Legal
Privacy Policy
Last updated: May 2026
1. Overview
Flailo ("we", "us", or "our") operates the Flailo AI Cold Email Personalizer service at flailo.com. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service. By using Flailo you agree to the practices described in this policy.
2. Data We Collect
We collect the following categories of data:
- Account data: Your full name and email address, provided when you sign up.
- Generated emails: The subject lines and body text of every email you generate through our service.
- Usage data: How many emails you generate each month, used to enforce your plan limit.
- Billing data: Payment method information processed by Stripe. We never store raw card numbers.
- Technical data: IP address, browser type, and access timestamps for security and abuse prevention.
- SMTP credentials: If you connect your email account for sending, your SMTP password is stored AES-256-GCM encrypted. We never store or log plain-text passwords.
3. How We Store Your Data
All user data is stored in Supabase, a SOC 2-certified database provider hosted on AWS in the EU-West region. Data at rest is encrypted using AES-256. Data in transit is encrypted with TLS 1.2+. SMTP passwords are additionally encrypted with AES-256-GCM at the application layer before storage.
4. How We Use Your Data
- To provide and improve the email generation service
- To enforce plan limits and track monthly usage
- To process subscription payments through Stripe
- To send transactional emails (account confirmation, password reset) via Supabase auth email delivery
- To detect and prevent abuse, fraud, and unauthorized access
- To comply with legal obligations
We do not sell your data, use it to train AI models, or share it with advertisers.
5. Third-Party Services
We use the following third-party sub-processors:
| Service | Purpose | Data shared |
|---|---|---|
| AI provider | AI email generation | Company name, URL, product description |
| Stripe | Payment processing | Email, billing address, payment method |
| Supabase | Database, authentication & auth email delivery | All user data |
| Vercel | Hosting & edge functions | Request metadata |
6. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access: Request a copy of all personal data we hold about you.
- Right to rectification: Correct any inaccurate data.
- Right to erasure: Delete your account and all associated data. Use the account settings page or email us.
- Right to portability: Export your generated emails as CSV from the Saved page.
- Right to object: Object to processing for legitimate interests.
- Right to restrict processing: Request that we limit how we process your data.
To exercise any of these rights, email privacy@flailo.com. We will respond within 30 days.
7. Cookie Policy
We use the following cookies:
- Authentication cookies: Set by Supabase to keep you signed in. Essential — cannot be disabled.
- Theme preference: Stored in localStorage (not a cookie) to remember your dark/light mode choice.
We do not use advertising cookies, tracking pixels, or third-party analytics.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will permanently delete all your personal data within 30 days, except where we are legally required to retain it (e.g., billing records for 7 years in some jurisdictions).
9. Changes to This Policy
We may update this policy from time to time. We will notify you by email or by posting a notice on the app at least 14 days before material changes take effect. Continued use of the service after changes constitutes acceptance.
10. Contact
For privacy-related questions or to exercise your rights, contact us at privacy@flailo.com.