Flisk Privacy Policy

1) What We Are (and Aren't) Doing With Data

• No end-user personal data. The Services analyze systems and configurations (e.g., tag manager settings and code repositories) to document tracking setups, monitor configuration changes, and propose/implement changes with customer approval. We are not designed to collect, process, or store your end-users' personal data.
• Customer & Site visitor data only. We handle limited information about Customers and their Users (e.g., account, billing, communications) and about Site visitors (e.g., device/usage data).
• No model training; no selling. We do not sell personal information and do not use Customer data to train generalized AI models.

2) Information We Collect

We collect the following categories of information:

A. You provide to us

• Account & contact info: name, work email, role/title, organization, authentication data.
• Billing info: payment method details processed by our payment processor (e.g., Stripe); we do not store full card numbers. For ACH or invoicing, we process necessary business/billing details.
• Customer Inputs (configs only): access you grant to systems (e.g., Google Tag Manager, GitHub), URLs for monitoring, and instructions/approvals.

B. Collected automatically

• Usage & device info: IP address, device/browser type, pages viewed, timestamps, and similar logs for security and performance. Where feasible, we avoid personal data and/or anonymize logs.

3) How We Use Information

• Provide and secure the Services (set up accounts, authenticate users, analyze configurations, monitor and alert, implement customer-approved changes, prevent fraud/abuse).
• Communicate (respond to inquiries, provide support via email and shared Slack channels, send service notices and updates).
• Billing & administration (process payments, manage subscriptions, collect amounts due, handle taxes).
• Improve our Services (diagnostics, quality, performance, and product development—without using Customer data to train generalized AI models).
• Legal & compliance (enforce agreements, comply with law, and protect rights, safety, and security).

Legal bases (EEA/UK). Contract performance, legitimate interests (security, improvement), consent (where required), and legal obligations.

4) Sharing and Sub-Processors

We do not sell personal information. We share information only as follows:

• Service providers / sub-processors bound by confidentiality and security obligations, used solely to operate the Services—for example:
  • Hosting & infrastructure: Amazon Web Services (AWS)
  • Payments: Stripe (credit card processing); ACH/invoicing where contracted
  • Support & communications: email and Slack (for shared support channels)
• Professional advisors (lawyers, accountants), and legal compliance (e.g., to comply with lawful requests).
• Business transfers (merger, acquisition, or similar).

Processor changes. If we add or materially change a material sub-processor, we will provide notice (e.g., via email or posting). If unacceptable to you, you may terminate the affected order/engagement as your sole remedy.

5) Cookies & Similar Technologies

We may use strictly necessary and functional cookies to operate the Site and keep sessions secure. You can control cookies through your browser settings. We do not use them to sell personal information or for cross-context behavioral advertising. If we add optional analytics or advertising cookies in the future, we will update this Policy and/or present a consent banner, as required.

6) Data Retention

We retain account, billing, and operational records for as long as needed to provide the Services and as required by law. Customer configuration data and source code are not stored beyond what is necessary for temporary analysis/operation; any operational artifacts/logs are minimized and anonymized where feasible. Upon account closure, we will delete Customer data from active systems within a reasonable period (target 30 days) subject to legal obligations and standard backup cycles.

7) Security

We apply administrative, technical, and physical safeguards appropriate to the nature of the information, including encryption in transit and at rest, least-privilege access, and monitoring. If we become aware of unauthorized access to Customer Inputs within Flisk’s systems, we will notify the affected Customer without undue delay and share available information consistent with legal requirements.

8) International Transfers

We are headquartered in the United States and may process information in the U.S. and other countries where we or our providers operate. Where applicable, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for cross-border transfers.

9) Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or restrict certain personal information, and to opt out of (where applicable) targeted advertising or sales (which we do not perform). You may also have the right to data portability and to appeal a decision.

To exercise rights: contact support@flisk.ai. We will verify and respond consistent with applicable law. We will not discriminate against you for exercising your rights.

10) Children

The Services and Site are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children.

11) Third-Party Links

The Site may link to third-party sites or services that we do not control. Their privacy practices are governed by their own policies.

12) Changes to This Policy

We may update this Policy from time to time. Material changes will be notified (e.g., email or in-product notice) at least 30 days before they take effect unless required sooner by law. Your continued use after the effective date constitutes acceptance.

13) How to Contact Us

• Questions or requests: support@flisk.ai
• Mail: Flisk Software, Inc., 40 W 25th St., Floor 9, New York, NY 10010