Privacy Policy

Flairt ("we," "us," "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use the Flairt platform and related services (the "Service").

We process your personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable national data protection legislation. This policy is intended to give you clear and transparent information about how your data is handled.

Please read this policy carefully. If you have any questions, contact our Data Protection Officer at privacy@flairt.ai.

The data controller responsible for your personal data is:

Flairt
Email: privacy@flairt.ai
Data Protection Officer: privacy@flairt.ai

As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out in accordance with applicable data protection law.

We collect the following categories of personal data:

Account information:

• Username and email address (required for registration)
• Password (stored in hashed, irreversible form — we never store your password in plaintext)
• Account creation date and last login date

Photographs:

• Photos you upload for profile analysis, AI enhancement, or photo generation
• These may constitute biometric data under GDPR where they enable unique identification of a natural person
• Photos are processed solely for the purpose of providing the Service to you

Questionnaire responses:

• Personality information, self-reported dating struggles, preferences, and goals
• Information about the type of person you wish to attract and your dating platform history
• This data is used exclusively to generate your profile report and personalized playbook

Usage and analytics data:

• Log data (IP address, browser type, pages visited, timestamps) for security and error tracking
• Device and session information
• Behavioral and interaction events collected via PostHog (product analytics) — only with your consent
• Tag-managed analytics data via Google Tag Manager — only with your consent
• Aggregated, anonymized usage statistics used to improve the Service

Communications:

• Emails or messages you send to us via support or contact channels

We process your personal data on the following legal bases under GDPR Article 6:

• Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have requested and to fulfil our contractual obligations to you.
• Legitimate interests (Art. 6(1)(f)): Processing for the purposes of security monitoring, fraud prevention, service improvement, and error tracking — where these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Where we rely on your consent — for example, for non-essential cookies — you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Legal obligation (Art. 6(1)(c)): Where processing is required to comply with a legal obligation.

Where we process photographs that may constitute biometric data (a special category under GDPR Art. 9), we rely on your explicit consent, given at the time you upload such photographs to the Service.

We use your personal data for the following purposes:

• To create and manage your account
• To process your uploaded photographs and questionnaire responses through our AI systems and generate your profile report, personalized playbook, and AI-enhanced photographs
• To deliver the outputs of the Service to you
• To communicate with you regarding your account, the Service, or your support requests
• To detect, investigate, and prevent fraud, abuse, and security incidents
• To diagnose and fix technical errors in the Service
• To measure and analyze user behavior via PostHog and Google Tag Manager to understand and improve the Service (with your consent)
• To analyze aggregated, anonymized usage patterns to improve the Service
• To comply with legal obligations

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, beyond the AI-generated outputs described in the Service — which are always subject to your own review and discretion.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction, including:

• Encryption of data in transit using TLS (HTTPS)
• Encryption of sensitive data at rest
• Access controls limiting data access to authorized personnel only
• Regular security assessments and monitoring
• Secure password hashing (passwords are never stored in plaintext)
• Private storage containers not accessible via public URLs

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Art. 33–34.

We do not sell, rent, or trade your personal data. We do not share your personal information — including your photographs, questionnaire responses, or AI-generated outputs — with third parties for commercial, marketing, or advertising purposes.

We may share data in the following limited circumstances:

• AI processing sub-processors: Your photographs and questionnaire responses are transmitted to the following AI providers to generate Service outputs. Each acts as a data processor under our instruction and is bound by a data processing agreement:
  • OpenAI, Inc. (USA) — photo analysis, report and playbook generation via GPT models and vision APIs
  • Anthropic, PBC (USA) — report and analysis generation via Claude models
  • fal.ai (USA) — AI image generation pipeline for producing AI-enhanced photographs
• Infrastructure providers: Microsoft Azure (EEA and USA) provides our cloud hosting and private blob storage. Data stored in Azure is kept in private, access-controlled containers.
• Analytics providers (with consent): If you consent to analytics cookies, interaction data is shared with PostHog, Inc. (USA) and processed via Google Tag Manager (Google LLC, USA). You may withdraw consent at any time.
• Payment processing: Stripe, Inc. (USA) processes payment transactions. Flairt does not store full payment card details.
• Legal requirements: We may disclose your data where required by applicable law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of Flairt, its users, or others.
• Aggregated analytics: We may share aggregated, fully anonymized and non-identifiable data for service improvement and research purposes.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred as part of that transaction. We will notify you of any such change and your rights in relation to it.

Under the GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at privacy@flairt.ai.

We will respond to all rights requests within 30 days. In complex cases, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.

We use cookies and similar tracking technologies on our platform. A cookie is a small text file stored on your device by your browser. Non-essential cookies are only placed after you have given explicit consent via the cookie consent banner displayed on your first visit. You may change or withdraw consent at any time via the cookie settings link in the footer.

We do not use cookies for third-party advertising. Disabling essential cookies may affect Service functionality.

We retain your personal data for as long as your account is active or as needed to provide the Service to you. Specific retention periods:

• Account information: Retained for the duration of your account, plus up to 90 days following account deletion (for security and fraud-prevention purposes).
• Photographs, questionnaire responses, reports, and playbooks: Retained for the duration of your account. You may request deletion at any time.
• Log data: Retained for up to 12 months for security and diagnostic purposes.
• Support communications: Retained for up to 3 years for dispute resolution and service improvement purposes.

Upon account deletion, we will delete or anonymize your personal data within a reasonable period, subject to any legal obligations that require us to retain certain data for longer. To request account deletion, contact support@flairt.ai.

Delivering the Service requires transferring certain personal data outside the European Economic Area (EEA) to the United States. The following sub-processors are based in the USA and receive EEA personal data:

• OpenAI, Inc. — your photographs and questionnaire data are transmitted for AI analysis and generation
• Anthropic, PBC — your data is transmitted for AI report generation
• fal.ai — your photographs are transmitted for AI image generation
• PostHog, Inc. — usage analytics data (with consent)
• Google LLC — tag management and analytics (with consent)
• Stripe, Inc. — payment information

For all transfers to the USA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision (EU) 2021/914) as the transfer mechanism under GDPR Chapter V. Where applicable, we supplement SCCs with a Transfer Impact Assessment (TIA).

You may request a copy of the transfer safeguards applicable to your data by contacting privacy@flairt.ai.

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18.

In jurisdictions where a higher age of digital consent applies (e.g., 16 years in certain EU member states under GDPR Art. 8), we apply the higher applicable threshold.

If you believe a minor has provided us with personal data without appropriate consent, please contact us immediately at privacy@flairt.ai and we will take prompt action to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users by email where the changes are significant
• Display a prominent notice on the Service where appropriate

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

Data Protection Officer
Email: privacy@flairt.ai

General & Support
Email: info@flairt.ai

We aim to respond to all privacy-related enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state of residence or establishment.