← Back to FlirtIQ

Privacy Policy

Last updated: June 24, 2026

1. Who We Are

FlirtIQ (“we”, “us”, “our”) operates the website and service at flirtiq.online. We are the data controller for information collected through our platform.

Contact: privacy@flirtiq.online

2. What Data We Collect

a) Account Data

When you register, we collect your email address via Supabase authentication. We do not collect your name, phone number, or any social profile unless you voluntarily provide it.

b) Screenshots You Upload

Screenshots are transmitted directly to OpenAI's API (GPT-4o) for AI analysis. We do not store screenshots on our servers. Once the analysis is returned to you, the image is discarded. OpenAI's use of this data is governed by OpenAI's Privacy Policy.

c) Usage Data

We track your usage (the number of analyses per day, and your remaining credits) server-side in Supabase. We store only a date and a count tied to your account — never the content of your chats or screenshots. This lets us enforce the free daily limit and your credit balance.

d) Payment Data

Payments are processed entirely by Paddle (our Merchant of Record). We never see or store your card number, bank details, or billing address. We receive only a customer ID and subscription status from Paddle.

e) Technical Data

Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, and pages visited. This data is used for security and performance monitoring and is subject to Vercel's Privacy Policy.

3. How We Use Your Data

  • To create and manage your account
  • To provide the AI analysis service
  • To process your subscription and verify access
  • To send important service emails (billing receipts, policy updates)
  • To enforce our Terms of Service and prevent abuse

We do not sell your data, use it for advertising, or share it with third parties beyond what is listed in Section 4.

4. Third-Party Services

ServicePurposeData Shared
OpenAI (GPT-4o)AI screenshot analysisYour uploaded screenshot (not stored)
SupabaseAuthentication & databaseEmail, subscription status
PaddlePayment processing (Merchant of Record)Email, payment details
VercelHosting & infrastructureServer logs, IP address

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal bases are:

  • Contract performance — to provide the service you signed up for
  • Legitimate interests — for fraud prevention, security, and service improvement
  • Legal obligation — to comply with applicable laws
  • Consent — for any optional communications (you may withdraw at any time)

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Screenshots: Never stored — discarded immediately after AI processing.
  • Subscription records: Retained for 7 years for legal and tax compliance purposes.
  • Usage logs: Retained for up to 90 days for abuse prevention.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your account and personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request that we limit how we use your data

To exercise any right, email privacy@flirtiq.online. We will respond within 30 days. Indian users also have rights under the Information Technology (Reasonable Security Practices) Rules, 2011.

8. Data Security

We use industry-standard security measures including HTTPS encryption, Supabase Row Level Security (RLS) policies, and secure environment variable management. However, no system is 100% secure. If you suspect a security breach, contact us immediately at security@flirtiq.online.

9. International Data Transfers

FlirtIQ operates globally. Your data may be processed in countries outside your own (including the United States via OpenAI, Supabase, Paddle, and Vercel). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by GDPR.

10. Cookies

FlirtIQ uses minimal cookies. We use a session cookie set by Supabase for authentication. We use localStorage (not cookies) for language preference and free tier tracking — this data stays in your browser and is not sent to our servers.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

11. Children's Privacy

FlirtIQ is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@flirtiq.online and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a notice on the website at least 7 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

13. Contact & Complaints

For privacy questions or to exercise your rights:
privacy@flirtiq.online

If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.