Privacy Policy

Last Updated: May 2026

This Privacy Policy ("Policy") describes how DevShift ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you use the Guliel invoicing platform and related services (the "Service").

We are committed to protecting your privacy and handling your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA) and other applicable data protection laws.

By using the Service, you agree to the collection and use of information in accordance with this Policy. Please read this Policy carefully before using the Service.

1. INFORMATION WE COLLECT

1.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

Account Information: Name, email address, password, and contact details when you create an account.

Organization Information: Business name, registration number, tax identification number, business address, and other details you enter for your organizations.

Financial Information: Bank account details, payment account information, and receiving account details you add to the Service.

Client and Supplier Data: Names, addresses, contact information, and other details of your clients and suppliers that you enter into the Service.

Document Data: Information contained in invoices, receipts, purchase orders, and other documents you create, including line items, amounts, dates, and descriptions.

Communications: Messages, feedback, support requests, and other communications you send to us.

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information:

Device Information: Device type, operating system, browser type and version, unique device identifiers, and mobile network information.

Log Data: IP address, access times, pages viewed, actions taken within the Service, referring URL, and other system activity.

Usage Data: Features used, documents created, frequency of use, and interaction patterns with the Service.

Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to collect information about your browsing activities. See Section 7 for more details.

1.3 Information from Third Parties

We may receive information from third parties, including:

Payment Processors: When you connect payment services (such as Stripe or PayPal), we may receive limited information about your connected account status.

Authentication Providers: If you sign in using a third-party authentication service, we receive basic profile information as authorized by you.

Analytics Providers: Aggregated and anonymized usage statistics from analytics services.

2. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

2.1 Providing the Service

  • Creating and managing your account
  • Enabling you to create, store, and manage documents
  • Processing and facilitating transactions
  • Generating reports and exports
  • Providing customer support

2.2 Improving the Service

  • Analyzing usage patterns to improve features and functionality
  • Identifying and fixing bugs and technical issues
  • Developing new features based on user needs
  • Conducting research and analysis

2.3 Communications

  • Sending service-related notices and updates
  • Responding to your inquiries and support requests
  • Sending marketing communications (with your consent where required)
  • Notifying you of changes to our terms or policies

2.4 Security and Compliance

  • Detecting, preventing, and addressing fraud, abuse, and security issues
  • Enforcing our Terms and Conditions
  • Complying with legal obligations
  • Protecting our rights and the rights of others

3. LEGAL BASIS FOR PROCESSING

Under the PDPA and other applicable laws, we process your personal data based on the following legal grounds:

Consent: Where you have given us explicit consent to process your personal data for specific purposes.

Contract Performance: Where processing is necessary to perform our contract with you (i.e., providing the Service).

Legal Obligation: Where we are required to process your data to comply with applicable laws.

Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests do not override your rights.

4. DISCLOSURE OF INFORMATION

We may share your information in the following circumstances:

4.1 Service Providers

We engage third-party service providers to perform functions on our behalf, such as hosting, data storage, analytics, payment processing, and customer support. These providers have access to personal data only to perform their functions and are obligated to maintain confidentiality and security.

4.2 Payment Processors

When you connect payment services or process payments through the Service, relevant transaction information is shared with the applicable payment processor (such as Stripe or PayPal) according to their privacy policies.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

  • Court orders, subpoenas, or legal proceedings
  • Requests from law enforcement or regulatory authorities
  • To protect the rights, property, or safety of the Company, our users, or others
  • To detect, prevent, or address fraud, security, or technical issues

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than Singapore, including countries where our service providers are located. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data internationally, we take appropriate safeguards to ensure that your information receives an adequate level of protection, including:

  • Ensuring recipients are bound by contractual obligations to protect personal data
  • Transferring data only to countries with adequate data protection standards
  • Implementing appropriate technical and organizational security measures

6. DATA RETENTION

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

The retention period depends on the context:

Account Data: Retained while your account is active and for a reasonable period thereafter to allow for reactivation or data export.

Document Data: Retained while your account is active. Upon account deletion, document data is deleted within 90 days, subject to any legal retention requirements.

Financial Records: May be retained for up to 7 years to comply with tax and accounting obligations in various jurisdictions.

Log Data: Generally retained for up to 12 months for security and troubleshooting purposes.

Backup Data: May persist in backups for up to 90 days after deletion from active systems.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (such as local storage and web beacons) to operate the Service, analyze usage, and remember your preferences.

7.2 Types of Cookies We Use

Essential Cookies: Required for the Service to function. These enable core functionality such as authentication, security, and session management. Cannot be disabled.

Functional Cookies: Remember your preferences and settings to enhance your experience.

Analytics Cookies: Help us understand how users interact with the Service, which pages are most popular, and how to improve performance.

Marketing Cookies: Used to track visitors across websites to display relevant advertisements. We currently do not use marketing cookies but may introduce them in the future with appropriate consent mechanisms.

7.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may affect the functionality of the Service. For more information about managing cookies, visit your browser's help documentation.

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and testing
  • Access controls and authentication requirements
  • Secure hosting infrastructure
  • Regular backups and disaster recovery procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

9. YOUR RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal data:

9.1 Under Singapore PDPA

Access: You have the right to request access to your personal data that we hold.

Correction: You have the right to request correction of any inaccurate or incomplete personal data.

Withdrawal of Consent: Where we rely on consent, you may withdraw your consent at any time. Note that this may affect our ability to provide certain services.

9.2 Additional Rights in Other Jurisdictions

If you are located in jurisdictions with additional data protection laws (such as the EU/EEA under GDPR, or certain US states), you may also have rights to:

  • Request deletion of your personal data
  • Request restriction of processing
  • Data portability
  • Object to certain processing
  • Lodge a complaint with a supervisory authority

9.3 Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may need to verify your identity before processing your request.

9.4 Account Data Access

You can access, update, and export much of your data directly through the Service. We provide export functionality to download your documents and data in commonly used formats.

10. CHILDREN'S PRIVACY

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information. If you believe we have collected information from a child, please contact us immediately.

11. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our Service. We are not responsible for the privacy practices or content of third-party websites or services.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Policy on our website with a new "Last Updated" date
  • Sending you an email notification for significant changes
  • Displaying a notice within the Service

Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy.

13. CONTACT INFORMATION AND DATA PROTECTION OFFICER

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

DevShift

Email: privacy@guliel.com

Website: www.guliel.com

We will endeavor to respond to all legitimate requests within 30 days. In complex cases or during periods of high volume, we may require additional time, in which case we will notify you.

14. JURISDICTION-SPECIFIC PROVISIONS

14.1 Singapore

For users in Singapore, this Policy complies with the Personal Data Protection Act 2012 (PDPA). Our Data Protection Officer can be contacted at the address above for any PDPA-related inquiries.

14.2 Israel

For users in Israel, we process personal data in accordance with the Privacy Protection Law, 5741-1981 and its regulations, including the Privacy Protection Regulations (Data Security), 5777-2017. Under Amendment 13 to the Privacy Protection Law (effective August 2025), we recognize expanded definitions of personal data including online identifiers.

14.3 United States

For users in the United States, certain state privacy laws may provide additional rights. California residents may have rights under the California Consumer Privacy Act (CCPA) if applicable thresholds are met. We do not sell personal information as defined under the CCPA.

14.4 European Economic Area

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, and we process your personal data, we do so in compliance with the General Data Protection Regulation (GDPR). The legal bases for our processing activities are described in Section 3. You may contact your local data protection authority if you have concerns about our data practices.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.