FlyWhale Privacy Policy

This Privacy Policy explains how StuDirect (trading as "FlyWhale") ("FlyWhale", "we", "us", "our") collects, uses, discloses, and protects personal data when you use our websites and services.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Scope

This Privacy Policy applies to our marketing website (flywhale.ai), our application (app.flywhale.ai), and related communications (e.g., support). It does not apply to third-party services you access via links or integrations.

2. Personal Data We Collect

Data you provide: Account data (email, name if provided), communications (support requests, feedback), and User Content (prompts, inputs, files, and other content you submit, which may contain personal data if you include it).

Data collected automatically (app): Usage activity (features used, runs/actions initiated, timestamps, performance metrics), technical data (device type, browser type, OS, IP address), and logs/diagnostics (error and crash data).

Data from third parties: Limited data from connected services or data sources as required for functionality, subject to your settings and third-party terms.

2.4 Connected Social Accounts (Meta/TikTok)

If you choose to connect social accounts (for example Meta/Facebook/Instagram and, where available, TikTok), we may process data from those platforms to provide the connected features you request.

Depending on what you connect and authorize, this may include:

• account identifiers (e.g., Instagram user/page IDs or similar platform identifiers)
• media metadata (e.g., post IDs, timestamps, and related metadata)
• insights/analytics metrics (e.g., reach, engagement, views, follower-related metrics)
• (if connected/authorized) advertising performance metrics (e.g., ad or campaign performance data)

We only access and process connected-account data you authorize and that is necessary to provide the connected functionality.

3. How We Use Personal Data

We use personal data to:

• Provide, operate, and maintain the Service (including authentication and account management).
• Process workflows and generate AI outputs.
• Enable connected social features where you connect Meta/TikTok accounts.
• Provide customer support and troubleshoot technical issues.
• Maintain safety, security, and integrity (fraud/abuse prevention, reliability monitoring).
• Improve product performance using aggregated or de-identified data where feasible.
• Communicate critical service updates and marketing where permitted by law.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal Bases (GDPR/EEA/UK)

Where GDPR (or similar laws) applies, we process data under these bases:

Contract: To provide the Service you signed up for and manage your Account.

Legitimate Interests: To secure, maintain, and improve the Service, prevent fraud, and operate our business (balanced against your rights).

Consent: Where required (e.g., certain non-essential cookies depending on configuration and local rules).

Legal Obligation: When required by law.

5. User Content and Sensitive Data

FlyWhale is an AI-enabled product. You control what you input.

Sensitive data: Please do not submit sensitive personal data (e.g., health or biometric data, political opinions, religious beliefs) unless you have a lawful basis and it is strictly necessary.

Third-party data: If you input data about others, you are responsible for ensuring you have the right to do so and that your use complies with applicable law.

6. Payments and Paddle (Merchant of Record)

FlyWhale uses Paddle as the Merchant of Record for purchases, subscriptions, taxes, billing, refunds, and chargebacks.

• Paddle processes transaction data (e.g., email, order ID, billing-related details).
• Paddle applies its own terms and privacy practices for buyer/payment data.
• FlyWhale does not store your full payment card details.

Please refer to Paddle's privacy policy for more details.

7. Service Providers and Disclosures

We share personal data only with trusted vendors necessary to operate the Service and who are required to protect it.

In-app product analytics (app only): PostHog — used to understand product usage and improve the Service (depending on configuration, may process usage events and technical identifiers).

Error monitoring and stability (app only): Sentry — used to diagnose errors and improve reliability and security (may process diagnostic/error data and technical context depending on configuration).

Other providers: We may use additional providers for hosting, authentication, logging, and customer support. If we materially change or add categories of providers, we will update this Privacy Policy.

8. International Transfers

We are based in the Netherlands. If personal data is processed outside the EEA, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and/or other lawful transfer mechanisms where required.

9. Cookies and Similar Technologies

Marketing site: At this time, our marketing website is intended to function with only strictly necessary cookies/technologies for security and basic functionality. If we introduce non-essential cookies (e.g., analytics/marketing cookies) in the future, we will request consent where required.

Application (app): Our application may use cookies or similar technologies depending on the configuration of analytics and security tools (e.g., PostHog configuration). If non-essential cookies are used, we will provide appropriate notice and obtain consent where required. You can also control cookies through your browser settings.

10. Data Retention

We retain personal data only as long as necessary for the purposes described above:

• Account data: retained while your account is active and for a reasonable period thereafter for legal, security, and operational purposes.
• Usage data and logs (app): retained for security, troubleshooting, and improvement, subject to reasonable retention periods.
• Connected social account data (Meta/TikTok): retained while your account is active and/or while the connection is enabled, and as needed to provide the connected functionality. We delete or anonymize this data upon valid deletion requests, subject to legal requirements.
• Billing records: retained by Paddle and/or as required by law for tax and accounting.

11. Your Rights and How to Request Deletion

Depending on your location, you may have rights including access, correction, deletion, restriction, portability, objection (where applicable), and withdrawing consent.

How to request deletion

To request deletion of your FlyWhale account and associated personal data, please use our deletion request workflow:

https://www.flywhale.ai/data-deletion

Timeline: We aim to respond to valid requests and complete deletion within 30 days, unless applicable law requires longer retention or the request is complex (in which case we will inform you).

Revoking connected social access (Meta/TikTok)

If you connected a social account, you can revoke FlyWhale's access at any time via the relevant platform's settings (e.g., Meta/Facebook/Instagram or TikTok settings). Revoking access stops future collection via that connection, but it may not automatically delete data already stored in FlyWhale. To request deletion of stored data, use the deletion workflow above.

You also have the right to complain to the Autoriteit Persoonsgegevens.

12. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

13. Changes and Contact

We may update this policy. Material changes will be notified via email or the Service.

Questions? Email us at: support@flywhale.ai