Flynk11 Ltd ("we", "us", "our") provides an AI-powered blog generator platform ("the Service"). This Privacy Policy explains how we collect, use, and share information when you use the Service. By using the Service, you agree to the data practices described in this policy. In essence, we collect certain personal and usage data to operate and improve our Service, process it lawfully under UK data protection rules, and protect your rights and privacy in the process.
Information We Collect
We collect several categories of information from users of our Service, including:
Account Information: When you create an account, we collect personal details such as your name, email address, login credentials or authentication identifiers, and any organization or company details you provide. This is basic information needed to set up and administer your account (e.g. to identify you and provide access).
Content You Provide: We collect and store content that you input into the platform. This includes the text prompts or instructions you give our AI, any page content or translations you generate, images or files you upload, and the AI-generated outputs or blog content created for you. Essentially, all materials you enter or generate through the Service may be collected and associated with your account for the purpose of providing the Service.
Usage Data: Like most online services, we automatically collect data about how you use the Service. This usage data can include your interactions with our editor interface, records of content generation events (e.g. when you trigger the AI to create or rewrite text), the number of tokens consumed during AI generations, and other activity logs. We also collect technical information such as your device and software (browser type/version, device identifiers), your IP address, and pages or features you access on our site. This information helps us understand usage patterns and troubleshoot issues.
Cookies and Similar Technologies: We use cookies (small data files stored on your device) and similar tracking technologies to operate and enhance the Service. In particular, we use essential cookies that are necessary for site functionality (e.g. keeping you logged in, session management) and analytics cookies that help us understand how the Service is performing and how users interact with it. For instance, an analytics cookie might track which pages are most visited or how often content is generated. We do not use advertising cookies, and we honor your preferences regarding non-essential cookies. (Please refer to our separate Cookie Policy for more details on the specific cookies in use and your choices.)
How We Use Information
We use the collected information for various legitimate purposes in operating and improving our Service. The main uses of your information include:
Providing and Maintaining the Service: We use your account details to authenticate you and allow access to the platform. Your content and prompts are used to generate the AI-driven blog content or translations that you request. Essentially, we process your data to deliver the core functionality of the Service that you expect (e.g. taking your input and producing output, saving your work, etc.).
Content Generation and Optimization: Our platform integrates AI models to generate or rewrite content based on your prompts. We use your input and any relevant context (like settings or previous content) to feed into these AI models and produce the results. We also may use data on generation events and token usage to optimize how the AI responds and allocate resources efficiently.
Improving Performance and User Experience: We analyze usage data (and sometimes user-provided content in aggregate or de-identified form) to debug issues, improve the reliability and speed of the Service, and develop new features. For example, understanding which features are used most (via usage logs) can guide us in enhancing those features. Similarly, tracking errors or failures helps us fix bugs. These improvements are done to better serve our users and refine our AI models or algorithms over time.
Customer Support and Communication: If you reach out to us with a question or issue (for example, via email or support channels), we will use your account and usage information to help troubleshoot and respond. We may also send you service-related communications, such as important updates or alerts about the Service (for instance, notices about maintenance or changes in policy). We will communicate with you using the contact information you provided (typically your email).
Security and Fraud Prevention: We are committed to keeping the Service and our users' data secure. Information like IP addresses, device info, and usage patterns may be used to detect and prevent suspicious or malicious activity. For example, we might use IP addresses and other signals to identify potential unauthorized logins or abuse of the platform. This helps us protect against fraud, spam, or other misuse, and to ensure the security and integrity of our Service.
Legal Compliance: Finally, we use personal information as necessary to comply with our legal obligations. This could include retaining certain records to meet regulatory requirements, responding to lawful requests by authorities, or using data to enforce our agreements and rights. In short, if the law requires us to process or disclose certain information, or if we need to use data in order to protect our legal rights or the rights/safety of others, we will do so.
These uses of information align with common legitimate purposes recognized under data protection laws. We do not use the data for any purposes incompatible with the above, such as unsolicited marketing (unless you have given consent) or selling your personal data.
