FLEXINAI LLC ("FLEXINAI", "we", "us") operates www.flexinai.com. This policy explains what data we collect when you visit the site or engage with us, what we do with it, and how we keep it secure.
When you browse www.flexinai.com we collect minimal technical data: IP address, browser user-agent, pages visited, and approximate location derived from the IP. We do not use third-party advertising cookies. Analytics, when enabled, are privacy-first (aggregated, no cross-site tracking, opt-in via the cookie banner with Google Consent Mode v2 defaulting to denied).
When you contact us by email, WhatsApp, phone or via the Cal.com booking widget, you share your name, email address, phone number (if relevant) and the content of your message. We use this data solely to respond to you and to evaluate whether we can work together.
If you become a client, we may handle business data inside your CRM, ops platforms, and the systems we build. We process that data on your behalf as a data processor (controller-processor relationship under GDPR Article 28). We do not use client data to train models for any other party. Sensitive workloads are deployed on the client's VPC or on-premises on request.
TLS 1.2+ in transit, AES-256 at rest, SOC 2 Type II controls on the third-party tools we operate, and regular penetration tests. Access to client data is restricted to the operators directly working on the engagement, on a least-privilege basis, with multi-factor authentication enforced on every account.
We use a small, curated set of sub-processors to operate flexinai.com and deliver client engagements. Categories include infrastructure (Vercel, Cloudflare for the website), CRM and analytics platforms operated on the client's behalf (typically HubSpot, Pipedrive, Salesforce or n8n, depending on the engagement), and language model APIs called from automation pipelines (OpenAI, Anthropic, Mistral, scoped per use case). The full list is provided with the DPA on request. International transfers outside the EEA use Standard Contractual Clauses (SCCs) where required. We do not transfer client data to jurisdictions without an adequacy decision or appropriate safeguards.
For EU-based clients in a controller-processor relationship, FLEXINAI provides a Data Processing Agreement (DPA) on request, aligned with GDPR Article 28. The DPA covers sub-processor authorisation, data location, technical and organisational security measures, breach notification within 72 hours of awareness, audit rights, and end-of-contract data return or deletion. Request the DPA at contact@flexinai.com — typical turnaround is one business day.
You can request access to, correction of, restriction of, portability of, or deletion of any personal data we hold about you. Under GDPR Article 17 (right to erasure), we process deletion requests within 30 days, including data held by sub-processors involved in any engagement that touched your personal data. Once executed, deletion is irreversible — we retain only the anonymised audit trail legally required (the fact that a deletion occurred, with date and reference). EU residents may also lodge a complaint with their national supervisory authority. Write to contact@flexinai.com — we respond within a business day.
Marketing inquiries and contact form submissions are kept for up to 24 months unless you ask us to delete them sooner. Client engagement data (CRM records, ops logs, technical artifacts) is kept for the duration of the contract plus the retention period legally required by the client's jurisdiction — typically 7 years for accounting records under French Code de Commerce, 7 years under US IRS rules. Website analytics aggregates contain no personal data and are kept indefinitely. Backups follow the same retention rules as primary data and are encrypted at rest.
We may update this policy as our practices evolve. The latest version is always available at https://www.flexinai.com/privacy. Material changes are flagged in our next communication with clients and, for active engagements, sent by email with a 30-day notice before they take effect.
Questions about this policy? Email contact@flexinai.com or write to FLEXINAI LLC, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, USA.