Privacy Policy

This Privacy Policy explains how Flameingo AI collects, uses, stores, shares and protects personal data when you visit our website, use our demo or onboarding flow, create an account, create a Business Profile, use our AI content tools, connect social media accounts, subscribe to a paid plan, contact us or otherwise use our services.

Flameingo AI is operated by:

SIA ResFeed
Registration No.: 40203742414
Email: legal@flameingo.ai

In this Privacy Policy:

• “Flameingo AI”, “we”, “us” and “our” mean SIA ResFeed
• “you” and “your” mean the person using the Service, visiting the website, creating an account, using a Business Profile or contacting us
• “Service” means Flameingo AI, including our website, demo flow, onboarding flow, platform, portal, Business Profile workspace, AI content tools, image tools, video tools, scheduling tools, social media integrations, subscription plans and related services
• “Business Profile” means a workspace or profile created for a restaurant, cafe, bakery, coffee shop, bar, bistro, food truck, catering team, hotel restaurant, hospitality brand, SMM-managed client or other supported business
• “Content” means any text, captions, hashtags, images, photos, videos, prompts, business details, generated outputs, edited outputs, scheduled posts or other materials submitted to, created through, processed by or exported from the Service
• “Personal data” means information relating to an identified or identifiable natural person

This Privacy Policy should be read together with our Terms of Service, Cookie Policy and Subprocessors page.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed by Flameingo AI when:

• you visit our website
• you use our demo or onboarding flow
• you create or use an Account
• you create or manage a Business Profile
• you upload, generate, edit, schedule or publish Content
• you connect social media accounts or other third-party services
• you subscribe to a paid plan or use Stripe checkout
• you contact us for support, legal, billing or other questions
• you interact with our emails, forms, cookies, analytics or marketing tools
• you otherwise use the Service

This Privacy Policy does not apply to websites, services, platforms or tools operated by third parties, including social media platforms, payment providers, AI providers or other external services. Those third parties process data according to their own terms and privacy policies.

2. Our Role Under Data Protection Law

Depending on the context, SIA ResFeed may act as:

• an independent data controller for account management, billing, security, analytics, legal compliance, customer communication, website operation, product operation and business administration
• a processor where we process personal data contained in Customer Content on behalf of a business customer and according to that customer’s instructions
• an independent controller where we must process data for our own legal, security, fraud prevention, tax, payment, compliance or dispute purposes

If you use Flameingo AI on behalf of a business, company, client or other organisation, that organisation may be the controller of personal data contained in Content uploaded, generated, edited, scheduled or published through the Service.

You are responsible for ensuring that you have a lawful basis to upload, process, generate, edit, schedule or publish personal data through Flameingo AI, including personal data relating to employees, customers, guests, children, contractors, influencers, photographers, social media users or other identifiable persons.

3. Personal Data We Collect

We collect different types of personal data depending on how you use the Service.

3.1 Account and authentication data

We may collect:

• name
• email address
• account ID
• login method
• authentication provider information
• password-related authentication data, where applicable
• role, permissions and workspace access rights
• account settings
• language settings
• timezone and country settings
• login history
• authentication logs
• security verification data

We use this data to create and manage your Account, authenticate you, secure the Service, prevent abuse and provide access to Business Profiles.

3.2 Business Profile data

When you create or manage a Business Profile, we may collect and process:

• business name
• business type or category
• public business information
• website
• public social media links
• public contact information
• opening hours
• public photos and profile images
• business description
• location or service area
• brand tone, style and preferences
• language preferences
• content preferences
• uploaded photos and videos
• generated captions, hashtags, images, videos and post ideas
• content calendar and scheduling information
• connected social media profile information
• subscription and plan information for the Business Profile

Some Business Profile data may relate to a business and not to a natural person. However, where Business Profile data contains personal data, this Privacy Policy applies.

3.3 Public business information used during demo and onboarding

During demo or onboarding, Flameingo AI may help identify and prepare a Business Profile using publicly available business information.

This may include information available from Google business listings, Google Places, Google Business Profiles, business websites, public social media profiles or other publicly available sources.

This may include:

• business name
• address or location information
• phone number
• website
• public opening hours
• public business categories
• public photos
• public descriptions
• public profile content
• public social media links
• other information publicly visible online

We may use third-party tools and AI services to summarise, structure, enrich or prepare this information for your Business Profile.

Publicly available information may be inaccurate, incomplete or outdated. You are responsible for reviewing, correcting and approving any imported or suggested business information before using it.

