Privacy Policy

1. Introduction

Welcome to FlexIQ. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered lead generation and email outreach platform.

FlexIQ is operated by FlexIQ GmbH, located in the European Union. This policy applies to all users of our platform and complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Account Information

When you create a FlexIQ account, we collect:

• Full name
• Business email address
• Company name
• Password (encrypted, never stored in plain text)

2.2 Usage Data

We collect information about how you use our platform, including:

• Campaign creation and performance metrics
• Lead interactions (emails sent, opened, clicked, replies)
• Feature usage patterns
• Login timestamps and IP addresses
• Device and browser information

2.3 Payment Information

Payment processing is handled by Stripe, Inc. We do not store full credit card numbers on our servers. Stripe tokenizes payment information, and we only store:

• Last 4 digits of credit card
• Card brand (Visa, Mastercard, etc.)
• Billing address
• Stripe customer ID (tokenized reference)

2.4 Lead Data

When you use our lead generation features, we collect and store:

• Lead names, job titles, and companies
• Business email addresses (we do NOT collect or store personal emails like Gmail, Yahoo, etc.)
• LinkedIn profile data (when enriched)
• Email interaction data (opens, clicks, replies, bounces)

3. How We Use Your Information

We use the collected data for the following purposes:

• Service Delivery: To provide lead generation, email enrichment, and automated outreach services
• Campaign Management: To send emails on your behalf to your target leads
• Analytics: To generate performance reports and optimize campaign effectiveness
• Billing: To process subscription payments and maintain accurate billing records
• Communication: To send service updates, feature announcements, and support responses
• Improvement: To analyze usage patterns and improve our platform features
• Security: To detect and prevent fraud, abuse, and security incidents

4. Data Sharing and Third Parties

We share your data with the following third-party service providers:

4.1 Stripe (Payment Processing)

• Purpose: Subscription billing and payment processing
• Data Shared: Payment information, billing address, email
• Privacy Policy: https://stripe.com/privacy

4.2 Resend (Email Delivery)

• Purpose: Sending transactional emails and outreach campaigns
• Data Shared: Email addresses, email content, tracking metadata
• Privacy Policy: https://resend.com/legal/privacy-policy

4.3 Supabase (Database Hosting)

• Purpose: Secure data storage and authentication
• Data Shared: All account and campaign data
• Data Location: AWS Frankfurt, Germany (EU region)
• Privacy Policy: https://supabase.com/privacy

4.4 Smartlead (Email Infrastructure)

• Purpose: Email warm-up, inbox rotation, and deliverability optimization
• Data Shared: Email addresses, campaign metadata
• Privacy Policy: https://smartlead.ai/privacy-policy

We do NOT: Sell your personal data to third parties, use your data for advertising purposes unrelated to our service, or share your data with unauthorized parties.

5. Your Rights (GDPR Compliance)

If you are located in the European Economic Area (EEA), you have the following rights:

5.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this in a structured, machine-readable format (CSV or JSON).

5.2 Right to Deletion

You can request the deletion of your account and all associated data. We will process deletion requests within 30 days. Note that we may retain certain data for legal compliance (e.g., billing records for tax purposes).

5.3 Right to Portability

You can export your campaign data, lead lists, and analytics at any time via our dashboard or by contacting support.

5.4 Right to Object

You can object to the processing of your data for specific purposes. For example, you can opt out of marketing emails (though we send very few, as we are a B2B platform).

5.5 Right to Rectification

You can update your account information at any time via the Settings page. If you notice incorrect data, please contact us to correct it.

How to Exercise Your Rights: Email us at privacy@flexiq.ai or use our Contact Form. We will respond within 30 days.

6. Cookies and Tracking

We use cookies to enhance your experience and analyze platform usage:

6.1 Essential Cookies

• Authentication tokens (required for login)
• Session management
• Security (CSRF protection)

6.2 Analytics Cookies (Optional)

• Usage analytics (feature adoption, page views)
• Performance monitoring (error tracking)

6.3 Third-Party Cookies

• Stripe (payment processing)
• Supabase (authentication)

You can disable non-essential cookies via your browser settings. Note that disabling essential cookies may prevent you from logging in or using certain features.

7. Data Retention

• Active Accounts: We retain your data indefinitely while your account is active.
• Canceled Accounts: After cancellation, we retain data for 30 days to allow reactivation. After 30 days, all data is permanently deleted.
• Billing Records: We retain invoices and payment records for 7 years to comply with tax regulations.
• Email Logs: Email interaction data (opens, clicks) is retained for 2 years for analytics and compliance purposes.

8. International Data Transfers

FlexIQ is based in the European Union, and we store data primarily in EU data centers (AWS Frankfurt via Supabase). However, some third-party services (Stripe, Resend) may transfer data to the United States.

For transfers outside the EU, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

9. Security Measures

We implement industry-standard security practices to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) for admin accounts
• Password Security: Passwords are hashed using bcrypt with 12 rounds of salting
• Regular Audits: We conduct quarterly security reviews and vulnerability scans
• Incident Response: We have a documented incident response plan and will notify affected users within 72 hours of any data breach

10. Children's Privacy

FlexIQ is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to all active users
• Display a prominent notice on our platform for 30 days

Your continued use of FlexIQ after the changes take effect constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Email: privacy@flexiq.ai
• Contact Form: https://flexiq.ai/contact
• Data Protection Officer: dpo@flexiq.ai

Postal Address:
FlexIQ GmbH
[Your Address]
[City, Postal Code]
Germany

13. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority. In Germany, this is:

Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
Website: https://www.bfdi.bund.de