Privacy Policy
1. Introduction
This privacy policy describes how Flaks LLC ("Flaks", "we") collects, uses, and protects personal data of users of the Flaks Chrome extension (the "Extension") and the flaks.app website (the "Site"), in compliance with the General Data Protection Regulation (GDPR) No. 2016/679 and the French Data Protection Act, as amended.
2. Data Controller
Flaks LLC
A limited liability company organized under the laws of Wyoming, USA
EIN: 35-2854523
Data protection contact: privacy@flaks.app
Flaks LLC is a U.S. company with no establishment in the European Union. During the private beta phase of the service, data processing is occasional within the meaning of Article 27.2.a of the GDPR and does not require the designation of an EU representative. Upon public launch of the service, an EU representative will be designated and their contact details will be published on this page.
3. Data Collected
3.1 Data provided during onboarding
- Your company name
- Your company website
- A short description of your business activity, ICP, or problem solved
The "business activity description" field is a free-text field. Please do not enter personal data (first name, last name, address). Describe your professional activity only.
3.2 Data from Google Calendar
When you open a Calendar event, the Extension reads:
- The event title
- The time and duration
- The domain of external participants (e.g., acmecorp.com) — full email addresses never leave your browser; only the domain is extracted locally before being sent
The Extension does not read any other events from your calendar and does not access event descriptions beyond what is necessary to generate the briefing.
3.3 Technical journal
Flaks retains in a technical journal (retention period: 90 days) the following information for each briefing or audio guide generation:
- Anonymous installation identifier (UUID generated locally, not linked to your identity)
- Domain name or name of the analyzed company
- Activity profile you provided (your company name, website, activity description)
- Generated audio script (text only)
- Technical data: timestamp, latency, AI models used
These journals are used exclusively to: (i) diagnose and fix technical anomalies of the service, (ii) measure the quality of generated briefings and improve instruction templates, (iii) track aggregated usage of the service for product management purposes. They are never used for advertising purposes nor shared with third parties.
3.4 Data not collected
- We do not collect any payment information
- We do not read the content of your electronic messages (Gmail, Outlook, etc.)
- We do not store any passwords
- We do not use any advertising cookies or third-party analytics trackers
4. Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Generation of the pre-meeting briefing (Calendar event analysis and public research on the prospect's company) | Performance of the service requested by the user (Article 6.1.b GDPR) |
| Generation of the audio preparation guide | Performance of the service requested by the user (Article 6.1.b GDPR) |
| Product quality analysis (structured logs of briefings and transcripts) | Legitimate interest of Flaks in improving service quality (Article 6.1.f GDPR) |
| Rate limiting and abuse prevention | Legitimate interest of Flaks in ensuring service security (Article 6.1.f GDPR) |
5. Data Processors and Recipients
To deliver the service, Flaks transmits data to the following processors. Each is bound by contractual commitments and provides protection guarantees:
| Processor | Role | Location | Safeguards |
|---|---|---|---|
| Cloudflare, Inc. | Backend hosting (Workers), temporary storage (KV), CDN | USA / Global network | EU Standard Contractual Clauses (SCC) |
| Anthropic PBC | AI processing (briefing and audio script generation via Claude models) | USA | EU SCC, Zero Data Retention on API calls |
| Tavily Inc. | Public information search on companies mentioned in events | USA | EU SCC |
| OpenAI, L.L.C. | Text-to-speech synthesis (model gpt-4o-mini-tts) | USA | EU SCC, API not used for training |
Data transfers to the United States are governed by the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and, where applicable, by the processor's adherence to the EU-U.S. Data Privacy Framework.
6. Retention Periods
| Data type | Retention |
|---|---|
| Onboarding profile (company, website, description) | As long as the Extension is installed (stored locally in the browser) |
| Generated briefings (backend cache) | 24 hours |
| Technical audio generation logs (TRANSCRIPTS_LOG) | 90 days |
| Rate limiting logs | 25 hours |
At the end of these periods, data is deleted automatically.
When you uninstall the Extension, all data stored locally in your browser is deleted immediately. Residual backend data (caches, logs) follows the retention periods indicated above.
7. Your Rights
In accordance with the GDPR, you have the following rights regarding your personal data:
- Right of access (Article 15): obtain a copy of the data concerning you
- Right to rectification (Article 16): correct inaccurate data
- Right to erasure (Article 17): request deletion of your data
- Right to restriction (Article 18): temporarily restrict processing
- Right to data portability (Article 20): receive your data in a structured format
- Right to object (Article 21): object to processing based on legitimate interest
- Right to withdraw your consent at any time, without affecting the lawfulness of prior processing
To exercise these rights, write to privacy@flaks.app. We will respond within one month of receiving your request.
You also have the right to lodge a complaint with the French data protection authority (Commission Nationale de l'Informatique et des Libertés — CNIL), 3 place de Fontenoy, 75007 Paris, France — www.cnil.fr.
8. Security
Flaks implements appropriate technical and organizational measures to protect your data:
- Encrypted communications using HTTPS / TLS 1.3
- Anonymous identifier per installation (no personal data)
- Multi-layer rate limiting: per device (30/day), per IP (60/day), global (2,000/day)
- Strict CORS policy: only Flaks Chrome extensions are allowed to call the API
- Data access restricted to the strict minimum necessary
As no system is infallible, in the event of a data breach likely to result in a risk to your rights, you will be notified in accordance with Article 34 of the GDPR.
9. Minors
Flaks is a professional tool intended for sales professionals and is not designed for users under 18 years of age. No data is knowingly collected from minors.
10. Changes to This Policy
This policy may be updated to reflect changes to the service or legal framework. The "Last updated" date at the top of this page will be modified accordingly. Substantial changes will be notified to active users.
11. Contact
For any questions regarding this policy or your personal data:
Flaks LLC
30 N Gould St, Ste R
Sheridan, WY 82801
USA
12. Chrome Web Store Limited Use
Flaks' use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Flaks does not transfer, use, or sell user data for personalized advertising, and does not allow humans to read user data except as required for security, to comply with applicable law, or with the user's explicit consent.