These terms are the agreement between you and CriticalFlow for using the CriticalFlow application. Each section opens with a plain-English summary — the summary helps you read, but the full clause is what applies.
CriticalFlow is operated by Critical Flow Services Pty Ltd, ABN 13 622 452 813, of South Australia, Australia ("CriticalFlow", "we", "us"). By creating an account, accepting an invitation, or using the service, you agree to these terms. If you use CriticalFlow on behalf of an organisation, you agree on that organisation's behalf and confirm you have authority to do so ("you", "your organisation"). The account holder that created or pays for an organisation (the "subscriber") is responsible under these terms for everyone it invites.
CriticalFlow is a hosted, multi-tenant web application for services and project-based businesses: scheduling people and equipment against projects, modelling cost and revenue, and reporting on business performance.
Every figure CriticalFlow produces — forecasts, profit and loss views, budgets, quotes, cash-flow projections — is an estimate derived from the data and assumptions you enter. CriticalFlow is not an accounting system of record and does not provide accounting, taxation, financial, or legal advice. You are responsible for decisions made using the service and should verify significant figures with your own advisers before relying on them.
Each user in an organisation is assigned a role (Super Admin, Admin, Manager, or Viewer) that controls what they can see and do — including access to financial and pay data. Your organisation is responsible for assigning roles appropriately, for all activity under its users' accounts, and for resolving any dispute between the subscriber and its invited users about access or data. Invited users must also accept these terms to use the service.
You must keep login credentials confidential and tell us promptly at security@criticalflowservices.com.au if you suspect unauthorised access. Multi-factor authentication is required by default for every organisation; if your organisation's administrator chooses to relax an optional security control (for example, making multi-factor authentication optional), the consequences of that choice are your organisation's responsibility.
We may offer a free tier, free trials, and features labelled or reasonably understood as new, beta, or early-access. Anything we provide without charge is provided at your own risk and may be changed, limited, or withdrawn at any time. We may add, modify, retire, or move features between tiers (including moving a feature from the free tier to a paid tier) — where a change materially reduces what a paid subscription includes, clause 17's notice and cancellation rights apply. Nothing in this clause limits your rights under clause 14.
When paid plans become available, paid subscriptions will be charged per seat at the prices published on our website at that time or agreed with you in writing, billed in advance on a recurring basis through our payment provider, Stripe. Card details are provided by you directly to Stripe; we do not receive or store full card numbers. Prices are in Australian dollars. We are not currently registered for GST; if that changes, GST will be added to prices in accordance with the law at the time. Subscriptions renew automatically until cancelled; cancelling stops the next renewal and your paid features continue until the end of the period already paid for.
We may change prices or introduce new charges with at least 30 days' notice; changes apply from your next renewal, never retrospectively. If a payment fails, we will make reasonable efforts to notify you and retry before suspending paid features, and will not terminate your organisation's account for non-payment without further notice. Subject to clause 14 and any rights you have at law, fees already paid are not refundable.
You (or your organisation) own all data you enter into CriticalFlow — people, projects, schedules, financial figures, and everything else ("your data"). You grant us a limited, non-exclusive licence to host, copy, back up, process, transmit, and display your data solely to: provide the service to you; keep it secure and prevent abuse or fraud; provide support you request; comply with law; and maintain and improve the service. We may also use data in aggregated, de-identified form that cannot reasonably identify you, your organisation, or any individual, for purposes such as benchmarking and product statistics.
We do not sell your data, and we do not use your data to train any AI model — ours or a third party's. We have no obligation to monitor your data, and how we handle personal information is described in our Privacy Policy.
You are responsible for the accuracy of the data you enter and for having the right to enter it — in particular, personal information about your own employees and contractors (such as names, roles, and pay) which your organisation is responsible for collecting and handling lawfully. Do not enter data you have no right to hold, and do not enter payment-card numbers or government identifiers into free-text fields.
You agree not to: use the service in breach of law or these terms; store or process data you have
no right to hold; attempt to bypass access controls, role restrictions, or tenant isolation; probe,
scan, or test the service's security except through the responsible-disclosure channel in our
security.txt; interfere with the service's operation or other tenants' use of it; resell
or provide the service to third parties as a service bureau; or reverse-engineer the service except
as permitted by law that cannot be excluded.
Shared resources — including CriticalFlow AI usage, email sending, and storage — are subject to fair use. If your usage is excessive or unreasonable compared to ordinary business use of your plan, we may ask you to moderate it, apply limits, or discuss an appropriate plan; except where urgent action is needed to protect the service or other tenants, we will warn you and give you a reasonable opportunity to adjust before suspending anything.
CriticalFlow AI is an in-app help assistant. It is designed so that only product documentation and the text of the question you type are processed — it does not access your organisation's data (people, projects, financials), and if you ask about your own numbers it will point you to the right screen instead. Questions are processed by our subprocessor Anthropic in the United States and are not used to train models. AI usage is subject to caps and fair use (clause 7), and the assistant's answers are general product guidance, not advice — significant matters should be checked against the product itself and your own advisers.
We aim to keep the service available and will make reasonable efforts to schedule maintenance outside ordinary Australian business hours and to give notice of planned maintenance. However, we do not offer a committed uptime or service-level guarantee at this time, and — subject to clause 14 — we do not warrant that the service will be uninterrupted or error-free. The service depends on third-party infrastructure providers (listed on our Subprocessors page) whose availability we do not control.
