Privacy Policy
Last updated: November 8, 2025
🔒 Your Privacy Matters
Flirton.ai is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information in compliance with:
- • GDPR (General Data Protection Regulation - EU)
- • CCPA (California Consumer Privacy Act - USA)
- • Other applicable data protection laws
1. Who We Are
Flirton.ai is an AI-powered chat platform operated by [Your Company Name], incorporated in [Country].
Data Controller:
Company: [Your Company Name]
Registration Number: [Registration #]
Address: [Legal Address]
Email: privacy@flirton.ai
DPO (Data Protection Officer): dpo@flirton.ai
As the data controller, we are responsible for deciding how and why your personal data is processed. This Privacy Policy applies to all users of Flirton.ai worldwide.
2. Information We Collect
We collect different types of information depending on how you use Flirton.ai:
2.1 Account & Profile Information
When you create an account, we collect:
- •Email address (required for authentication via Clerk)
- •Username (optional, publicly visible if provided)
- •Profile photo (optional, uploaded by you)
- •Bio/description (optional, publicly visible)
- •Account creation date
- •OAuth data (if you sign in with Google, GitHub, etc.)
2.2 Content & Usage Data
When you use Flirton.ai, we collect:
- •Chat messages (your messages and AI responses)
- •AI characters you create (name, description, personality, avatar images)
- •Images you upload (in chats or as character avatars)
- •NSFW preference (boolean flag + timestamp when toggled)
- •Interactions (likes, favorites, character views)
- •Usage statistics (number of messages sent, characters created)
2.3 Technical & Device Information
We automatically collect technical data when you access Flirton.ai:
- •IP address (for security and analytics)
- •User agent (browser type and version)
- •Device information (operating system, device type)
- •Cookies (authentication, preferences, analytics)
- •Session data (login times, session duration)
- •Referral source (how you found Flirton.ai)
- •Page views and clicks (aggregated analytics)
2.4 Payment Information
When you subscribe to a paid plan:
- •We DO NOT store credit card details. All payment information is securely processed and stored by Stripe, our PCI-DSS compliant payment processor.
- •We only store: Stripe Customer ID, Subscription ID, Payment status, Subscription plan type, Billing date
2.5 Communications
If you contact us, we collect:
- •Support tickets (emails, chat transcripts)
- •Feedback and surveys (if you choose to provide them)
- •Marketing preferences (opt-in/opt-out status)
2.6 Data Storage Location
🌍 Where Your Data is Stored
Flirton.ai's primary infrastructure is hosted in the United States via Vercel. This means your data (messages, characters, images) is stored on servers located in the US.
For EU/EEA/UK users: Your data is transferred from the EU to the US under Standard Contractual Clauses (SCCs) approved by the European Commission. You explicitly consent to this transfer by using Flirton.ai.
For more details on international transfers, see Section 8.
3. How We Use Your Information
We use your personal data for the following purposes:
🔧 To Provide and Improve the Service
- • Create and manage your account
- • Enable AI chat functionality and character creation
- • Process and store your messages and characters
- • Display public content (characters, profiles) to other users
- • Enforce usage limits based on your subscription plan
💳 To Process Payments
- • Process subscription payments via Stripe
- • Manage billing cycles and renewals
- • Handle refunds and cancellations
- • Prevent fraud and chargebacks
🛡️ For Security and Compliance
- • Detect and prevent fraud, spam, and abuse
- • Enforce our Terms of Service and Content Policy
- • Verify age requirements (18+)
- • Comply with legal obligations and law enforcement requests
- • Maintain system security and integrity
📊 For Analytics and Improvement
- • Analyze usage patterns to improve AI performance
- • Track feature adoption and user engagement
- • Conduct A/B testing and product research
- • Generate anonymized statistics and reports
💬 For Communication
- • Send transactional emails (password resets, payment confirmations)
- • Provide customer support
- • Notify you of service updates or policy changes
- • Send marketing communications (only with your consent)
🤖 For AI Training and Development
- • Improve AI response quality and accuracy
- • Train content moderation systems
- • Develop new features and capabilities
- • Note: Your data may be used in anonymized, aggregated form for AI improvements
4. Legal Basis for Processing (GDPR)
If you are in the European Union, we process your data based on the following legal grounds:
📝 Contract Performance (Art. 6(1)(b) GDPR)
Processing necessary to provide Flirton.ai services under our Terms of Service: account management, chat functionality, subscription billing.
