Privacy Policy
UAB Gildium, operating as Flagley, is committed to protecting your privacy. This policy outlines our practices regarding the collection, use, and disclosure of your personal data when you use our Services (as defined in our Terms of Service).
1. Data Controller Information
The data controller responsible for the processing of your personal data is:
- Legal Entity Name: UAB Gildium, trading as Flagley
- Registered Address:Polocko g. 17-113, LT-01205 Vilnius
- Jurisdiction: Republic of Lithuania
- Contact Email: hello@flagley.com (Dedicated support email for data inquiries)
2. Information We Collect
We process personal data that falls into the following categories:
A. Data You Provide Directly
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Name, email address, password (hashed), billing information. | To create and maintain your account, manage payments. | Performance of a Contract |
| Communication Data | Information submitted via contact forms or direct emails (hello@flagley.com). | To respond to your inquiries and provide customer support. | Performance of a Contract / Legitimate Interest (Customer Service) |
B. Data Generated by Service Use (Core Data)
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Content Inputs (User Content) | URLs, text, images, audio, video submitted by you for analysis. | To perform the requested content analysis and generate outputs. | Performance of a Contract |
| Analysis Outputs | Scores, risk labels, summaries, and predictions generated by our AI models based on your User Content. | To provide the core functionality of the Services. | Performance of a Contract |
| Usage Data | Time of login, features used, API call volume, credit consumption, and system interaction logs. | To operate, maintain, and secure the Services; invoicing and billing. | Performance of a Contract / Legitimate Interest (Service Security) |
C. Data Collected Automatically (Analytics)
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Technical Data | IP address, browser type, device identifiers, referring/exit pages. | For analytics, website performance optimization, and fraud prevention. | Legitimate Interest (Website Improvement) |
| Cookies | Data collected via cookies and tracking technologies. | To remember your preferences, deliver targeted marketing, and measure campaign effectiveness. | Legitimate Interest / Consent (for non-essential cookies) |
3. Legal Bases for Processing (GDPR)
We only process your personal data when we have a valid legal basis under the GDPR:
- Performance of a Contract: Necessary for the provision of the Services (e.g., creating your account, running analysis, processing payment) based on your agreement to the Terms.
- Legitimate Interest: Necessary for purposes related to our business operations, provided these interests do not override your fundamental rights (e.g., preventing fraud, network security, AI model improvement, analytics).
- Consent: We rely on your consent for placing non-essential cookies and for sending marketing communications (where required by law).
- Legal Obligation: Necessary to comply with a legal obligation (e.g., tax, accounting, or audit obligations).
4. Specific Processing Purpose: AI Model Training
We use Content Inputs and Analysis Outputs, along with usage data, to train, fine-tune, and improve our AI models and the overall quality and accuracy of the Services (the "Training Purpose").
- Legal Basis: Legitimate Interest (improving product performance and accuracy).
- Your Right to Object: As stated in our Terms, you have the right to opt out of having your data used for the Training Purpose via your account settings or by contacting hello@flagley.com. If you opt out, your newly submitted User Content will no longer be used for model training.
5. Sharing and Disclosure of Data
We may share your personal data only with the following categories of recipients:
- Service Providers and Sub-processors: Companies that provide services on our behalf, such as Cloud Hosting Providers (e.g., for storage of User Content and operational data), infrastructure providers, and customer support platforms.
- Payment Processors: Third-party companies that handle your payment details (e.g., Stripe, PayPal) to process transactions. We do not store your full payment card details.
- Analytics and Marketing Partners: Companies like Google Analytics or Meta/Facebook Pixel, to help us understand service usage and deliver relevant advertising.
- Legal and Regulatory Authorities: When required by law, court order, or governmental request (e.g., tax authorities, police).
We do not sell your personal data to third parties.
6. International Data Transfers
As UAB Gildium is based in the Republic of Lithuania (EU/EEA), the processing of your data occurs primarily within the European Economic Area (EEA).
However, some Service Providers (e.g., cloud hosting, analytics) are located outside the EEA, notably in the United States. When we transfer data outside the EEA, we ensure that appropriate safeguards are in place, typically by relying on:
- Standard Contractual Clauses (SCCs): The clauses approved by the European Commission, which contractually bind the recipient to protect the personal data to the EEA standards.
- Transfers to countries deemed to provide an adequate level of protection by the European Commission.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the duration of your active account and to satisfy any legal, accounting, or reporting requirements.
The criteria used to determine retention periods include:
- The need to maintain accurate records for legal and tax compliance (typically 5 to 10 years after account closure).
- The duration of our ongoing relationship with you and your active use of the Services.
- The necessity to resolve disputes or enforce our agreements.
Upon request for account deletion, we will delete or anonymise your personal data within a reasonable timeframe, with residual copies only maintained in secure backup systems for a limited period.
8. Your Rights (GDPR Data Subject Rights)
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Article 15): The right to obtain confirmation as to whether or not your data is being processed, and access to that data.
- Right to Rectification (Article 16): The right to have inaccurate or incomplete personal data corrected.
- Right to Erasure ('Right to be Forgotten') (Article 17): The right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
- Right to Restriction of Processing (Article 18): The right to temporarily limit how we process your data under certain circumstances.
- Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
- Right to Object (Article 21): The right to object to processing based on legitimate interest, including profiling and direct marketing.
- Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at hello@flagley.com.
Right to Lodge a Complaint
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. The relevant authority for UAB Gildium in Lithuania is the State Data Protection Inspectorate (VDAI).
9. Children's Privacy
Our Services are intended for users who are thirteen (13) years of age or older, as established in our Terms of Service. If we learn that we have collected personal data from a child under the age of 13 without verifiable parental consent, we will take steps to delete that information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of the policy and, where appropriate, by sending an email notification or posting a notice within the Services.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
UAB Gildium (Flagley)
Email: hello@flagley.com