Privacy Policy
Last updated: April 2026
This page describes how Flinqit collects, uses, and protects personal information when you use our services. If you have questions, contact us via Support.
Information we collect
- Account data: email, authentication identifiers, and password hashes (via Amazon Cognito).
- Profile content: what you choose to add to your Folio (name, job title, photo, resume, locations, social links).
- Usage data: pages visited, features used, device/browser details — only when you have granted analytics consent.
- Session security: IP address and headers for rate-limiting and abuse prevention.
How we use information
- To provide the service, authenticate you, and secure your account.
- To communicate about your account (verification, security, product updates).
- With your consent, to measure product usage and improve it.
Public profile visibility
Every Flinqit account has a public profile page at /u/<your-id>. Even before you publish your full Folio (and while the “Publish my profile” setting is off), a basic contact card is shown at that URL so people who have your direct link can confirm they reached the right person. The card includes only:
- Display name
- Job title (if set)
- City, province/region, and country (if set)
- Areas of expertise (if set)
- Profile photo (if uploaded)
Your email address, phone number, resume contents, work history, and other Folio details are not shown on the unpublished card and are kept private until you publish your Folio. Unpublished profile pages are marked noindex so search engines do not list them and they are not included in our sitemap. Publishing your Folio via Profile › Security or the Folio preview replaces the basic card with your full published profile. If you do not want any public page at all, you can delete your account from that same settings screen.
Legal bases (GDPR)
- Contract: creating and running your account.
- Legitimate interests: product security and fraud prevention.
- Consent: analytics and marketing cookies; optional profile data you choose to share.
- Legal obligation: responding to regulators or lawful requests.
Your rights
You can request a copy of your personal data, correct it, restrict processing, object to processing, or delete your account. We respond within 30 days.
Sign in to request your data or delete your account.
Data retention
We keep account data while your account is active. When you delete your account, we remove or anonymize personal data within 30 days, except where a shorter or longer period is required by law (for example, security logs retained for up to 12 months).
Subprocessors
We share data only with the following processors under contractual data-protection terms:
- Amazon Web Services (Cognito, S3, CloudFront, Lambda) — hosting, authentication, file storage.
- PostHog — product analytics (only after you grant analytics consent).
- Upstash — rate limiting.
- Google Fonts — web typography (no account data sent).
International transfers
Some processors are located outside the EEA/UK. Where required, we rely on Standard Contractual Clauses and the EU-US Data Privacy Framework.
Security
Traffic is encrypted in transit (TLS). Data at rest is encrypted using provider-managed keys. Access to production data is restricted, logged, and reviewed.
Children
Flinqit is not directed at children under 16. If you believe a child has provided personal data, contact us and we will delete it.
Changes
We will post material changes to this policy on this page and, where appropriate, request fresh consent.
Contact
Questions about privacy: Support. Security reports: security.txt.