⚖️ Legal Obligation (Art. 6(1)(c) GDPR)
Compliance with laws: age verification, tax reporting, responding to law enforcement requests.
🎯 Legitimate Interest (Art. 6(1)(f) GDPR)
Analytics, fraud prevention, service improvement, security monitoring. We balance our interests against your privacy rights.
✅ Consent (Art. 6(1)(a) GDPR)
NSFW content access, marketing emails, optional analytics cookies. You can withdraw consent at any time.
5. How We Share Your Information
We do NOT sell your personal data. We share data only in the following limited circumstances:
5.1 Service Providers (Processors)
We share data with trusted third-party services that help us operate Flirton.ai:
🔐 Clerk (Authentication)
Manages user accounts, login, and OAuth. Privacy Policy
💳 Stripe (Payment Processing)
Processes payments and subscriptions. Privacy Policy
🤖 x.ai (AI Provider - Grok)
Powers AI chat responses. Your messages are sent to Grok for processing. Privacy Policy
☁️ Servers (Hosting & Infrastructure)
Primary hosting provider. All Flirton.ai data (database, files, messages) is stored on servers located in the United States. Provides anonymized analytics. Privacy Policy
📊 PostHog (Optional Analytics)
Anonymized product analytics. Privacy Policy
All processors are bound by data processing agreements (DPAs) and must comply with GDPR/CCPA.
5.2 Public Content
⚠️ Public Information
The following information is publicly visible to all Flirton.ai users:
- • Your username and profile photo (if provided)
- • Your bio/description
- • Public AI characters you create (name, description, avatar)
- • Public character statistics (likes, chat count)
Your chat messages and private characters are NEVER shared publicly.
5.3 Legal Requirements
We may disclose your data if required by law:
- • Subpoenas, court orders, or legal processes
- • Law enforcement requests (with valid legal basis)
- • Protection of our rights, property, or safety
- • Investigation of fraud, Terms of Service violations, or illegal activity
- • Compliance with CSAM (Child Sexual Abuse Material) reporting obligations
We will notify you of legal requests unless prohibited by law.
5.4 Business Transfers
If Flirton.ai is acquired, merged, or undergoes bankruptcy, your data may be transferred to the acquiring entity. You will be notified of any such transfer, and the new entity must honor this Privacy Policy.
6. Data Retention
We retain your data for as long as necessary to provide Flirton.ai services and comply with legal obligations:
👤 Active Accounts
Data is retained indefinitely while your account is active. You can delete your account at any time (see Section 7).
🗑️ Deleted Accounts
After you delete your account, all personal data is permanently deleted within 30 days. Backups are purged within 90 days.
💬 Messages & Characters
Stored indefinitely while your account is active. Deleted immediately upon account deletion.
📊 Server Logs
Technical logs (IP addresses, user agents) are retained for 90 days for security and debugging purposes.
💳 Payment Records
Billing records are retained for 7 years for tax and accounting compliance.
⚖️ Legal Hold
Data subject to legal proceedings, investigations, or regulatory requests is retained until the matter is resolved.
7. Your Privacy Rights
Depending on your location, you have specific rights regarding your personal data:
🇪🇺 GDPR Rights (EU/UK/EEA)
📥 Right to Access (Art. 15)
Request a copy of all personal data we hold about you. Export your data in JSON format via Account Settings or email privacy@flirton.ai.
✏️ Right to Rectification (Art. 16)
Correct inaccurate or incomplete data via Account Settings.
🗑️ Right to Erasure / "Right to be Forgotten" (Art. 17)
Delete your account and all associated data. Go to Settings → Delete Account, or email privacy@flirton.ai. Data will be permanently deleted within 30 days.
⏸️ Right to Restriction (Art. 18)
Request temporary suspension of data processing in certain circumstances.
📤 Right to Data Portability (Art. 20)
Receive your data in a machine-readable format (JSON) to transfer to another service.
🚫 Right to Object (Art. 21)
Object to processing based on legitimate interests (e.g., marketing, analytics).
🔙 Right to Withdraw Consent
Withdraw consent for NSFW content, marketing emails, or analytics at any time via Settings.
📮 Right to Lodge a Complaint
File a complaint with your national Data Protection Authority if you believe we've violated GDPR.
