Privacy Policy

Flairt ("we," "us," "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use the Flairt platform and related services (the "Service").

We process your personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable national data protection legislation. This policy is intended to give you clear and transparent information about how your data is handled.

Please read this policy carefully. If you have any questions, contact our Data Protection Officer at privacy@flairt.app.

The data controller responsible for your personal data is:

Flairt
Email: privacy@flairt.app
Data Protection Officer: privacy@flairt.app

As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in accordance with applicable data protection law.

We collect the following categories of personal data:

Account information:

• Username and email address (required for registration)
• Password (stored in hashed, irreversible form — we never store your password in plaintext)
• Account creation date and last login date

Photographs:

• Photos you upload for profile analysis, AI enhancement, or photo generation
• These may constitute biometric data under GDPR where they enable unique identification of a natural person
• Photos are processed solely for the purpose of providing the Service to you

Questionnaire responses:

• Personality information, self-reported dating struggles, preferences, and goals
• Information about the type of person you wish to attract and your dating platform history
• This data is used exclusively to generate your profile report and personalized playbook

Usage data:

• Log data (IP address, browser type, pages visited, timestamps) for security and error tracking
• Device and session information
• Aggregated, anonymized interaction data used to improve the Service

Communications:

• Emails or messages you send to us via support or contact channels

We process your personal data on the following legal bases under GDPR Article 6:

• Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have requested and to fulfil our contractual obligations to you.
• Legitimate interests (Art. 6(1)(f)): Processing for the purposes of security monitoring, fraud prevention, service improvement, and error tracking — where these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Where we rely on your consent — for example, for non-essential cookies — you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Legal obligation (Art. 6(1)(c)): Where processing is required to comply with a legal obligation.

Where we process photographs that may constitute biometric data (a special category under GDPR Art. 9), we rely on your explicit consent, given at the time you upload such photographs to the Service.

We use your personal data for the following purposes:

• To create and manage your account
• To process your uploaded photographs and questionnaire responses through our AI systems and generate your profile report, personalized playbook, and AI-enhanced photographs
• To deliver the outputs of the Service to you
• To communicate with you regarding your account, the Service, or your support requests
• To detect, investigate, and prevent fraud, abuse, and security incidents
• To diagnose and fix technical errors in the Service
• To analyze aggregated, anonymized usage patterns to improve the Service
• To comply with legal obligations

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, beyond the AI-generated outputs described in the Service — which are always subject to your own review and discretion.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction, including:

• Encryption of data in transit using TLS (HTTPS)
• Encryption of sensitive data at rest
• Access controls limiting data access to authorized personnel only
• Regular security assessments and monitoring
• Secure password hashing (passwords are never stored in plaintext)
• Private storage containers not accessible via public URLs

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Art. 33–34.

We do not sell, rent, or trade your personal data. We do not share your personal information — including your photographs, questionnaire responses, or AI-generated outputs — with third parties for commercial, marketing, or advertising purposes.

We may share data in the following limited circumstances:

• Service providers: We may share data with carefully selected sub-processors who help us operate the Service (e.g., cloud infrastructure providers, AI processing services). These parties are bound by data processing agreements that require them to process your data only as instructed and in compliance with GDPR.
• Legal requirements: We may disclose your data where required by applicable law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Flairt, its users, or others.
• Aggregated analytics: We may share aggregated, fully anonymized and non-identifiable data (which cannot be used to identify you) for the purposes of service improvement and research.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred as part of that transaction. We will notify you of any such change and your rights in relation to it.

Under the GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at privacy@flairt.app.

We will respond to all rights requests within 30 days. In complex cases, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.

We use cookies and similar tracking technologies on our platform. A cookie is a small text file stored on your device by your browser.

We do not use cookies for third-party advertising. You may manage cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

We retain your personal data for as long as your account is active or as needed to provide the Service to you. Specific retention periods:

• Account information: Retained for the duration of your account, plus up to 90 days following account deletion (for security and fraud-prevention purposes).
• Photographs, questionnaire responses, reports, and playbooks: Retained for the duration of your account. You may request deletion at any time.
• Log data: Retained for up to 12 months for security and diagnostic purposes.
• Support communications: Retained for up to 3 years for dispute resolution and service improvement purposes.

Upon account deletion, we will delete or anonymize your personal data within a reasonable period, subject to any legal obligations that require us to retain certain data for longer. To request account deletion, contact support@flairt.app.

Where we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for certain countries
• Binding Corporate Rules where applicable

We endeavor to use sub-processors and infrastructure providers located within the EEA where possible. Where non-EEA transfers are necessary, we document and apply appropriate transfer mechanisms.

You may request information about international transfers affecting your personal data by contacting privacy@flairt.app.

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18.

In jurisdictions where a higher age of digital consent applies (e.g., 16 years in certain EU member states under GDPR Art. 8), we apply the higher applicable threshold.

If you believe a minor has provided us with personal data without appropriate consent, please contact us immediately at privacy@flairt.app and we will take prompt action to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users by email where the changes are significant
• Display a prominent notice on the Service where appropriate

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

Data Protection Officer
Email: privacy@flairt.app

General & Support
Email: hello@flairt.app

We aim to respond to all privacy-related enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state of residence or establishment.