Privacy Policy

Last updated: February 2026

Who we are

Flayr ("we", "us", "our") provides an AI shopping concierge widget for online merchants. This Privacy Policy explains what data we collect, why we collect it, the legal basis for processing it, and the choices you have. If you have questions, write to hey@heyflayr.com.

Data Controller and Data Processor

For data we collect about merchants (the people who install Flayr on their store), Flayr acts as a data controller. For data about a merchant's end-customers (shoppers who interact with the widget on a merchant's storefront), Flayr acts as a data processor on behalf of the merchant; the merchant is the data controller for that data and is responsible for the lawful basis of collection.

What we collect

  • Merchant account data. Shop domain, store name, contact email, billing plan, and OAuth access tokens needed to operate the app.
  • Storefront data. Product catalog, order metadata (status, tracking numbers), and customer profile basics (name, email, loyalty tier) when a shopper opens the widget. We process the minimum personal data required to deliver the concierge experience.
  • Conversation data. Messages a shopper sends to the AI assistant and the assistant's replies, so we can deliver relevant answers and improve the product.
  • Usage data. Anonymous telemetry (page views, clicks on product recommendations, errors) used to keep the service reliable.

How we use it (purpose limitation)

  • To run the widget, fulfill merchant configuration, and answer shopper questions.
  • To pass relevant context to our AI provider (Anthropic Claude) so replies are grounded in your real catalog.
  • To debug, secure, and improve the service.
  • To send transactional emails (billing, account, security).

We do not use personal data for any purpose beyond the above. We do not sell personal data, do not share it with advertisers, and do not use it to train third-party AI models. Conversation context sent to Anthropic is processed under Anthropic's zero-retention API terms and is not used to train Anthropic's models.

Consent

Each merchant signs our Data Processing Agreement (DPA) at install time as part of accepting our Terms of Service. We honour shopper consent decisions surfaced by the merchant's storefront (including cookie banners and "Do Not Sell or Share" signals) and apply opt-out preferences end-to-end. We do not engage in automated decision-making that produces legal or similarly significant effects on shoppers; AI replies and product recommendations are advisory only.

Storage, encryption and retention

  • Encryption in transit. All API and widget traffic is served over TLS 1.2+ (HTTPS).
  • Encryption at rest. Databases (MongoDB Atlas) and object storage are encrypted at rest with AES-256. Backups are encrypted with the same standard.
  • Environment separation. Test/staging data is fully isolated from production data in separate database clusters with separate credentials.
  • Retention. Conversation history is retained for 90 days by default and purged automatically. Merchant configuration is retained while the app is installed and deleted within 48 hours of uninstall (or immediately on a GDPR request). Usage logs are retained for 30 days.
  • Data loss prevention. Daily encrypted backups, point-in-time recovery on the primary database, and least-privilege IAM controls.

Access controls

  • Staff access to production data is limited on a need-to-know basis.
  • All staff accounts use strong passwords and multi-factor authentication.
  • Production database and admin actions are logged with timestamps and operator identity.
  • OAuth tokens are stored encrypted and rotated when a merchant reinstalls.

Security incident response

We maintain a written Security Incident Response Policy. In the event of a confirmed personal data breach affecting a merchant's data, we will notify the affected merchant without undue delay and within 72 hours of becoming aware, consistent with GDPR Article 33. Reports of suspected vulnerabilities can be sent to hey@heyflayr.com.

Sub-processors

We rely on a small set of trusted vendors to operate Flayr: Anthropic (LLM responses), our hosting commerce platform (storefront APIs & billing), MongoDB Atlas (data store), Resend (transactional email), and any third-party integrations a merchant explicitly connects (Klaviyo, AfterShip, Smile.io, Postscript, Yotpo, Recharge, Loop Returns, Gorgias). Each sub-processor is bound by a Data Processing Agreement and Standard Contractual Clauses where international transfers occur.

International data transfers

Some of our sub-processors are located outside the European Economic Area. We rely on the European Commission's Standard Contractual Clauses (SCCs) and the applicable adequacy decisions to lawfully transfer personal data outside the EEA.

Your rights (GDPR / CCPA / CPRA)

Depending on where you live, you may have the right to access, correct, delete, port, or object to or restrict the processing of your personal data, and to opt-out of any sale or sharing of personal information. Email hey@heyflayr.com and we will respond within 30 days. Merchants can also trigger erasure programmatically via the platform's GDPR webhooks (customers/data_request, customers/redact, shop/redact).

Cookies and local storage

The Flayr widget uses local storage (not third-party tracking cookies) to remember a shopper's session, recently viewed products, and dismissal state. We do not sell personal information and we do not use advertising cookies.

Children

Flayr is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

Changes

We will post material changes to this policy on this page and update the "Last updated" date above. Continued use after the change becomes effective constitutes acceptance.

Contact

Questions, requests, or complaints: hey@heyflayr.com.