3.4 Content and media data

When you use Flameingo AI, we may process Content such as:

• prompts and instructions
• captions and hashtags
• generated post ideas
• uploaded photos
• uploaded videos
• logos and brand assets
• AI-generated images
• AI-edited images
• AI-generated videos
• multilingual captions
• scheduled posts
• publishing status
• content calendar data
• draft posts
• business descriptions
• metadata connected to files, uploads, outputs or publishing

Content may include personal data if it contains identifiable people, faces, names, usernames, staff images, customer images, children, guests, contact details or other personal information.

You are responsible for ensuring that you have all rights, permissions, consents and legal bases required to upload, process, generate, edit, schedule, publish or otherwise use such Content.

3.5 AI processing data

When you use AI Features, we may process:

• prompts
• instructions
• uploaded images
• uploaded videos
• business context
• style and tone preferences
• selected language
• previous generated outputs
• public business information
• draft captions, hashtags and ideas
• image editing instructions
• video generation instructions
• technical metadata required to process the AI request

We use this data to generate, edit, translate, analyse, moderate or prepare Content.

We do not sell your personal data.

We do not share your private business data or Customer Content with other users.

We do not use your private business data or Customer Content to train public AI models.

Where AI processing is performed by third-party AI providers, they process data as service providers or subprocessors for the purpose of providing the Service, subject to their applicable terms, data processing terms and technical safeguards.

Some AI processing may be performed by third-party AI providers acting as subprocessors or service providers. More information is available on our Subprocessors page.

3.6 Social media and Connected Platform data

If you connect a social media account or other Connected Platform, we may process:

• social account ID
• page, profile or business account name
• profile picture or public account information
• access tokens and refresh tokens
• permissions granted by the platform
• connected pages or accounts
• post IDs
• publishing status
• scheduled post data
• platform error messages
• account connection status
• platform metadata required for scheduling or publishing

We use this data to connect accounts, schedule approved posts, publish Content where supported, retrieve publishing status, maintain integrations and troubleshoot errors.

Connected Platforms are operated by third parties. Their own privacy policies and terms apply.

3.7 Billing and payment data

Payments are processed through Stripe.

We may receive or store:

• Stripe customer ID
• subscription status
• plan name
• billing email
• billing country
• VAT or tax information
• invoice information
• payment status
• payment method type
• last four digits of a payment card, where made available by Stripe
• transaction ID
• refund status
• failed payment information

We do not store your full payment card number. Payment processing is handled by Stripe.

3.8 Website, analytics, cookies and device data

When you visit our website or use the Service, we may collect:

• IP address
• browser type
• device type
• operating system
• approximate location based on IP address
• pages visited
• session information
• referral source
• button clicks and product interactions
• cookie identifiers
• analytics identifiers
• advertising or pixel identifiers, where enabled with required consent
• error logs
• performance data
• security logs

Some of this data is collected through cookies or similar technologies.

More information is available in our Cookie Policy.

3.9 Support, contact and communication data

If you contact us, submit a form or communicate with us, we may process:

• your email address
• your name
• subject
• message content
• support request details
• billing question details
• legal request details
• attachments you provide
• communication history
• internal notes needed to respond to your request

We use this data to respond to your request, provide support, resolve issues, handle legal matters and improve the Service.

3.10 Security, fraud prevention and compliance data

We may process:

• IP address
• login logs
• device and browser data
• account activity
• suspicious activity signals
• payment risk signals
• Cloudflare or other security verification data
• rate limit data
• abuse detection data
• audit logs
• error logs
• system logs

We use this data to protect the Service, prevent fraud, stop abuse, investigate security incidents and enforce our Terms.

4. How We Collect Personal Data

We collect personal data from:

• you directly, when you create an Account, complete onboarding, upload Content, connect platforms, subscribe, contact us or use the Service
• your use of the Service, through logs, cookies, analytics, interactions and technical data
• public sources, such as Google business listings, Google Places, Google Business Profiles, business websites and public social media profiles
• third-party providers, such as Stripe, authentication providers, social media platforms, AI providers, hosting providers, analytics providers and security providers
• other users, where they invite you, add you to a Business Profile or include your information in Content

5. Why We Process Personal Data and Legal Bases

We process personal data for the purposes and legal bases below.

Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

6. AI Features and Automated Processing

Flameingo AI uses AI Features to help create, edit, suggest, translate, analyse, structure, moderate and prepare Content.

AI Features may process your Inputs, Business Profile data, uploaded media, prompts, public business information, preferences and previous outputs to generate relevant results.

AI-generated and AI-edited Content is not automatically approved by Flameingo AI. You are responsible for reviewing, editing, approving, scheduling, publishing and using all Content.

We may use automated systems to detect abuse, spam, prohibited content, security risks, technical errors or violations of our Terms.

