required by BPNG regulations
  • Complying with legal obligations and regulatory requirements
  • Protecting against security threats and vulnerabilities

Service Improvement

  • Analyzing usage patterns to enhance user experience
  • Developing new features and functionality
  • Conducting research and analytics
  • Troubleshooting technical issues

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With Your Consent

When you explicitly authorize us to share information with third parties.

Service Providers

We work with trusted third-party service providers who assist in operating our platform, including:

  • Cloud hosting services (Supabase for secure database management)
  • Payment processing partners (for handling financial transactions)
  • Email service providers (for communication delivery)
  • Analytics providers (for usage analysis and improvement)

These providers are contractually bound to maintain confidentiality and security.

Legal Compliance

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Respond to BPNG audits or regulatory inquiries
  • Enforce our Terms of Service
  • Protect rights, property, or safety of InstaInvoice, users, or the public
  • Prevent fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Data Security

We implement industry-leading security measures to protect your information in compliance with BPNG security standards:

Technical Safeguards

  • • End-to-end encryption for data transmission (TLS 1.3)
  • • AES-256 encryption for data at rest
  • • Secure database infrastructure with automatic backups
  • • Multi-factor authentication options
  • • Regular security audits and penetration testing

Operational Safeguards

  • • Role-based access controls
  • • Employee security training and background checks
  • • Incident response and breach notification procedures
  • • Regular security updates and patch management
  • • Comprehensive audit logging and monitoring

Important: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to maintain the highest standards.

Your Rights and Choices

Under PNG data protection regulations and BPNG guidelines, you have the following rights:

Access and Portability

Request access to your personal information and receive a copy in a portable format.

Correction

Update or correct inaccurate or incomplete personal information at any time through your account settings.

Deletion

Request deletion of your account and associated data, subject to legal retention requirements under BPNG regulations (minimum 7 years for financial records).

Restriction

Request restriction of processing of your personal information in certain circumstances.

Objection

Object to processing of your information for direct marketing or other purposes.

Communication Preferences

Opt out of marketing communications while continuing to receive essential service notifications.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Active accounts: Information retained while your account is active and for 90 days after account closure
  • Financial records: Minimum 7 years as required by BPNG regulations for audit purposes
  • Transaction data: Retained according to regulatory requirements and business needs
  • Marketing data: Until you opt out or request deletion
  • Log data: Typically 12 months for security and troubleshooting purposes

International Data Transfers

Your information may be transferred to and processed in countries other than Papua New Guinea where our service providers operate. We ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Adequate levels of data protection in destination countries
  • Appropriate security measures during transmission and storage

Children's Privacy

InstaInvoice is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notifications to registered users
  • Displaying prominent notices in the application

Your continued use of InstaInvoice after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

InstaInvoice Privacy Office

Email: [email protected]

Data Protection Officer: [email protected]

Support: [email protected]

Physical Address: Port Moresby, Papua New Guinea

Regulatory Compliance

InstaInvoice is committed to compliance with Papua New Guinea ICT regulations and Bank of Papua New Guinea guidelines. For regulatory inquiries or concerns, you may also contact:

Bank of Papua New Guinea

Douglas Street, Port Moresby

Email: [email protected]

This Privacy Policy is effective as of March 23, 2026 and applies to all users of InstaInvoice services.