Last updated: September 5, 2025

This Privacy Policy explains how Flexx AI (“we”, “us”, “our”) collects, uses, and shares information when you use our mobile app and related services (the “Services”). By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

1) Information We Collect

You provide:

• Account & contact (optional): email, username. 
• Content you upload: photos/selfies for analysis, captions, feedback. 
• Payments: if you buy premium, payment processing is handled by Apple / Google. We do not store full card data. See Apple/Google privacy terms in their stores. 

Sensitive / biometric data (with consent):

• Face-related data derived from uploaded photos (e.g., embeddings/scores) solely to power photo-rating and recommendations. 

Automatically collected:

• Device & usage data: IP (truncated/region), device model/OS, app version, language, in-app events, crash logs. 

Mobile permissions (optional):

• Camera, Photos, Notifications — you can disable in device settings. 

2) How We Use Information

• Provide and improve the Services (rating, tips, recommendations, UX, support). 
• Personalize content and features. 
• Analytics, debugging, preventing fraud/abuse, securing the Service. 
• Communicate service messages (e.g., receipts, changes to terms). 
• Legal compliance and enforcement. 
• Other purposes with your consent. 

3) Legal Bases (EEA/UK where applicable)

• Consent (e.g., processing photos/biometric-derived data). 
• Contract (to deliver the Services you requested). 
• Legitimate interests (security, analytics, product improvement). 
• Legal obligations (where required). 

You may withdraw consent at any time in the app or by contacting us (see Contact).

4) Sharing & Disclosures

We do not sell your personal data. We share only as needed:

• Service providers (cloud storage, analytics, crash reporting, customer support) under contracts requiring data protection and limited use. 
• Business transfers (merger, acquisition, financing) subject to this Policy. 
• Legal: to comply with law, enforce terms, protect users and our rights. 

5) Third-Party Links

The Services may link to third-party sites/apps. Their practices are governed by their own policies. We are not responsible for their content or privacy practices.

6) International Transfers

Your information may be processed in countries outside your own. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) to protect data transferred from the EEA/UK/Switzerland.

7) Data Retention

• We keep personal data only as long as necessary for the purposes in this Policy. 
• Face photos and biometric-derived data: retained up to 1 year from last use, then deleted or de-identified unless longer retention is required by law or needed to resolve active issues (e.g., fraud, disputes). 
• You can request deletion at any time (see Section 10). 

8) Security

We use technical and organizational measures to protect data (encryption in transit, access controls, logging). However, no method is 100% secure. Use the Services in a secure environment.

9) Children

The Services are not for users under 18. We do not knowingly collect data from children under 18. If you believe a minor has provided data, contact us to delete it.

10) Your Rights

Depending on your region, you may have the right to:

• Access the data we hold about you. 
• Correct inaccurate data. 
• Delete your data. 
• Restrict or object to certain processing. 
• Data portability (copy of your data in a portable format). 
• Withdraw consent (does not affect prior lawful processing). 
• Opt out of marketing (we mostly send service messages). 

How to exercise: email us (see Contact). We may need to verify your identity. We will respond within the timelines required by applicable law.

US State Rights (e.g., CA/VA/CO/CT/UT): you may have additional rights (access, delete, correct, opt-out of targeted advertising/sale, appeal). Submit requests via email; we will explain processes and timelines.

11) Do-Not-Track

Industry standards for DNT signals are not finalized; we currently do not respond to DNT.

12) Changes to This Policy

We may update this Policy from time to time. We will update the “Last updated” date and, where required, notify you in-app or by email.

13) Contact

Questions or requests (access, deletion, consent withdrawal, complaints):
Email: edend.group@gmail.com