Privacy Policy
Last updated: November 1, 2025
This Privacy Policy describes how FLAIRE Systems LLC ("FLAIRE," "we," "us," or "our") collects, uses, and protects information when you use our platform, including FLAIRE Orbit, FLAIRE Nova, FLAIRE Atlas, and FLAIRE Vega (the "Service").
1. Information We Collect
Account Information: When you create an account, we collect your name, email address, company name, and password. If you sign in via Google, Microsoft, or Apple SSO, we receive your name and email from the provider.
Usage Data: We collect information about how you use the platform — pages visited, features used, API calls made, and interaction patterns. This data is associated with your tenant, not your personal identity, and is used to improve the Service.
Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers. Stripe's privacy policy governs payment data handling.
Communications: When you contact us via the website form, we collect your name, email, company, and message content.
2. How We Use Your Information
- To provide, maintain, and improve the FLAIRE platform
- To process transactions and send billing-related communications
- To send product updates, security alerts, and support messages
- To analyze usage patterns and improve our services (aggregated, anonymized data only)
- To respond to your requests and provide customer support
- To enforce our Terms of Service and protect against fraud
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide the Service you requested
- Legitimate Interest: Analytics, security, and fraud prevention
- Consent: Optional analytics cookies and marketing communications
- Legal Obligation: Compliance with applicable laws
4. Data Storage & Security
Your data is stored in encrypted databases with tenant-level isolation. Each tenant's data is logically separated using automatic query filters — one tenant cannot access another's data. All data is encrypted in transit (TLS 1.2+) and at rest.
We implement role-based access control (RBAC), field-level security, record-level sharing rules, and comprehensive audit logging. All administrative actions are recorded in an append-only audit trail.
5. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with:
- Service Providers: Stripe (payments), SendGrid/Resend (email delivery), AI providers (OpenAI, Anthropic, Groq) for AI features — only when you actively use those features
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified in advance)
6. AI Data Processing
When you use AI features (Aria, content generation, sentiment analysis, predictions), your prompts and relevant business context are sent to the configured AI provider. We do not use your data to train AI models. AI providers process data according to their respective privacy policies and data processing agreements.
Token usage is tracked per tenant for quota management. Conversation history is stored within your tenant and can be deleted at any time.
7. Your Rights Under GDPR
If you are in the European Economic Area, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request limitation of processing
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for optional processing at any time
To exercise these rights, contact us at [email protected]. We will respond within 30 days. Enterprise plans include a built-in GDPR data export feature.
8. Your Rights Under CCPA
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information. No opt-out action is needed
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise your CCPA rights, contact us at [email protected].
9. Data Retention
We retain your data for as long as your account is active. After account deletion or tenant cancellation, your data is retained for 30 days (recovery window), then permanently deleted. Audit logs are retained for 7 years for compliance purposes.
10. International Data Transfers
Your data may be processed in the United States. If you are located outside the United States, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.
11. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Cookies
We use essential cookies for authentication and optional analytics cookies. See our Cookie Policy for details on what we use and how to manage your preferences.
13. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.
14. Contact & Data Protection
FLAIRE Systems LLC
Privacy inquiries: [email protected]
Data Protection Officer: [email protected]
If you are in the EEA and believe your data protection rights have not been addressed, you have the right to lodge a complaint with your local supervisory authority.