Flameingo.AI
Log in

Data Protection & GDPR

Last Updated: 05.06.2026. Effective Date: 05.06.2026.

This page gives a clear summary of how Flameingo AI approaches data protection, GDPR rights and personal data requests.

It is not a replacement for our Privacy Policy. Our Privacy Policy is the main legal document explaining how we collect, use, store, share and protect personal data.

This page should be read together with our Privacy Policy, Terms of Service, Cookie Policy and Subprocessors page. If there is any conflict between this page and the Privacy Policy, the Privacy Policy applies.

Flameingo AI is operated by:

SIA ResFeed
Registration No.: 40203742414
Email: legal@flameingo.ai

1. Our Approach

Flameingo AI is designed to support GDPR-aligned data protection practices for an AI social media workspace used by restaurants, cafes, bakeries, hospitality brands, business owners and SMM specialists.

Our approach is simple:

  • we process personal data only where we have a reason to do so
  • we explain our data use in our Privacy Policy
  • we do not sell personal data
  • we do not share private Business Profile data or Customer Content with other users
  • we do not use private business data or Customer Content to train public AI models
  • we use subprocessors and third-party providers to operate the Service
  • we respect valid data protection requests
  • we expect business customers to use the Service lawfully and responsibly

2. Privacy Policy Is the Main Document

Our Privacy Policy explains in detail:

  • what personal data we collect
  • why we process it
  • what legal bases we rely on
  • who we share data with
  • how we use public business information
  • how AI processing works
  • how social media integrations work
  • how Stripe payments are processed
  • how cookies and analytics are used
  • how long data may be kept
  • what rights users may have
  • how to contact us

This Data Protection & GDPR page is only a shorter explanation of the same data protection approach.

3. Our Role Under GDPR

Depending on the situation, SIA ResFeed may act as either a data controller or a data processor.

When we are a controller

We are usually a controller when we process data for our own purposes, such as:

  • account creation and login
  • subscription and billing management
  • Stripe payment records
  • website and platform operation
  • security and fraud prevention
  • support and legal requests
  • analytics and cookies where allowed
  • legal, tax and accounting obligations
  • enforcement of our Terms of Service

When we are a processor

We may act as a processor when a business customer uses Flameingo AI to process personal data inside its own Content or Business Profile.

This may include, for example:

  • staff photos
  • customer photos
  • guest photos
  • children’s images
  • names, usernames or contact details
  • personal data included in prompts, photos, videos, captions or scheduled posts

In these cases, the business customer may be the controller, and Flameingo AI processes the data to provide the Service.

4. Business Customer Responsibility

If you use Flameingo AI for a business, client or organisation, you are responsible for ensuring that your use of personal data is lawful.

This includes making sure that you have the required rights, permissions, notices or consents for:

  • uploaded photos and videos
  • staff, customer or guest images
  • children’s images
  • personal data included in prompts or Content
  • social media posts containing identifiable people
  • AI-generated or AI-edited Content involving realistic or identifiable people

Flameingo AI does not verify whether you have obtained all required permissions, consents or legal bases for the Content you upload, generate, edit, schedule, publish or use.

5. Public Business Information

During demo or onboarding, Flameingo AI may use publicly available business information to help prepare a Business Profile.

This may include information from sources such as Google business listings, Google Places, Google Business Profiles, business websites, public social media profiles or other publicly available online sources.

This can help make setup faster and more relevant for hospitality businesses.

Public business information may be processed by Flameingo AI and by third-party providers to identify, summarise, enrich or prepare your Business Profile.

Public business information may be inaccurate, incomplete or outdated. You are responsible for reviewing and correcting it before using it.

6. AI Processing

Flameingo AI uses AI Features to help create, edit, translate, analyse, structure and prepare Content.

AI Features may process prompts, uploaded images, uploaded videos, business context, style preferences, public business information, previous outputs and technical data needed to provide the Service.

AI-generated and AI-edited Content is created for your review. You remain responsible for reviewing, editing, approving, scheduling, publishing and using it.

We do not use private business data or Customer Content to train public AI models.

Where AI processing is performed by third-party AI providers, they process data as service providers or subprocessors for the purpose of providing the Service, subject to their applicable terms, data processing terms and technical safeguards.

7. Subprocessors and Third-Party Providers

Flameingo AI uses subprocessors and third-party providers to operate the Service.

These may include providers for:

  • hosting
  • database and storage
  • authentication
  • payments
  • AI text, image, video and editing
  • public business information
  • security
  • analytics
  • cookies and consent tools
  • background jobs
  • social media integrations

Our Subprocessors page explains which providers may process data in connection with the Service.

We may add, remove or replace subprocessors as the Service develops.

8. International Data Transfers

Flameingo AI is based in Latvia and primarily operates under European Union data protection law.

Some service providers, subprocessors or connected platforms may process personal data outside the European Union or European Economic Area.

Where required, we rely on appropriate transfer mechanisms, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms under applicable data protection law.

More information is available in our Privacy Policy and Subprocessors page.

9. GDPR Rights

Depending on your location and applicable law, you may have rights under data protection law, including the right to:

  • access your personal data
  • correct inaccurate or incomplete personal data
  • request deletion of your personal data
  • restrict processing
  • object to processing based on legitimate interests
  • withdraw consent where processing is based on consent
  • request data portability
  • object to direct marketing
  • lodge a complaint with a competent data protection authority

These rights are not absolute. Some requests may be limited where we need to keep data for legal, tax, accounting, security, fraud prevention, dispute resolution or legitimate business reasons.

10. How to Submit a Request

To submit a GDPR, privacy or data protection request, contact:

legal@flameingo.ai

Please include enough information for us to understand your request.

We may need to verify your identity before responding.

If your request relates to personal data controlled by one of our business customers, we may refer your request to that customer or act according to their instructions.

11. Deleting Data

You may request deletion of personal data by contacting us at legal@flameingo.ai.

Some data may be deleted from active systems, while limited data may remain for a period in backups, logs or records where necessary for legal, tax, accounting, security, fraud prevention, dispute resolution or technical reasons.

If you use Flameingo AI as a business customer, you are responsible for deleting, correcting or managing personal data that you control inside your own Content or Business Profile where required.

12. Cookies and Consent

We use cookies and similar technologies to operate the website and Service, protect accounts, remember preferences, measure performance and, where enabled, support analytics and marketing.

Strictly necessary cookies are used to provide the website and Service.

Optional analytics, marketing or advertising cookies are used where we have a valid legal basis, including consent where required.

More information is available in our Cookie Policy.

13. Complaints

If you are in the EU or EEA, you may have the right to lodge a complaint with a competent data protection supervisory authority.

In Latvia, the supervisory authority is the Data State Inspectorate.

You may also contact the supervisory authority in the EU or EEA country where you live, work or believe that a data protection issue has occurred.

We encourage you to contact us first at legal@flameingo.ai so we can try to resolve your concern.

14. Contact

For GDPR requests, privacy questions, data protection requests or complaints, contact:

SIA ResFeed
Registration No.: 40203742414
Email: legal@flameingo.ai