Privacy Policy

# Privacy Policy **Last Updated: March 2026** This Privacy Policy ("Policy") describes how Demands Hub AI Solutions LLC ("Company," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use the Flarite platform ("Service"). BY USING THE SERVICE, YOU AGREE TO THE COLLECTION AND USE OF INFORMATION IN ACCORDANCE WITH THIS POLICY. ### 1. Scope and Applicability This Policy applies to all users of the Flarite web application, mobile application, and APIs. It does not apply to the data practices of any third-party platforms (e.g., Cloudflare, Stripe, Supabase, Appwrite, GitHub, Vercel) whose APIs you may access through the Service. We encourage you to review the privacy policies of all third-party providers you connect to the Service. ### 2. Information We Collect **a) Account Information.** When you register, we collect: full name, business email address, phone number (if provided), company name, and subscription/billing information. Billing data (credit card details) is processed and stored exclusively by Stripe, Inc. We do not store raw payment card data. **b) API Credentials.** You may provide third-party API tokens and credentials ("Credentials") to the Service. Credentials are encrypted at rest using AES-256-GCM and are never stored in plaintext. The encryption key material is managed separately from the encrypted data using a zero-knowledge architecture. Credentials are decrypted in-memory only for the duration of an authorized API request and are never logged in plaintext. **c) Usage Data.** We automatically collect metadata about your use of the Service, including: IP addresses, browser/device type, operating system, session duration, features accessed, AI commands and prompts issued, and interaction logs. This data is used to operate, improve, and secure the Service. **d) AI Interaction Data.** We collect the content of messages and commands you send to the AI assistant ("Prompts") and the responses generated. This data may be used to operate the Service and, in anonymized or aggregated form, to improve our AI models. See Section 4 below for information on how to limit this use. **e) Device and Mobile Information.** When using the mobile application, we may collect device identifiers, push notification tokens, and crash/diagnostic data through integrated SDKs (e.g., Expo, Sentry). **f) Communications.** If you contact us via email or support channels, we retain those communications to resolve your inquiry and improve support quality. ### 3. How We Use Your Information We use the information we collect to: * **Provide and Operate the Service:** Process your requests, manage your account, authenticate your identity, and execute AI-driven infrastructure management tasks on your behalf. * **Security and Fraud Prevention:** Monitor for suspicious activity, investigate breaches, enforce our Terms, and protect the rights and safety of our users and the Company. * **Billing and Payments:** Process subscriptions, issue invoices, and manage payment failures through Stripe. * **AI Improvement:** Use anonymized and aggregated Prompt data to train, fine-tune, and improve the accuracy and capabilities of our AI models. We will not use identifiable Prompt data for AI training without your separate consent. * **Customer Support:** Respond to support requests, resolve disputes, and troubleshoot issues. * **Marketing and Communications:** As consented to under our Terms of Service, we may contact you with product updates, educational content, and promotional offers. * **Legal Compliance:** Comply with applicable laws, regulations, court orders, and lawful requests from government authorities. * **Analytics and Product Improvement:** Analyze aggregate usage patterns to improve the Service's features, stability, and user experience. ### 4. Your Choices and Rights **a) AI Training Opt-Out.** You may contact us at [email protected] to request that your interaction data not be used for AI model training. Opt-out requests will be honored within 30 days for future data; we cannot retroactively remove data already incorporated into prior training cycles. **b) Marketing Opt-Out.** You may opt out of promotional emails at any time via the unsubscribe link in our communications. You may opt out of SMS by replying STOP. Opting out of marketing does not affect transactional and account-related messages, which are necessary to provide the Service. **c) Access and Correction.** You may access and update your account information at any time through your account settings dashboard. **d) Data Deletion.** You may request deletion of your account and associated personal data by submitting a request through your account dashboard or by contacting [email protected]. Upon a verified deletion request, we will delete or anonymize your personal data within 30 days, subject to legal hold obligations. Note that some data may be retained in anonymized form for business and legal purposes. **e) Jurisdiction-Specific Rights.** Depending on your jurisdiction, you may have additional rights under applicable privacy laws: * **California (CCPA/CPRA):** California residents have the right to know what personal information is collected, request access to or deletion of personal information, opt out of the "sale" or "sharing" of personal information, and request correction of inaccurate personal information. We do not sell your personal information. To exercise your rights, contact us at [email protected]. * **European Economic Area (GDPR):** If you are located in the EEA, your personal data will be processed in accordance with GDPR. Our legal bases for processing include: (i) performance of a contract (to provide the Service); (ii) legitimate interests (service improvement, security, fraud prevention); (iii) legal obligation (compliance with applicable law); and (iv) consent (marketing communications). You have the right to object to processing based on legitimate interests. You may also lodge a complaint with your local Data Protection Authority. ### 5. Data Sharing and Third-Party Disclosure We do not sell, rent, or trade your personal information or SMS opt-in data to third parties for their own marketing purposes. We may share your information with: * **Service Providers:** Trusted third-party vendors who assist us in operating the Service (e.g., Stripe for payments, Supabase for database hosting, Cloudflare for edge infrastructure, Appwrite for authentication, Expo/Sentry for crash reporting). These providers are contractually obligated to use your data only as directed by us. * **Legal and Regulatory Authorities:** We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of the Company, our users, or the public. * **Business Transfers:** In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred as a business asset, subject to the terms of this Policy. * **With Your Consent:** We may share information with third parties when you have explicitly consented to such sharing. ### 6. Security We implement industry-standard, enterprise-grade security measures to protect your information, including: * AES-256-GCM encryption of all API Credentials at rest. * TLS 1.2/1.3 encryption for all data in transit. * Zero-knowledge architecture ensuring Credentials are decrypted only in-memory, ephemerally, for authorized requests. * Role-based access controls and audit logging for internal access to customer data. * Regular security assessments and vulnerability management. **However, no security system is impenetrable. By using the Service, you acknowledge that: (i) internet transmissions are never entirely secure; (ii) we cannot guarantee the absolute security of your information; and (iii) you agree that the Company is not liable for unauthorized access, data breaches, or resulting damages to the fullest extent permitted by law.** You are responsible for maintaining the security of your account credentials and for promptly notifying us of any suspected unauthorized access. ### 7. Data Retention We retain your personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it for longer periods (e.g., financial records, which may be retained for up to 7 years as required by applicable tax and accounting regulations). Anonymized, aggregate data derived from your use of the Service may be retained indefinitely for analytics and AI improvement purposes. ### 8. Children's Privacy The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we have mistakenly collected information from a minor, please contact us at [email protected]. ### 9. International Data Transfers Demands Hub AI Solutions LLC is headquartered in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. ### 10. Third-Party Links and Services The Service may contain links to or integrations with third-party websites, applications, or services. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of all third-party services you access through or in connection with the Service. ### 11. Changes to This Policy We may update this Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of material changes by updating the "Last Updated" date at the top of this Policy and, where appropriate, by providing a more prominent notice (e.g., in-app notification or email). Your continued use of the Service following notice of changes constitutes your acceptance of the updated Policy. ### 12. Contact Us For questions, concerns, or requests regarding this Privacy Policy or our data practices: * **Email:** [email protected] * **Mailing Address:** Demands Hub AI Solutions LLC, State of Maryland, United States