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you in the sense of GDPR Article 22, unless we separately inform you and provide the required safeguards.

7. Public Business Information

Flameingo AI may use public business information to help build your Business Profile during demo or onboarding.

This is intended to make setup faster and more useful for restaurants, cafes, bakeries and other hospitality brands.

Public business information may be processed by us and by third-party providers to identify, summarise, enrich or prepare your Business Profile.

You are responsible for reviewing and correcting public business information before using it in Content or publishing it.

If you believe that imported public business information contains personal data that is inaccurate, unauthorised or should be removed, contact us at legal@flameingo.ai.

8. Social Media Integrations

If you connect a social media account, Flameingo AI may receive access to certain information and permissions from that platform.

We use this access only to provide the connected features you enable, such as scheduling approved Content, publishing where supported, checking connection status and retrieving publishing results.

You may disconnect a social media account through the Service where available or through the settings of the relevant Connected Platform.

Disconnecting a platform may prevent scheduling or publishing from working.

Connected Platforms may continue to process your data according to their own terms and privacy policies.

9. Payments Through Stripe

We use Stripe for payment processing, subscription management and related billing functions.

Stripe may process your payment information, billing details, payment method information, authentication data, fraud prevention data and transaction information.

We do not store your full payment card details.

Stripe processes payment data according to its own terms and privacy policy.

We may retain Stripe customer IDs, transaction records, invoice data and subscription status for billing, accounting, tax, legal and support purposes.

10. Cookies, Analytics and Similar Technologies

We use cookies and similar technologies to operate the website and Service, keep you signed in, protect the Service, remember preferences, measure performance, understand product usage and, where enabled, support analytics and marketing.

Types of technologies may include:

• strictly necessary cookies
• authentication cookies
• security cookies
• preference cookies
• analytics cookies
• performance tools
• advertising pixels
• conversion tracking tools
• device or browser identifiers
• local storage or similar technologies

Strictly necessary technologies are used to provide the website and Service.

Optional analytics, marketing or advertising technologies will be used where we have a valid legal basis, including consent where required.

You can manage cookies through our cookie banner or preference tools where available. You can also control cookies through your browser settings.

More information is available in our Cookie Policy.

11. Who We Share Personal Data With

We may share personal data with:

• hosting and infrastructure providers
• database and storage providers
• authentication providers
• payment providers, including Stripe
• AI text, image, video and editing providers
• public information processing providers
• analytics providers
• cookie and tracking technology providers
• security and anti-abuse providers
• email and communication providers
• background job and workflow providers
• social media platforms and Connected Platforms
• professional advisers, such as lawyers, accountants and auditors
• public authorities, courts or regulators where required by law
• buyers, successors or affiliates in connection with a merger, acquisition, restructuring or sale of assets

We do not sell your personal data.

We do not share your private Business Profile data or Customer Content with other users.

Our subprocessors are listed on our Subprocessors page.

12. Subprocessors

We use subprocessors and third-party service providers to help deliver the Service.

Subprocessors may process personal data, Content or technical information on our behalf.

We may add, remove or replace subprocessors from time to time as the Service develops.

Where required by data protection law, we use contracts or other safeguards with subprocessors to protect personal data.

More information is available on our Subprocessors page.

13. International Data Transfers

We are based in Latvia and primarily operate under European Union data protection law.

Some of our service providers, subprocessors or Connected Platforms may process personal data outside the European Union or European Economic Area.

Where personal data is transferred outside the EU or EEA, we rely on appropriate transfer mechanisms where required, such as:

• adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• supplementary safeguards where required
• another lawful transfer mechanism under applicable data protection law

Some third-party platforms, including social media platforms and AI providers, may process data in countries outside the EU or EEA according to their own terms and privacy policies.

14. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods depend on the type of data and the purpose of processing.

14.1 Account data

We keep Account data while your Account is active.

After Account deletion or termination, we may retain limited Account data for a reasonable period for security, legal, billing, fraud prevention, dispute resolution and backup purposes.

14.2 Business Profile data

We keep Business Profile data while the Business Profile is active or while needed to provide the Service.

If a Business Profile is deleted, cancelled, downgraded or terminated, we may delete, archive or restrict access to the data according to our retention rules and technical backup cycles.

14.3 Content and media

Uploaded media, generated Content, drafts, scheduled posts and outputs may be kept while your Account or Business Profile is active.

You are responsible for exporting Content you need before deleting your Account or Business Profile.

We may retain limited copies of Content in backups, logs or records for a reasonable period where necessary for security, legal, technical or dispute purposes.

14.4 Billing and tax records

Billing, invoice, payment and tax records may be retained for the period required by accounting, tax and legal obligations.