AI Processing
A core aspect of our Service is the AI-driven content generation. To provide these features (like generating or rewriting text, and translating content), your prompts and relevant context may be sent to third-party AI model providers that we integrate with. In other words, when you ask our platform to generate some blog content, our system may call an external AI API service to get the result. These third-party AI providers act as our processors, meaning they process the data strictly on our instructions and for our purposes (to deliver the AI functionality you requested). For example, if we use OpenAI's API or a similar service to generate text, your prompt and necessary context would be sent securely to that AI provider, which returns the generated text. Importantly, such providers typically do not use your data for their own purposes or training by default – for instance, OpenAI's API policy states that it will not use API-supplied data to train its models unless the customer explicitly opts in. This means the content you provide is used only to produce the output you requested, and not to improve the third-party's models in general.
In addition to using third-party AI for generation, we may use the content you provide to improve our own AI systems or service algorithms. Our goal is to refine the platform's performance over time. For example, we might analyze prompts and outputs to fine-tune our content generation approach or to develop better prompt handling. If we do this, we treat it with care for your privacy: such processing would typically be considered under our "service improvement" purposes and, where feasible, we would aggregate or anonymize data. According to our current policy, we will not use your personal content to train our own AI models unless you have explicitly opted in to that use. (In other words, by default we refrain from using your prompts or generated texts to train proprietary models that learn from all user data, unless you give consent. This was set to respect user privacy concerns.) However, we may revisit this practice under the scope of "legitimate interests" – i.e., using data to improve the service – while still ensuring that any such use does not override your privacy rights. In any case, if we ever expand our use of your content for training or improving AI beyond what you might expect, we will explicitly inform you or seek consent. You also retain the right to object to such processing (as described in the Your Rights section below).
To summarize, AI features on our platform work by processing your data through specialized AI engines. Third-party AI providers only process your data to fulfill the generation or translation task and do not keep it for other purposes by default. Internally, we might use your data to enhance our service, but we do not sell it or freely use it for unrelated model training without permission. Your content remains confidential and is processed only to serve you and improve the Service within the boundaries of this policy.
Legal Bases for Processing (UK/EEA)
If you are in the United Kingdom or European Economic Area, our processing of your personal data is governed by the UK GDPR (United Kingdom General Data Protection Regulation) and the Data Protection Act 2018. These laws require that we have a valid legal basis for each use of your data. We rely on the following legal bases as appropriate:
Contract: We process certain data because it is necessary to perform our contract with you – that is, to provide the Service you have requested. For example, when you sign up and agree to our terms, a contract is formed, and we need to use your account data and content to deliver the features (such as generating the blog content as promised). Without processing your prompts and account info, we couldn't provide the service, so this falls under contractual necessity.
Legitimate Interests: We process data to further our legitimate business interests in running and improving the Service. This includes uses like improving performance, securing the platform, preventing fraud, and understanding usage patterns. We believe these uses are not overridden by your rights because they are expected aspects of operating a safe and effective service. For instance, analyzing logs to improve response times or using IP addresses to thwart malicious attacks would be considered in our legitimate interests. When relying on this basis, we ensure that we only use the data in ways you would reasonably expect and that have minimal privacy impact, and you always have the right to object if you have particular concerns (see Your Rights below).
Consent: For any processing that is purely optional and not strictly necessary, we will seek your consent. For example, using analytics cookies or sending you marketing emails would typically only happen if you agree (opt-in). In practice, this means if we ever want to use non-essential cookies (for analytics) or send you a newsletter or promotional content, we will ask for your consent and you can decline or revoke that consent at any time. (Similarly, if we ever decided to use your content to train our models in a way not covered by legitimate interests, we might do so only with explicit opt-in consent.)
Legal Obligation: In some cases, we must process or disclose data because the law requires it. For example, we may need to keep certain financial transaction records for tax or accounting purposes, or respond to an official legal request (like a court order) for information. In such cases, the basis for processing is compliance with a legal obligation to which we are subject. We only do this where strictly necessary to meet our obligations.
Each of these bases is recognized under Article 6 of the GDPR as a lawful reason to process personal data. We determine the appropriate basis depending on the context – for instance, account and content data are mainly processed under contract (to provide the service), improvement and security uses fall under legitimate interests, analytics cookies under consent, and any mandatory disclosures under legal obligation. If a given piece of data is used for multiple purposes, we ensure there's a lawful basis for each. We do not rely on "public task" or "vital interests" bases since those are typically for government or life-and-death situations, not applicable to our Service. By transparently outlining our legal bases, we aim to comply with UK GDPR's requirements and give you clarity on why we handle your data.
