GDPR Compliance

Last reviewed: March 17, 2026. For full details, see our Privacy Policy.

1. What data we collect and why

We collect only what is necessary to provide and improve FloAI. This includes: account information (email, name, profile details), usage data (how you use the product), and data you provide when connecting social accounts or using AI features. We use this to deliver the service, support you, improve our product, and comply with legal obligations. For a complete list and purposes, see our Privacy Policy.

2. Your rights under GDPR

If you are in the European Economic Area (EEA) or UK, you have the following rights regarding your personal data:

• Access — You can request a copy of the personal data we hold about you.
• Rectification — You can ask us to correct inaccurate or incomplete data.
• Erasure — You can request deletion of your personal data, subject to legal exceptions.
• Portability — You can request your data in a structured, machine-readable format.
• Restriction — You can ask us to limit how we process your data in certain circumstances.
• Objection — You can object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, contact us using the details in the Contact section below. We will respond within the timeframes required by law (typically one month). You also have the right to lodge a complaint with a supervisory authority in your country.

3. Legal bases for processing

We process your personal data on the following bases:

• Contract — To provide the service you signed up for (account, features, support).
• Consent — Where you have given clear consent (e.g. marketing, optional features, cookies where required).
• Legitimate interest — To operate and improve our service, prevent fraud, and ensure security, where our interests are balanced with your rights.
• Legal obligation — Where we must retain or disclose data to comply with law.

4. Subprocessors and data transfers

We use service providers (subprocessors) to run FloAI. These may include: hosting and infrastructure (e.g. Vercel), database and storage, email and notifications, and analytics or monitoring. We choose providers that offer appropriate safeguards. When data is transferred outside the EEA/UK, we rely on adequacy decisions, standard contractual clauses, or other approved mechanisms to ensure an adequate level of protection. A list of key subprocessors and their purposes is available in our Privacy Policy; we can provide more detail on request.

5. Contact (privacy and GDPR)

For any questions about this page, your personal data, or to exercise your rights, contact us:

• Email: privacy@floai.studio or support@floai.studio (use "GDPR" in the subject for faster routing).
• Contact form: /contact — select a category and mention GDPR or data rights in your message.

We will respond to GDPR-related requests within the timeframe required by applicable law.