Privacy Policy

Flayr Labs ("Company," "we," "us," or "our") operates Flayr Studio ("Service"), an AI-powered video advertisement generation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By using Flayr Studio, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

We collect the following categories of information:

2.1 Account Information

When you create an account, we collect your email address, password (stored in hashed form), and company/organization name. We may also collect your name if you choose to provide it.

2.2 User Content

We collect and store the images, product descriptions, and other materials you upload to the Service for the purpose of generating video advertisements. We also store the AI-generated videos, audio, and intermediate assets created during the generation process.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, generation job history, credit usage, timestamps, browser type, device information, operating system, and IP address.

2.4 Payment Information

When you make purchases, payment information (credit card numbers, billing address) is collected and processed directly by our payment processor, Stripe. We do not store your full credit card number. We receive and store transaction identifiers, plan details, and billing history from Stripe.

2.5 Cookies and Tracking Technologies

We use cookies and similar technologies as described in Section 5 of this policy.

We use collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the Service, including processing your generation requests, managing your account, and delivering generated content.
• AI Processing: To send your uploaded content and instructions to our AI service providers (Google, ElevenLabs) for processing as part of the generation pipeline.
• Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the quality and performance of our AI models and platform.
• Communications: To send you service-related notifications, updates, security alerts, and support messages.
• Analytics: To understand how users interact with the Service and to generate aggregated, anonymized statistics.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

We share your information with the following categories of third-party service providers, solely for the purposes of delivering the Service:

• Google Cloud / Google AI: Your uploaded images and text prompts are sent to Google's Gemini and Veo APIs for AI-powered creative planning and video generation. Data is processed in accordance with Google's Privacy Policy.
• ElevenLabs: Text scripts are sent to ElevenLabs for voice synthesis. Data is processed in accordance with ElevenLabs' Privacy Policy.
• Amazon Web Services (AWS): Generated assets are processed on AWS infrastructure for video rendering and compositing.
• Stripe: Payment information is processed by Stripe in accordance with Stripe's Privacy Policy.
• Supabase: Account data and generated assets are stored on Supabase-hosted infrastructure (PostgreSQL database and object storage).

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may disclose information if required by law, court order, or governmental authority, or to protect our rights, property, or the safety of our users.

We use the following categories of cookies:

• Essential Cookies: Required for the Service to function. These include authentication session cookies, organization context cookies, and security tokens. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service, which pages are visited most often, and where errors occur. These cookies collect anonymized, aggregated data.
• Marketing Cookies: Used to track the effectiveness of our advertising campaigns and to deliver relevant advertisements. These are only set with your explicit consent.

You can manage your cookie preferences at any time through the cookie consent banner or by adjusting your browser settings. Note that disabling essential cookies may prevent you from using the Service.

• Account Data: We retain your account information for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.
• Generated Content: Generated videos, images, and audio files are retained for the duration of your active account. Upon account closure, generated content will be deleted within 90 days.
• Usage and Transaction Data: Credit transaction history and usage logs are retained for a minimum of 7 years for financial record-keeping and audit purposes.
• Cookie Consent Records: Records of your cookie consent preferences are retained for the duration required by applicable law (typically 2 years under GDPR).

7.1 GDPR Rights (EEA Residents)

If you are a resident of the European Economic Area, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for certain purposes.
• Right to Restrict Processing: Request that we limit processing of your data.

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Opt-Out: Opt out of the sale of personal information. Note: we do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at privacy@flayrlabs.com. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of data at rest for stored assets and database records.
• Role-based access controls and row-level security on database tables.
• Regular security reviews and monitoring of our infrastructure.
• Secure storage of authentication credentials using industry-standard hashing.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@flayrlabs.com.

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the European Economic Area, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and we ensure that our third-party service providers maintain adequate data protection measures.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on the Service at least 30 days before they take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

The "Effective Date" at the top of this page indicates when this policy was last updated.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For general legal inquiries: legal@flayrlabs.com