Privacy Policy
Last updated: July 1, 2025
FlexPulse AI (“we”, “us”, or “our”) is committed to protecting the privacy of the operators, administrators, and team members who use our platform. This Policy explains what data we collect, why we collect it, how we use it, and your rights over it.
1. Who We Are
FlexPulse AI is a Software-as-a-Service (SaaS) revenue operations platform designed for flex space operators, including coworking and cowarehousing businesses. Our registered place of business is in the United States. References to “the Service” mean the FlexPulse AI platform accessible at flexpulse.ai and any related applications or APIs.
For privacy inquiries, contact us at: hello@flexpulse.ai
2. Data We Collect
2.1 Account & Identity Data
When you register, we collect:
- Full name and email address
- Password (hashed; we never store plaintext)
- Organization name and domain
- Role within the organization (Admin, Regional Manager, Location Manager)
2.2 Operational & Revenue Data
The core purpose of FlexPulse AI is to help you analyze your business. To do this, we store data you explicitly provide or connect, including:
- Location names, addresses, and configuration settings
- Revenue metrics you submit (MRR, occupancy, bookings, etc.)
- Google Sheets URLs and imported CSV files
- Marketing attribution data (leads, tours, costs)
This data belongs to you. We are a data processor acting on your instructions as data controller.
2.3 Usage & Diagnostic Data
We automatically collect:
- Log data (IP address, browser type, pages visited, timestamps)
- Session identifiers and authentication tokens
- Feature usage patterns (e.g., which dashboard views you open)
- Error reports and performance telemetry
2.4 Billing Data
If you subscribe to a paid plan, billing and payment processing is handled by our payment processor. We store invoice records, plan tier, and payment status. We do not store full card numbers or bank account details on our servers.
2.5 Communications Data
If you contact us via email or a support channel, we retain those messages to handle your request and improve our service.
3. How We Use Your Data
We use the data we collect to:
- Provide, operate, and maintain the Service
- Authenticate you and manage your session securely
- Send transactional emails (e.g., email verification, password reset, invitation, invoice delivery)
- Analyze aggregate usage to improve product features
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Respond to your support requests
We do not sell your personal data. We do not use your operational or revenue data to train AI models for any purpose other than generating insights for your own account.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), our legal basis for processing personal data is:
- Contract performance — to deliver the Service you signed up for.
- Legitimate interests — security monitoring, fraud prevention, and product improvement.
- Legal obligation — compliance with applicable law.
- Consent — for marketing emails, where we ask for consent separately.
5. Data Sharing & Sub-Processors
We share data only with trusted third-party providers necessary to operate the Service:
| Provider | Purpose | Location |
|---|---|---|
| Neon / PostgreSQL | Primary database | US |
| Resend | Transactional email delivery | US |
| Fly.io | Application hosting & edge compute | US / EU |
| Google (Sheets API) | Data source integration (optional) | US |
| Stripe / Payment Processor | Billing & invoicing | US |
We require all sub-processors to maintain appropriate security safeguards and process data only as instructed.
6. Data Retention
We retain your data for as long as your account is active. If you close your account:
- Account and identity data is deleted within 30 days.
- Operational and revenue data is deleted within 90 days.
- Billing records are retained for 7 years to comply with financial regulations.
- Anonymized aggregate analytics may be retained indefinitely (no personal data).
You can request early deletion at any time by emailing hello@flexpulse.ai.
7. Security
We implement industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Bcrypt password hashing (plaintext passwords never stored)
- Session tokens rotated on each sign-in
- Role-based access control enforced at both API and database layers
- Regular dependency audits and security patching
No system is 100% secure. If you discover a vulnerability, please report it responsibly to hello@flexpulse.ai.
8. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Objection — object to certain processing activities
- Withdraw consent — for any processing based on consent
To exercise any of these rights, email us at hello@flexpulse.ai with subject line “Privacy Request.” We will respond within 30 days.
10. Children's Privacy
The Service is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify you via email or an in-app banner at least 14 days before the change takes effect.
12. Contact Us
For any privacy-related questions, requests, or complaints:
- Email: hello@flexpulse.ai
If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.