Sharing of Information
We do not sell your personal information to anyone – we want to state that upfront (selling meaning exchanging your personal data for money or other benefits). However, we do share certain information with trusted third parties in order to run the Service, but always under defined purposes and with protections in place. The types of recipients with whom we may share data include:
Service Providers (Processors): These are companies or services that process data on our behalf and under our instructions. We use a number of such providers to support the Service's infrastructure and features. For example, we rely on cloud hosting and storage providers to store data and keep the Service online (your data might be stored on their servers, but they can only use it per our agreement). We use third-party AI model providers to perform the content generation and translation (as discussed above, your prompts go to them to produce results, but they can't use that data beyond providing the result). We might use analytics services to monitor performance, or customer support software to manage inquiries, or an email service to send communications. In all cases, these providers are bound by data processing agreements to handle your data confidentially and securely, and only for the purposes we dictate. They do not get any independent right to use your personal information for their own agendas.
Payment Processors: If our Service offers paid plans, we would use third-party payment processors to handle billing (for example, a company like Stripe). In that scenario, you might provide payment information (credit card details, etc.) directly to the processor, not to us, and they in turn just notify us of the payment status. Those processors are also bound to protect your data and only use it for the payment processing. (Note: In our current setup, if applicable, we ensure we do not store full payment card details on our own servers, for security compliance reasons.)
Integration Partners: In some cases, you might choose to integrate our Service with other tools (for example, if we allow exporting your content to another platform or retrieving data from another service). If you do so, we would share data at your direction with such third-party services. Those transfers would be obvious to you and based on your requests.
Affiliates: If Flynk11 Ltd has any affiliate or parent companies (currently we are UK-based and standalone), we might share data within our corporate family if necessary for similar purposes as this policy describes. (At present, this is just a note for completeness; if we ever had a corporate affiliate helping to operate the service, they'd abide by the same privacy commitments.)
For Legal or Safety Reasons: We may disclose information when required by law or necessary to protect rights and safety. For example, if we receive a valid subpoena or court order, we might have to provide the requested data. Or if we need to disclose information to regulators or authorities (such as the ICO in the UK) in the context of legal compliance. Also, if needed to investigate and address fraud, security breaches, or violations of our Terms of Service, we might share data with appropriate parties (like law enforcement or security consultants). This kind of sharing is done only when lawful and necessary.
Business Transfers: If we ever undergo a business transaction such as a merger, acquisition, or sale of assets, user information could be part of that transaction (as an asset transferred to the new owner). If that happened, we would ensure the new owner continues to protect your data in line with this privacy policy, and we would notify users of the change. This is a standard scenario covered in many privacy policies, though it's only relevant in significant corporate changes.
Aside from the above, we may also share aggregated or anonymized information publicly or with partners. For instance, we might publish usage statistics (like "our AI generated X articles last month") that contain no personal data and cannot be linked back to any individual. Such information is not personal and is just used to illustrate trends or Service performance.
To reiterate, we do not sell personal information. Any third-party sharing is done to help provide or improve the Service, or for legal reasons, and not for profit. And in all cases, we strive to share the minimum amount of data necessary. We also ensure any service providers we use are reputable and contractually obligated to safeguard your data (e.g., via strict confidentiality and data security commitments). If you have any questions about specific third parties we use, you can contact us and we'll be happy to provide more detail.
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. In practice:
If you have an account with us, we will keep your personal data while your account is active, since we need it to provide you the Service. For example, your account profile info and your saved content will be stored so long as you continue to use the platform.
If you choose to delete your account or if it becomes inactive, we will delete or anonymize your personal data within a reasonable period after account closure, except for any data we are required to keep longer (such as certain logs or records for legal compliance or security). In general, once you stop using the Service, we don't want to hold your data indefinitely. We periodically review our databases and erase data that is no longer needed.
Certain types of data are retained for shorter specific periods by default. For instance, generation logs and analytics data are typically kept only for a limited time to serve their purpose. Our policy is to retain such logs for on the order of 30 to 180 days in many cases. This range allows us to troubleshoot recent issues and gather usage metrics, but not hold detailed logs long-term. After this period, the logs might be automatically deleted or anonymized (unless they have to be kept longer as noted below).
We may retain backup copies of data for a bit longer than active data, due to routine backup procedures. These backups are securely stored and eventually cycled out; even in backups we do not keep data beyond what's reasonably needed.
