Privacy Policy

Last updated: February 12, 2026

1. Introduction

Flaude is operated by Sidekick CommV, a company registered in Belgium ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our Figma plugin and website (together, "the Service"). Your use of the Service is also governed by our Terms of Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (securely hashed — we never see or store your password in plain text)

2.2 Payment Information

Payment processing is handled entirely by Revolut, our third-party payment processor. We do not store your credit card number or payment details. We receive only:

  • Transaction IDs and payment status (to activate your subscription)
  • The email address associated with your payment

2.3 Design Prompts

When you use Flaude, your text prompts are sent to Anthropic's API (Claude) to generate or modify designs. These prompts pass through our server to reach the AI. We do not intentionally store or review your prompts. Transient server logs may briefly contain request data and are automatically purged. Anthropic does not use API inputs to train their models — see Anthropic's Privacy Policy for details.

We do not claim any ownership of your designs or prompts.

3. How We Use Your Information

We use your email address and account data to:

  • Provide and maintain the Service
  • Process payments and manage your subscription
  • Send important account notifications (e.g., payment confirmations)
  • Respond to support requests
  • Comply with legal obligations

We do not use your information for marketing purposes or send promotional emails unless you explicitly opt in.

4. Information Sharing

We do not sell, rent, or trade your personal information. Your data is shared only with the following service providers, solely to operate the Service:

  • Supabase — authentication and database (hosted in Sydney, Australia)
  • Revolut — payment processing
  • Vercel — website hosting (Frankfurt, EU)
  • Anthropic — AI processing via Claude API (United States)

We may also disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your data is subject to a different privacy policy.

5. Cookies

We use cookies strictly for:

  • Authentication — keeping you signed in across sessions
  • Security — preventing unauthorized access to your account
  • Preferences — remembering your settings

These are essential cookies required for the Service to function. We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling them may prevent you from signing in.

6. Data Security

We protect your data with:

  • Encryption in transit (HTTPS/TLS)
  • Secure password hashing (never stored in plain text)
  • Access controls and authentication on all systems

No method of transmission over the internet is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your account information for as long as your account is active. After account deletion:

  • Personal data is deleted within 30 days
  • Backup data is purged within 90 days
  • Data required for legal or financial compliance (e.g., transaction records) may be retained longer as required by law
  • Third-party providers (Revolut, Supabase) retain data in accordance with their own privacy policies

8. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — correct inaccurate information
  • Deletion — request deletion of your data
  • Portability — receive your data in a portable format
  • Objection — object to certain processing activities
  • Withdraw Consent — where we process based on your consent (e.g., if you opt in to marketing emails), you may withdraw that consent at any time

To exercise these rights, email us at studio@flaude.app. We will respond within 30 days.

9. International Data Transfers

Your data is processed in the following locations:

  • EU (Frankfurt) — website hosting via Vercel
  • Australia (Sydney) — database and authentication via Supabase
  • United States — AI processing via Anthropic

Transfers to the United States are protected under the EU-US Data Privacy Framework (Anthropic and Vercel are certified participants). Transfers to Australia are governed by Standard Contractual Clauses (SCCs) with Supabase.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above. For significant changes, we will notify you by email.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and report to the relevant supervisory authority within 72 hours, as required by GDPR Articles 33 and 34.

14. GDPR Information (EU Users)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

  • Contract — processing your email and payment data is necessary to provide the Service you signed up for
  • Legitimate Interests — maintaining security and preventing fraud
  • Legal Obligation — retaining transaction records as required by law

You have the right to lodge a complaint with your local data protection authority.

15. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Email: studio@flaude.app