14.5 Support and legal requests

Support messages, legal requests and related communications may be retained for as long as needed to respond, resolve the matter, maintain records, protect our rights or comply with legal obligations.

14.6 Security logs

Security logs, technical logs, fraud prevention data and abuse detection records may be retained for a reasonable period to protect the Service, investigate incidents and enforce our Terms.

14.7 Backups

Data may remain in encrypted or protected backups for a limited period after deletion from active systems. Backup data is not normally accessed unless needed for restoration, security, legal or continuity purposes.

15. Your Data Protection Rights

Depending on your location and applicable law, you may have the right to:

• access your personal data
• receive information about how we process your personal data
• correct inaccurate or incomplete personal data
• request deletion of your personal data
• restrict processing of your personal data
• object to processing based on legitimate interests
• withdraw consent where processing is based on consent
• request data portability
• object to direct marketing
• lodge a complaint with a supervisory authority

These rights may be limited in some cases, including where we need to retain data for legal, security, fraud prevention, accounting, dispute resolution or legitimate business purposes.

16. How to Exercise Your Rights

To exercise your rights, contact us at:

legal@flameingo.ai

We may need to verify your identity before responding to your request.

If you use the Service on behalf of a business customer and your request relates to personal data controlled by that business customer, we may refer your request to the relevant customer or act according to their instructions.

We aim to respond to valid requests within the period required by applicable law.

17. Complaints

If you are in the EU or EEA, you may have the right to lodge a complaint with a competent data protection supervisory authority.

In Latvia, the supervisory authority is the Data State Inspectorate.

You may also contact the supervisory authority in the EU or EEA country where you live, work or believe that a data protection issue has occurred.

We encourage you to contact us first at legal@flameingo.ai so we can try to resolve your concern.

18. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction.

These measures may include:

• authentication controls
• access controls
• role-based permissions
• secure hosting providers
• database security controls
• encryption in transit where supported
• security logging
• monitoring
• backups
• provider security controls
• abuse prevention systems
• Cloudflare or similar security checks

No online service, cloud system, AI tool, integration or transmission method is completely secure. We cannot guarantee absolute security.

You are responsible for keeping your login details secure and ensuring that only authorised persons access your Account and Business Profiles.

19. Your Responsibilities

You are responsible for:

• providing accurate Account and billing information
• keeping your login credentials secure
• ensuring that you have the right to upload and process Content
• obtaining required permissions and consents for people shown in photos or videos
• ensuring that personal data in Content is processed lawfully
• reviewing public business information imported into a Business Profile
• reviewing and approving AI-generated or AI-edited Content before use
• complying with social media platform rules
• complying with laws that apply to your business and target market
• deleting or correcting data where required

If you upload Content that includes employees, customers, children, guests, influencers, contractors or other identifiable persons, you are responsible for ensuring that all required rights, notices, permissions and consents are in place.

20. Children

The Service is not intended for use by persons under 18.

You must be at least 18 years old to create an Account, subscribe to a paid plan, connect social media accounts or use the Service.

The Service may process Content that includes children if you upload, generate, edit or publish such Content. You are responsible for ensuring that you have all required parental, guardian or legal consents before using such Content.

We may delete or restrict Content involving children if we believe it creates legal, safety, privacy, platform or reputational risk.

21. Marketing Communications

We may send you service-related emails, such as account, billing, security, product, legal or support messages.

We may send marketing emails where permitted by law, including where you have consented or where we may rely on another lawful basis.

You can unsubscribe from marketing emails using the unsubscribe link where available or by contacting us.

You may still receive service-related emails even if you unsubscribe from marketing messages.

22. Cookies and Marketing Preferences

Where required, we will ask for your consent before using optional analytics, advertising or marketing cookies.

You may change cookie preferences through our cookie banner or preference tool where available.

Browser settings may allow you to block or delete cookies, but some parts of the Service may not work correctly without necessary cookies.

More information is available in our Cookie Policy.

23. Do Not Track and Browser Signals

Some browsers may send “Do Not Track” or similar signals.

Because there is no uniform industry standard for responding to all such signals, we may not respond to every browser signal in the same way.

Where legally required, we will respect valid consent choices and applicable privacy preference mechanisms.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we may notify you by email, in-product notice, website notice or another reasonable method.

The updated Privacy Policy will apply from the date shown at the top of the page.

Your continued use of the Service after the updated Privacy Policy takes effect means that you acknowledge the updated policy.

25. Contact

For privacy questions, data protection requests, legal notices or complaints, contact:

SIA ResFeed
Registration No.: 40203742414
Email: legal@flameingo.ai