In some circumstances, laws or regulations require us to retain certain information for an extended duration. For example, financial transaction records might need to be kept for several years for tax auditing, or if there's an ongoing legal issue, we might need to preserve relevant data until it's resolved. Also, to maintain security and continuity, we might keep some data in archives for a longer period (if strictly necessary). Any such extended retention will be for compliance or operational continuity reasons and will adhere to applicable laws. We'll ensure that any data kept longer is protected and only used for the appropriate purpose (e.g. not re-used for marketing after you've deleted your account).
When the retention period is over, or if the data is no longer needed, we will delete the personal information or anonymize it (so it can no longer be linked to you). For example, logs older than our retention window might be purged on a rolling basis, and accounts that have been deleted will have personal identifiers scrubbed from our systems after our retention grace period. We aim not to keep any personal data indefinitely "just in case," in line with data minimization principles.
In summary, we keep your data only as long as you're using the Service or as long as necessary for the stated purposes (plus any legally required period). Typical log data is retained for a short window (e.g., a few months), while core account and content data persist while your account is active. After that, we securely dispose of data. If you have specific questions about our data retention practices (for example, how long a certain type of data is kept), feel free to contact us.
International Transfers
Flynk11 is based in the United Kingdom. However, the nature of cloud services and the internet means the personal data we collect may be processed and stored in other countries as well. In particular, if you are located outside the UK, your information will likely be transferred to and processed in the UK (where our company operates and where our main servers might reside). Additionally, we use some third-party service providers (for hosting, storage, etc.) that may be located in or have servers in other jurisdictions (for example, cloud providers in the European Union or the United States or other regions).
Whenever we transfer personal data outside of the UK (or similarly, if we transfer data from the European Economic Area to a different country), we take steps to ensure that appropriate safeguards are in place to protect your information. The UK and EU have strict rules for international data transfers – essentially, they want your data to continue to have a high level of protection even if it leaves the UK/EEA. Here are measures we rely on:
Adequacy Decisions: In some cases, the destination country may be deemed by the UK (or EU) authorities to have an adequate level of data protection. For example, transfers from the UK to the EEA (and vice versa) are currently permitted freely because the UK is considered adequate by the EU and the UK deems EEA countries adequate. If we transfer data to a country that has an official adequacy decision, that means the country is recognized as protecting personal data sufficiently, so the transfer is allowed.
Standard Contractual Clauses (SCCs): For many other international transfers, we use the European Commission's Standard Contractual Clauses as a legal mechanism. These are pre-approved contractual commitments that bind the recipient of the data to protect it according to GDPR standards. In practice, if we send data to, say, a service provider in the U.S. (which doesn't have an "adequacy" status except under specific frameworks), we would sign an SCC agreement with them obligating them to safeguard your data.
UK International Data Transfer Agreement (IDTA) or Addendum: Since Brexit, the UK has its own equivalent of SCCs. For transfers of UK data to non-UK countries, we may use the UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs. These legal tools serve a similar purpose – contractually ensuring the overseas recipient upholds UK GDPR standards for your data. We will implement whichever is appropriate for a given transfer (for example, an IDTA for a UK-to-U.S. transfer).
Additional Safeguards: Where needed, we also consider technical and organizational measures as supplementary safeguards. This could include encryption of data in transit and at rest, strict access controls, and due diligence on the data protection practices of the recipient. We only work with third-party processors who commit to strong data security. In some cases, we might also perform transfer risk assessments to ensure that the data will remain protected overseas in light of any local laws (this is in response to the "Schrems II" ruling which emphasizes checking that SCCs plus the local environment still offer adequate protection).
By using these mechanisms, we aim to comply with Article 46 of UK GDPR which requires appropriate safeguards for transfers. If none of the standard safeguards are available for a particular transfer, we would either rely on a specific exception under the law or refrain from transferring the data until we can ensure its security.
In summary, your data may be processed globally, but no matter where it goes, we will protect it. We'll ensure any international transfers are lawful and that your personal information continues to have a level of protection equivalent to that in the UK/EEA. If you'd like more information about cross-border data transfers (for example, to find out which countries your data might go to, or to obtain a copy of the contractual safeguards we use), you can contact us at the email provided in the Contact section.