We maintain layered, rolling recovery snapshots and nightly backups of organisation data, retained on a rolling basis (see the Privacy Policy for retention periods). These exist for operational recovery — they are not an archive service. You are responsible for keeping your own exports of data that is critical to your business, using the export tools available on your plan.
We maintain technical and organisational measures appropriate to the data we hold, including database-level tenant isolation, server-side role-based redaction of pay and financial data, multi-factor authentication, and an append-only audit log. Our current security posture — including the fact that we do not yet hold independent certifications such as SOC 2 or ISO 27001 — is described honestly in our Privacy Policy. No system is perfectly secure, and subject to clause 14 we do not warrant that the service will be free of vulnerabilities. If you find one, please report it via security@criticalflowservices.com.au.
You may stop using the service and cancel at any time. We may suspend access where reasonably necessary to address a security risk, a material breach of these terms (including clause 7), unlawful use, or overdue payment (clause 5). For a breach that can be remedied, we will give you notice and at least 14 days to remedy it before terminating; we may terminate immediately for a breach that cannot be remedied or where the law requires or allows us to act at once.
After cancellation or termination: your organisation's data is archived rather than immediately erased, and can be reactivated if you return; on written request within 30 days, we will provide a complete export of your organisation's data in a machine-readable format; and on written request we will delete, de-identify, or put beyond use your organisation's data to the extent practicable within a reasonable time. Until you make that request, archived data is retained as described in the Privacy Policy — rolling version snapshots persist for up to about 60 days, nightly backups expire within about 30 days, and the archived organisation record itself is retained until deletion is requested. One exception applies: security audit-log entries are, by design, tamper-evident and cannot be altered or selectively deleted — by anyone, including us; they are retained per the schedule in the Privacy Policy.
We own the CriticalFlow software, design, branding, and documentation. You own your data (clause 6). Neither of us transfers ownership of pre-existing intellectual property to the other. If you give us feedback or suggestions, you grant us a perpetual, royalty-free licence to use them without restriction or obligation to you.
Each party must take reasonable steps to protect the other's confidential information, use it only for purposes connected with these terms, and not disclose it except to personnel and advisers who need it, or where disclosure is required by law or a regulator.
Some jurisdictions — including Australia under the Australian Consumer Law — provide guarantees, warranties, and rights that cannot lawfully be excluded, restricted, or modified ("non-excludable rights"). Nothing in these terms excludes, restricts, or modifies any non-excludable right. To the extent the law permits us to limit our liability for failing to comply with a non-excludable guarantee relating to services, our liability is limited, at our option, to supplying the services again or paying the cost of having the services supplied again. Every other clause of these terms — including clauses 5, 15, and 16 — applies subject to this clause.
Subject to clause 14: the service is provided "as is" and "as available", and we exclude all other conditions, warranties, and guarantees, whether express or implied, including fitness for a particular purpose and non-infringement. We do not warrant that the service will meet your specific requirements, be uninterrupted, error-free, or secure, or that its outputs are suitable to rely on without verification (clause 2).
Subject to clause 14, neither party is liable to the other for indirect or consequential loss, or for loss of profits, revenue, anticipated savings, goodwill, reputation, business opportunity, or business interruption, however arising, even if advised of the possibility.
Subject to clause 14, our liability for loss or corruption of your data is limited to taking reasonable steps to restore it from the recovery snapshots and backups described in clause 9.
Subject to clause 14, our total aggregate liability to you and your organisation for all claims arising out of or in connection with the service or these terms, however arising, is limited to the greater of (a) the total fees you paid us in the 12 months before the event giving rise to the claim and (b) AUD $100. This cap does not apply to liability that cannot lawfully be limited (such as liability arising from fraud or wilful misconduct). The parties agree these limitations reflect a reasonable allocation of risk given the nature and price of the service, including its free tier.
Subject to clause 14, you indemnify us against loss arising from a third-party claim to the extent it results from your data infringing someone's rights, or from your (or your invited users') unlawful use of the service or material breach of these terms — except to the extent the claim results from our breach of these terms, our negligence, or our wilful misconduct. We will notify you promptly of any such claim, allow you reasonable conduct of the defence, not settle without your consent (not unreasonably withheld), and take reasonable steps to mitigate the loss.
We continuously develop CriticalFlow and may add, change, or retire features (see clause 4). We may also update these terms — for example for new features, legal or regulatory reasons, or pricing structure changes. Changes are never retrospective. For material changes we will give subscribers at least 30 days' notice by email or in-product notice before the change takes effect, and if you do not accept a material change you may cancel before it takes effect (with a pro-rata refund of any prepaid fees for the cancelled period on a paid plan). Non-material changes (such as clarifications) may be made by updating the published terms with a new "last updated" date. Continued use after a change takes effect constitutes acceptance.
Neither party is liable for delay or failure caused by events beyond its reasonable control. You may not assign these terms without our consent (not unreasonably withheld); we may assign them as part of a genuine business sale or restructure with notice to you. If a clause is unenforceable, the rest remain in force. These terms and the documents they reference (Privacy Policy, Subprocessors page, published pricing) are the entire agreement between us about the service. Nothing in these terms creates a partnership, employment, or agency relationship. Notices to us go to the contact address below; notices to you go to your account email.
These terms are governed by the laws of South Australia, Australia. Both parties submit to the non-exclusive jurisdiction of the courts of South Australia and Australia, and both parties will attempt in good faith to resolve any dispute through direct discussion before starting proceedings. Nothing in this clause prevents you bringing a claim in a forum the law entitles you to use.
Questions about these terms: contact@criticalflowservices.com.au.