Support

Legal

Privacy policy

This policy explains how Flutty handles information across the public website, hosted previews, billing flows, connectors, generated sites, and the website-generation workflow.

Policies10 sections

Who we are

Controller and contact

Flutty AI, Inc. ("Flutty", "we", "us", or "our") provides a hosted website-generation, preview, and publishing platform. For questions or privacy requests, contact `privacy@flutty.dev` or `support@flutty.dev`.

Categories

Information we collect

We collect information needed to operate Flutty, secure the service, provide support, process billing, and improve product reliability.

Account identifiers

Email address, authentication provider metadata, user ID, workspace membership, language preference, subscription status, and login/session records.

Workspace content

Prompts, chat messages, uploaded files, generated code, generated copy, images, preview settings, publish configuration, connector settings, project metadata, terminal and runtime outputs, and project snapshots.

Billing information

Plan, checkout provider, subscription identifiers, payment status, invoices/receipts, billing profile details, tax/VAT status where provided, and billing event payloads from payment processors. Flutty does not store full card numbers.

Connector data

OAuth tokens, repository metadata, Supabase project metadata, workspace sync state, deploy keys, and similar connection details needed to operate integrations you enable.

Operational data

IP address, browser and device information, request logs, runtime logs, security events, usage counters, quota and analytics events, error traces, and support messages.

Published-site analytics

Request counts, timestamps, hostnames, status information, and usage-limit data for live sites published through Flutty-managed infrastructure.

Purposes and legal bases

How we use data

We use personal data and workspace content for these purposes:

Service delivery

Create and manage accounts, run generation workflows, host previews, publish live sites, maintain project state, operate connectors, and provide workspace tools.

Billing and subscriptions

Start checkout, confirm subscriptions, process invoices, reconcile payment events, manage quotas, prevent fraud, and handle cancellations or refunds.

Security and abuse prevention

Authenticate users, detect misuse, investigate incidents, enforce acceptable-use rules, protect infrastructure, and maintain audit records.

Support and communications

Respond to support requests, send service notices, provide billing notices, and communicate material policy or product changes.

Product improvement

Analyze usage patterns, failures, runtime outcomes, and feature adoption to improve reliability, onboarding, pricing, and website-generation quality.

Legal compliance

Keep records required for tax, accounting, fraud prevention, dispute resolution, regulatory requests, and enforcement of our agreements.

Recipients

How data is shared

We share data only where needed to operate Flutty, comply with law, protect rights, or complete a transaction you request.

Service providers and subprocessors

Hosting, storage, authentication, database, queue, analytics, payment, email, support, infrastructure, AI/runtime, and security providers. The current subprocessor list is published separately.

Payment processors

Stripe, PayPal, and related payment infrastructure receive checkout, subscription, and billing details needed to process payment.

Connector providers

When you connect GitHub, Supabase, or another integration, we exchange data with that provider as needed to perform the requested integration.

Legal, safety, and compliance

We may disclose information when required by law, legal process, or a good-faith belief that disclosure is necessary to protect users, Flutty, the service, or the public.

Business transfers

Information may transfer as part of a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets.

Website technologies

Cookies and tracking

Flutty uses cookies, local storage, and similar technologies for authentication, session management, language/theme preferences, security, analytics, and product functionality. Some tools are essential to provide the service; others help us understand reliability and usage.

Records

Retention and security

We retain data for as long as needed for the purposes described in this policy, including service operation, security, billing, legal compliance, and dispute resolution.

Account and workspace data is generally retained while the account or project remains active.

Billing and tax records may be retained for the period required by accounting, tax, payment, and fraud-prevention obligations.

Runtime logs, usage records, security logs, and support history may have different retention periods based on operational and legal needs.

Deleted projects and accounts may remain in backups or audit logs for a limited period before routine deletion.

Cross-border processing

International transfers

Flutty and its service providers may process information in the United States, Israel, the European Economic Area, and other countries where providers operate. Where legally required, we use appropriate transfer safeguards such as contractual commitments, data processing terms, or other recognized mechanisms.

Choices

Your rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, object to, or opt out of certain processing of your personal data. You may also have the right to appeal a denied request or lodge a complaint with a regulator.

Minimum age

Children

Flutty is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information to Flutty, contact `privacy@flutty.dev`.

Updates

Changes

We may update this policy from time to time. Material updates will be posted with a new effective date. Continued use of Flutty after an update means the updated policy applies to future use of the service.