Your Rights
As a user of our Service and as a data subject under the UK GDPR (or EU GDPR, if applicable), you have certain rights regarding your personal data that we hold. We respect and uphold these rights, which include the following:
Right of Access: You have the right to request a copy of the personal data we have about you, as well as information about how we process it. This is commonly known as a Subject Access Request. Upon verification of your identity, we will provide you with a summary of your personal information in our records (in a format such as a PDF or electronic report). This allows you to be aware of and verify the lawfulness of our processing.
Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or updated. For instance, if you realize your email address or name was recorded incorrectly, or your information has changed, you can ask us to fix it. We strive to keep data accurate and will promptly make corrections upon your request.
Right to Erasure: You can request that we delete your personal data in certain circumstances. Often called the "right to be forgotten," this applies, for example, if you cancel your account and want all your data removed, or if the data is no longer necessary for the purposes it was collected, or if you initially consented to a use of your data and decide to withdraw consent (and we have no other legal ground to keep it). We will honor valid erasure requests and wipe your data from our systems, except for information we are required to retain (we will inform you if that's the case, e.g. retaining some records for legal compliance).
Right to Restrict Processing: You have the right to ask us to limit or "pause" the processing of your data in certain scenarios. For example, if you contest the accuracy of your data or have objected to processing (see below) and we are evaluating the request, you can ask that we restrict processing in the interim. Another example is if we no longer need the data but you want us to keep it just for a legal claim. When processing is restricted, we will still store the data but not use it until the issue is resolved (unless necessary for legal reasons).
Right to Data Portability: You have the right to receive your personal data that you provided to us, in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible. In plain terms, you can ask for an export of your data (for example, your account information and content you've put in) so that you could reuse it in another service. We will provide the export in a reasonable format (likely CSV or JSON files, or similar), and if you request, we may transfer it directly to another service if possible. Note that this right applies to data processed by us on the basis of contract or consent, and only to the extent we have the data in digital form.
Right to Object: You have the right to object to our processing of your personal data when such processing is based on legitimate interests (or on performing a task in public interest, which we don't do). This means if you disagree with us processing your data for our legitimate business needs, you can object, and we will consider your objection. If we cannot demonstrate compelling legitimate grounds for the processing that override your rights and interests, we will stop the processing in question. In practice, this right is relevant, for example, if you object to us using your content to improve our AI (should we do so under legitimate interest) or if you object to certain analytics. Additionally, you have an absolute right to object to any direct marketing use of your data (though currently we do not do any unsolicited marketing, if we ever did, you can opt-out or object and we would stop).
Rights in Relation to Automated Decisions: Although not explicitly listed in our user-facing policy (perhaps because our Service doesn't make any legally significant decisions about users), UK/EU law provides you the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you. In our context, this likely isn't applicable since our AI is generating content for you, not making decisions about you that affect your rights. But we mention it for completeness: if ever there was automated decision-making impacting you, you'd have the right to human intervention and to contest the decision.
To exercise any of these rights, you can contact us (see Contact Us section below) with your specific request. We will usually need to verify your identity before fulfilling a request (to ensure that we don't give your data to someone else or delete the wrong person's info). Verification might be done by confirming some information we have on file, or other reasonable measures. There is generally no fee for exercising your rights, though if a request is manifestly unfounded or excessive (e.g., repetitive), the law allows us to charge a reasonable fee or refuse it – but we rarely, if ever, expect to do that. We aim to respond to all valid requests within one month, as required by GDPR, unless it's a particularly complex request (in which case we may inform you that we need a bit more time, up to an additional two months).
Beyond these data-specific rights, you also have the right to lodge a complaint with a data protection supervisory authority if you believe we have not handled your information properly or lawfully. In the UK, that authority is the Information Commissioner's Office (ICO). You can find details on how to report issues on the ICO's website (ico.org.uk). For example, if you've raised a concern with us and we haven't resolved it to your satisfaction, you can complain to the ICO. We would, of course, appreciate the chance to address your concerns first, so please feel free to contact us about any issue. But the right to complain to the regulator is there for you.
In summary, you are in control of your personal data. We are committed to enabling you to exercise your rights and will assist you in any way we can. Whether it's accessing what we know about you, correcting it, deleting it, or just asking questions about it, we're here to help. Your privacy rights are a fundamental part of data protection law and of this policy's intent.
