Comprehensive data protection measures and your rights (Effective: August 2, 2025)
We are committed to protecting your personal data and complying with applicable data protection laws. This page explains our security measures, our processors, retention and deletion practices, international transfers, and how you can exercise your rights.
Scope: Applies to the website (flinxai.com) and our mobile apps on Apple App Store and Google Play. See also our Privacy Policy for full details.
Data Controller: [Flinx-AI legal name], Address: [Full address], Email: [[email protected] or [email protected]].
Encryption in transit (TLS). Encryption at rest is applied where supported by our cloud/service providers (e.g., AES-256 or equivalent).
Role-based access, least-privilege, and MFA for administrative access. Secrets are stored using secure secret management.
Centralized logging, alerting, and anomaly detection to help identify suspicious activity and performance issues.
Regular automated backups; recovery runbooks and drills to support continuity.
SDLC practices: code review, dependency scanning, environment segregation, and change management.
Need-to-know access, confidentiality undertakings, and periodic security & privacy awareness training.
We do not sell personal data. We use trusted service providers to operate our services:
Stripe (or similar). Card data is processed by the provider; we do not store card numbers.
Analytics provider(s) for usage metrics and product improvement (with consent where required).
[Cloud provider / CDN] for infrastructure, storage, and content delivery.
Email delivery and support ticketing systems to handle account and help requests.
See the Privacy Policy for legal bases and the full description of processing.
Where data is transferred outside your country/region, we implement appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and technical/organizational measures with our processors.
Backups are cycled periodically; deletions may reflect in backups after the backup lifecycle (typically 30β90 days).
Request confirmation and a copy of your personal data.
Ask us to correct inaccurate or incomplete data.
Request deletion where legally applicable.
Receive data in a structured, machine-readable format, where applicable.
Restrict processing or object to processing on legitimate-interest grounds.
Withdraw consent (e.g., analytics cookies) at any time via Cookie Preferences.
You may also lodge a complaint with your local supervisory authority (e.g., KVKK Kurumu in TΓΌrkiye or an EU DPA).
Send your request to [email protected]. We may need to verify your identity. We aim to respond within 30 days (extendable where permitted). For KVKK requests, you may also submit via a signed application or registered email as required by law.
If we become aware of a personal data breach, we will investigate promptly and take appropriate action:
Contain, assess scope/impact, and mitigate.
Notify supervisory authorities within 72 hours where legally required.
Inform affected users without undue delay when required.
Implement corrective actions and improve controls.
We align with GDPR requirements for EU/EEA users.
We address obligations under TΓΌrkiye's KVKK.
We honor applicable rights for Turkey residents.
This page is informational and not legal advice. In case of discrepancy, the Privacy Policy prevails.
For privacy or security questions, or to exercise your rights, please contact us:
We aim to respond within 30 days.
Related: Privacy Policy Β· Terms & Conditions Β· Cookie Policy