Company: Flaxbot Ltd
Effective Date: 14 October 2025
Last Updated: 14 October 2025
Contact: [email protected]
This policy is compliant with the UK GDPR, EU GDPR, Data Protection Act 2018, and CCPA/CPRA.
Welcome to Flaxbot ("Flaxbot", "we", "our", or "us"), operated by Flaxbot Ltd. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at https://flaxbot.com or use our PC software (collectively, the "Services").
We are committed to protecting your privacy and complying with applicable data protection laws, including:
Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this policy.
For the purposes of UK and EU data protection law, the Data Controller is:
| Detail | Information |
|---|---|
| Company Name | Flaxbot Ltd |
| Registered Address | 6 Beech Road, Southampton, Hampshire, United Kingdom, SO15 8RJ |
| Website | https://flaxbot.com |
| Contact Email | [email protected] |
| Country of Establishment | United Kingdom |
For California residents, Flaxbot Ltd is the "Business" as defined under the CCPA/CPRA.
We collect the following categories of personal information that you voluntarily provide when creating an account or using our Services:
When you visit our website or use our PC software, we may automatically collect certain technical and usage data through tracking technologies described in Section 4:
Session data is created when you log in and is used to maintain your authenticated state during your visit. Sessions are temporary and expire when you log out or close your browser.
We use browser local storage to persist certain preferences and application state across visits. Unlike cookies, local storage data is not transmitted to our servers automatically but may be read by our scripts. You can clear local storage data via your browser settings.
We use Google Analytics to understand how users interact with our website. Google Analytics uses cookies and similar technologies to collect information about your use of our Services and may combine this with information about your visits to other websites to produce aggregated reports.
For more information, see Google's Privacy Policy. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
We use the Meta Pixel to measure the effectiveness of our advertising and to build audiences for targeted ads on Meta platforms (Facebook and Instagram). The Pixel collects information about actions taken on our website (such as page views and sign-ups) and links them to your Facebook profile where possible.
You can manage your Meta ad preferences at https://www.facebook.com/settings/?tab=ads or opt out via the Digital Advertising Alliance.
We use retargeting technologies to display advertisements to users who have previously visited our website or interacted with our Services. These advertisements may appear on third-party websites and social media platforms, and work through the cookies, local storage, and pixel technologies described above.
You can opt out via the Network Advertising Initiative or the Digital Advertising Alliance.
Legal basis (UK/EU GDPR): Performance of a contract (Article 6(1)(b))
Legal basis (UK/EU GDPR): Legitimate interests (Article 6(1)(f)) for transactional communications; Consent (Article 6(1)(a)) for marketing emails
Legal basis (UK/EU GDPR): Legitimate interests (Article 6(1)(f)); Consent where required by PECR
Legal basis (UK/EU GDPR): Consent (Article 6(1)(a)) where required; Legitimate interests (Article 6(1)(f)) where applicable
Legal basis (UK/EU GDPR): Legal obligation (Article 6(1)(c))
We do not sell your personal information. We may share your information in the following limited circumstances:
We engage third-party service providers who process personal data on our behalf, subject to appropriate data processing agreements:
If Flaxbot Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
We may disclose your personal information where required to do so by law, or where we believe in good faith that disclosure is necessary to: (i) comply with a legal obligation; (ii) protect and defend the rights or property of Flaxbot Ltd; (iii) prevent or investigate possible wrongdoing in connection with the Services; or (iv) protect the personal safety of users of the Services or the public.
We may share your information with third parties when you have given your explicit consent to do so.
As a UK-based company, we primarily process your data within the United Kingdom and the European Economic Area (EEA). However, certain service providers (including Google and Meta) operate internationally, which may result in transfers of your personal data outside the UK and EEA, including to the United States.
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including:
For transfers from the EEA, we rely on the EU Standard Contractual Clauses adopted by the European Commission.
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account data (name, username, email) | Duration of account plus up to 3 years after closure |
| Password hashes | Deleted promptly upon account closure |
| Payment records | 7 years (UK financial and tax regulations) |
| Google Analytics data | 26 months (per Google Analytics default retention settings) |
| Marketing consent records | Duration of relationship and applicable limitation period thereafter |
| Legal claims data | Duration of applicable limitation periods |
When personal data is no longer required, we securely delete or anonymise it.