Cookies and Tracking Technologies
As noted earlier, we use cookies and similar technologies on our website and platform. Here we'll briefly explain our approach and your options (full details are in our Cookie Policy):
Essential Cookies: These are cookies that are strictly necessary for the Service to function. Without them, you wouldn't be able to use basic features. For example, when you log in, an authentication cookie keeps you logged in as you navigate between pages; without it, the site wouldn't "remember" that you're authenticated. Other essential cookies might help with load balancing (distributing site traffic) or user interface preferences. These cookies do not require consent under applicable law – we use them based on our legitimate interest in providing a functional service, and they do not typically store any personal data beyond what's needed for that function.
Analytics Cookies: These cookies help us understand how users engage with the Service. We may use a third-party analytics tool (or an in-house analytics solution) that sets cookies to collect info like what pages you visit, how long you stay, what buttons you click, and so forth. The information gathered is usually aggregated and used to derive usage statistics (for instance, total number of visitors, popular features, etc.). This insight is really valuable for us to improve the Service and fix pain points. Importantly, we treat analytics cookies as optional – meaning we will ask for your consent before setting them. When you first visit our site, you'll likely see a cookie banner or prompt that lets you choose to enable or disable analytics cookies (and any other non-essential trackers). If you opt out, we either won't load these cookies or we'll respect a "Do Not Track" signal if your browser sends one (we do honor Do-Not-Track where feasible). There's no impact on core functionality if you decline analytics cookies; it simply means we'll have less data on how you and others use the platform.
We do not use advertising cookies or trackers for third-party marketing on our site. You will not find third-party banner ads or social media "like" buttons that track you, etc., in our Service. Our focus is on operational and analytics uses of cookies only.
If you want to learn more or adjust your preferences, you can consult our Cookie Policy which should detail each cookie by name, its purpose, and duration, as well as how to change your settings. Typically, you can also manage cookies through your browser settings (e.g., you can delete cookies or block them entirely), but note that blocking essential cookies might break certain features. For analytics or preference cookies, it's up to you – you can opt in or out at any time. If at any point you change your mind about cookie consent, you can use the cookie management tool on our site (often accessible via a footer link or your account settings) to update your choices.
In summary, we use cookies to make the Service run smoothly and to understand usage, not to invade your privacy. We give you notice and control over any non-essential cookies. For more detailed info, please see our Cookie Policy.
Security
We take the security of your personal information seriously and implement a range of administrative, technical, and organizational measures to protect it. Our goal is to safeguard your data against unauthorized access, disclosure, alteration, or destruction. Some of the security practices we have in place include:
Encryption: We employ encryption for data in transit and at rest. For example, our website uses HTTPS (TLS encryption) for all data exchanges, so that information between you and our servers is encrypted and cannot be easily intercepted. Stored data may also be encrypted on our servers or databases, adding an extra layer of protection.
Access Controls: We restrict access to personal data strictly to authorized personnel who need it to operate the Service. Our team members and any contractors are bound by confidentiality and are only permitted to access user data on a need-to-know basis (for instance, to troubleshoot an issue you reported). We utilize authentication, role-based permissions, and in many cases, multi-factor authentication for our internal admin accounts to prevent unauthorized access.
Network & System Security: We maintain up-to-date security measures for our infrastructure. This can include firewalls, intrusion detection systems, regular security patches for software, and monitoring of our systems for suspicious activities. We also contract reputable hosting providers who have strong physical and electronic security at their data centers.
Employee Training and Policies: We ensure that our team is trained on data protection and security best practices. We have internal policies governing how personal data should be handled. For example, we limit the use of production data in testing environments, and we require the use of secure password managers and strong passwords by those with access.
Incident Response: We have a procedure in place to handle any data security incidents. If something were to occur (like a potential data breach), we will act promptly to contain and investigate it, and we have obligations to notify users and authorities (ICO) as required by law. Our plan includes steps to mitigate harm and prevent future incidents.
While we strive to use commercially reasonable safeguards and follow industry best practices (such as guidelines aligned with standards like ISO 27001 or SOC 2 where applicable), it is important to understand that no method of transmission over the Internet, or method of electronic storage, is 100% secure. In other words, we cannot guarantee absolute security of your data. For example, even with encryption and protections, there's always a residual risk (be it zero-day vulnerabilities or sophisticated attacks beyond anyone's control). That said, we continuously review and enhance our security measures to adapt to new threats.
You also play a role in keeping your data safe. We encourage you to use a strong, unique password for your Flynk11 account and to keep it confidential. If you suspect any unauthorized access to your account or any security weaknesses, please notify us immediately so we can take action.