🇺🇸 CCPA Rights (California)
🔍 Right to Know
Request disclosure of: (1) categories of data collected, (2) sources, (3) purposes, (4) third parties we share with, (5) specific data collected about you.
🗑️ Right to Delete
Request deletion of your personal data (subject to exceptions for legal compliance).
🚫 Right to Opt-Out of Sale
Flirton.ai does NOT sell your personal data. We do not share data for monetary consideration.
⚖️ Right to Non-Discrimination
You will not be discriminated against for exercising your CCPA rights.
📧 How to Exercise Your Rights
To exercise any of these rights, contact us:
- • Email: privacy@flirton.ai
- • In-App: Settings → Privacy → Data Request
- • Response Time: Within 30 days (GDPR) or 45 days (CCPA)
We may require identity verification before processing requests. There is no fee for exercising your rights (unless requests are excessive or unfounded).
8. International Data Transfers
Flirton.ai operates globally and uses service providers in different countries. Your data may be transferred to and processed in countries outside your residence, including the United States.
🌍 EU → US Data Transfers
For users in the European Economic Area (EEA), UK, or Switzerland, we transfer data to the US under the following safeguards:
- • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- • Adequacy Decisions: Where the EU Commission has determined adequate protection
- • Data Processing Agreements: With all US-based processors (Stripe, Vercel, etc.)
By using Flirton.ai, you consent to these international transfers. You have the right to obtain a copy of the safeguards we use by contacting privacy@flirton.ai.
9. Data Security
We implement industry-standard security measures to protect your data:
🔐 Encryption
Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Database backups are encrypted.
🛡️ Access Controls
Strict access controls limit data access to authorized personnel only. Multi-factor authentication (MFA) required for admin access.
🔍 Monitoring
Continuous security monitoring, intrusion detection, and regular security audits.
🔄 Regular Updates
Systems are regularly patched and updated to protect against vulnerabilities.
💾 Backups
Encrypted daily backups with 30-day retention for disaster recovery.
⚠️ Important
While we take security seriously, no system is 100% secure. We cannot guarantee absolute security against unauthorized access, hacking, or data breaches. You use Flirton.ai at your own risk.
10. Children's Privacy
🔞 NO MINORS ALLOWED
Flirton.ai is strictly 18+ only. We do NOT knowingly collect data from anyone under 18 years of age (or under 13 in compliance with COPPA).
If we discover that a minor has created an account:
- The account will be immediately and permanently banned
- All data associated with the account will be deleted within 48 hours
- No refunds will be issued
- We may report to appropriate authorities if required by law
If you are a parent or guardian and believe your child has created an account, contact us immediately at:
Email: abuse@flirton.ai
12. Third-Party Services & Links
Flirton.ai may contain links to third-party websites or services (e.g., OAuth providers, external resources). We are NOT responsible for the privacy practices of these third parties.
When you click on external links or use third-party authentication (Google, GitHub), you are subject to those providers' privacy policies. We encourage you to review their policies before sharing information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.
How we notify you:
- • Email notification for material changes
- • In-app banner upon next login
- • Updated "Last updated" date at the top of this page
Material changes take effect 30 days after notification. Continued use of Flirton.ai after changes constitutes acceptance. If you do not agree to the modified policy, you must stop using Flirton.ai and may delete your account.
14. Contact Information & Data Protection Officer
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
📧 Privacy Inquiries:
🛡️ Data Protection Officer (DPO):
📮 Postal Address:
[Your Company Name]
[Street Address]
[City, Postal Code]
[Country]
💬 Support:
EU Users: You have the right to lodge a complaint with your local supervisory authority:
Find your Data Protection Authority: EDPB Member List
📌 Privacy Policy Summary
- ✅ We collect: Account info, messages, characters, technical data
- ✅ We use it to: Provide service, improve AI, ensure security
- ✅ We share with: Service providers (Clerk, Stripe, x.ai, Vercel) only
- ❌ We do NOT sell your data
- 🇪🇺 GDPR compliant: Right to access, delete, port, object
- 🇺🇸 CCPA compliant: Right to know, delete, opt-out (we don't sell)
- 🔞 18+ only: Minors banned immediately
- 🔐 Encrypted storage, 30-day deletion after account closure
- 📧 Contact: privacy@flirton.ai