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:
No method of transmission over the Internet or method of electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.
Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].
If you are located in the United Kingdom or the European Economic Area, you have the following rights in relation to your personal data, subject to certain conditions and exceptions:
| Right | What It Means |
|---|---|
| Right of Access (Article 15) | Obtain a copy of the personal data we hold about you and information about how we process it. |
| Right to Rectification (Article 16) | Request correction of inaccurate or incomplete personal data. |
| Right to Erasure (Article 17) | Request deletion of your personal data where it is no longer necessary, or where you withdraw consent. |
| Right to Restriction (Article 18) | Request that we restrict processing of your personal data in certain circumstances. |
| Right to Portability (Article 20) | Receive your personal data in a structured, machine-readable format where processing is automated and based on consent or contract. |
| Right to Object (Article 21) | Object to processing based on legitimate interests, including direct marketing (absolute right) and profiling. |
| Right re: Automated Decisions (Article 22) | Not be subject to decisions based solely on automated processing that produce significant legal effects on you. |
| Right to Withdraw Consent | Withdraw consent at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with the supervisory authority. In the United Kingdom, this is the:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint
Helpline: 0303 123 1113
If you are a California resident, the CCPA as amended by the CPRA grants you the following rights:
You have the right to request that we disclose: the categories and specific pieces of personal information we have collected about you; the categories of sources; the business or commercial purpose for collecting or sharing it; and the categories of third parties with whom we share it.
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as where the information is necessary to complete a transaction or comply with a legal obligation).
You have the right to request that we correct inaccurate personal information we maintain about you.
We do not sell your personal information for monetary consideration. However, under the CPRA, use of the Meta Pixel and Google Analytics for cross-context behavioural advertising may constitute "sharing" of personal information. You have the right to opt out of this sharing by:
We do not collect or process sensitive personal information as defined under the CPRA.
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a lower quality of service because you exercised your privacy rights.
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
| CCPA Category | Examples Collected |
|---|---|
| Identifiers | Name/username, email address, IP address |
| Internet or Electronic Network Activity | Browsing history on our website, interaction with our Services, session data |
| Geolocation Data | Approximate location derived from IP address |
| Inferences | Profile data derived from analytics and advertising tools |
California residents may submit requests by emailing [email protected]. We will respond within 45 days of receiving a verifiable consumer request, with a possible 45-day extension where reasonably necessary (with prior notice). We will not charge a fee for one request per 12-month period.
We may send you marketing emails, newsletters, and promotional content about our Services, but only where you have explicitly opted in to receive such communications.
You can opt out of receiving marketing communications at any time by:
Even if you opt out of marketing communications, we may still send you essential service-related emails (such as account confirmations, security alerts, and payment receipts) as these are necessary for the performance of our contract with you.
We comply with the UK Privacy and Electronic Communications Regulations (PECR) and the CAN-SPAM Act for all marketing communications.
We use a third-party payment processor, to handle online payment transactions. When you make a payment through our Services, your payment information (including card details) is collected and processed directly by the third-party. We do not receive, process, or store full payment card numbers or sensitive authentication data.
The information we receive from third-party is limited to transaction confirmation details (such as amount, date, and a transaction reference) necessary for account management and customer support.
Our Services may contain links to third-party websites or services that are not operated by us. We have no control over the content, privacy policies, or practices of these third-party sites and accept no responsibility for them. We encourage you to review the privacy policy of every website you visit.
| Legal Basis | Processing Activities |
|---|---|
| Contract (Article 6(1)(b)) |
Account creation and management; service delivery; payment processing |
| Legitimate Interests (Article 6(1)(f)) |
Service analytics and improvement; fraud prevention; security monitoring; transactional communications |
| Consent (Article 6(1)(a)) |
Marketing emails (opt-in); advertising cookies and pixels; retargeting; Google Analytics where required by PECR |
| Legal Obligation (Article 6(1)(c)) |
Financial record-keeping; responding to regulatory requests; compliance with UK law |
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated policy, to the extent permitted by applicable law. If you do not agree with any changes, you should discontinue use of the Services and may request deletion of your account.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Flaxbot LtdFor UK GDPR-related requests, we will respond within one calendar month. For CCPA/CPRA requests, we will respond within 45 days. If we require additional time, we will inform you of the reason and extension period within the initial response window.