In summary, we invest in security measures to protect your information and we continuously work to maintain a secure environment. However, since nothing is foolproof, we want you to be aware of the residual risks and follow best practices on your side as well. Your trust is extremely important to us, and we treat security as a top priority in running the Service.
Children's Privacy
Our Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you are under 16, you are not permitted to use the Service or provide any personal data to us (such as name, address, or email). We deliberately design our account creation process to discourage under-16 users, and our content is intended for adult or at least teenage audiences in a business/website context.
Why 16? This age threshold is chosen out of an abundance of caution and in line with many data protection standards. Under the UK GDPR (and EU GDPR), the default minimum age to sign up for online services without parental consent is 16, though countries can set a lower age (and the UK has legislated the age of 13 for parental consent requirements). We have opted to set our policy at age 16, meaning we do not intend to collect data from anyone under 16 at all. This is a business decision to avoid handling children's data, which can be subject to additional legal requirements and deserves greater protection. By setting 16 as the cutoff, we avoid the complexity of verifying parental consent for younger teens, and we align with stricter standards of child privacy. (It's worth noting: in the UK, children 13 or older can legally provide their own consent for online services, but we have chosen to exceed that minimum by not targeting under-16s.)
If we learn that we have inadvertently collected personal information from a child under 16, we will take prompt steps to delete that information from our records. For example, if a 15-year-old managed to sign up bypassing our restrictions and we later discover it (say, through a support ticket or age info), we would deactivate the account and remove their data, unless we are legally obligated to keep some (in which case we'd isolate and secure it and only keep as long as necessary).
Parents or guardians: If you become aware that a child under your care has provided personal data to us without your consent, please contact us and we will work with you to resolve it (including deleting the data in question). We do not use any personal information from a child for any purpose, since we aim not to have such info at all.
Our content and Service are oriented towards website creation and AI content generation for presumably adult users (like business owners, professionals, etc.), not towards children. We do not offer features that would attract children specifically. By stating this in our Privacy Policy, we also make it clear that we are not seeking or willing to knowingly engage in processing data of minors under 16.
In summary, no minors under 16 should use Flynk11. We respect young people's privacy by keeping them off the platform entirely. If that policy ever changes (for instance, if we created a learning product for teens with appropriate parental consent workflows), we would update our approach and comply fully with youth privacy regulations. But as of now, any user of the Service is affirming they are 16 or older.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make changes, we will post the updated Privacy Policy on this page and update the "Last updated" date at the top (which is currently January 12, 2026 for the latest version).
For any significant or material changes in how we handle your personal data, we will take additional steps to notify you. This could be via an email notification to the address associated with your account, or a prominent notice within the Service (for example, a banner or pop-up when you log in). We do this to keep you informed and to give you the opportunity to review the changes. In some cases, if the changes require it (and if you continue to use the Service after being informed), your continued use may be taken as acceptance of the updated policy. However, if the changes are substantial and you do not agree with them, you are free to stop using the Service and you may request deletion of your data.
We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal information we collect. It's important to us that our users are aware of their privacy rights and our data practices at all times.
Should you have any questions or concerns about a change, once again, feel free to reach out to us. Transparency and openness about our privacy practices is something we strive for, and user feedback is always welcome.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or about how your data is handled in general, please do not hesitate to contact us. We are here to help and clarify anything related to your privacy.
This is the dedicated email address for privacy inquiries. You can use it for things like: asking about your data, requesting copies or deletion of your information, reporting a security issue or suspected misuse of data, or any other privacy/data protection related queries. We aim to respond promptly to all legitimate inquiries. When you contact us, please provide enough information for us to understand and assist with your request (for example, the email associated with your account, and the specific question or request you have).
Alternatively, if you prefer to contact us via other means (such as postal mail or a web form), please check our official website for any additional contact methods. However, contacting by email is typically the quickest way.
As mentioned in Your Rights, you also have the option to contact the ICO (Information Commissioner's Office) if you need to lodge a complaint. But we truly encourage you to contact us first so we can address your issue directly – we are committed to resolving any problems in good faith.
By having this Contact section, we fulfill our legal obligation to provide data subjects with our contact info (and in some cases, if we had a Data Protection Officer or EU/UK representative, we'd list them too – currently our size may not require a formal DPO, but privacy@flynk11.com reaches the team responsible for privacy compliance).
