Privacy Policy

Flidget ("Flidget," "we," "us," or "our") provides software and services that help businesses understand why customers cancel and improve retention. This Privacy Policy applies to visitors of flidget.comand related subdomains, authenticated users of our dashboard, and end users who interact with the Flidget widget on our customers' websites when those customers have installed it.

By using our services, you acknowledge that you have read this policy. If you do not agree, please do not use the Service. For contractual terms, see our Terms of Service.

The data controller responsible for personal data described in this policy is the Flidget entity operating the Service and identified in your order, contract, or contact correspondence. For general privacy inquiries, email privacy@flidget.com.

We collect information in the following categories, depending on how you interact with us:

• Account & profile. When you register or manage a Flidget account, we process identifiers such as email address, name or display name, organization, authentication tokens, and settings you save in the product.
• Service & product usage. We log technical and operational data needed to run the Service: IP address, device/browser type, timestamps, feature usage, error logs, API requests, and security signals. This helps us operate, debug, secure, and improve the product.
• Billing. If you purchase a paid plan, our payment processor (for example Paddle) collects payment details and billing address. We receive limited transaction metadata (such as subscription status, customer reference, and receipts) — not your full card number.
• Support & communications. When you email us, submit a form, or chat with support, we retain the content of those messages and related metadata to respond and maintain service quality.
• Marketing website. On public pages we may assign a pseudonymous visitor identifier (stored locally, e.g. in browser storage) to correlate consented analytics and attribution. With your consent, we may record whether you accept analytics or marketing cookies, and we may log landing path, referrer, and UTM parameters to understand campaign performance in aggregated form.
• Widget conversations.When an end user interacts with the Flidget widget on a customer's site, we process the conversation content, session identifiers, timestamps, and configuration our customer enables (for example optional email passed by the host page). Our customer decides what is collected and for what purpose; we process such data as a processor on their instructions, in addition to our own operational uses described below.

We do not intentionally collect sensitive categories of data (such as health data) through the Service unless you voluntarily include them in free-text fields; please avoid sending unnecessary sensitive information.

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

• Contract — processing necessary to provide the Service you requested, including account management and billing.
• Legitimate interests — securing the Service, preventing abuse, improving features, internal analytics that do not override your rights, and (where permitted) limited marketing to business contacts.
• Consent — non-essential cookies, certain marketing activities, or other processing we describe at the point of collection.
• Legal obligation — compliance with tax, accounting, or regulatory requirements.

We use personal data to:

• Create and maintain accounts, authenticate users, and deliver dashboard and API functionality.
• Operate, host, and secure the Service; detect fraud, abuse, and security incidents.
• Process subscriptions, invoices, and payment-related communications through our payment partner.
• Provide customer support and respond to legal or regulatory requests where required.
• Analyze usage in aggregate or pseudonymous form to improve reliability, performance, and product design.
• Send service-related notices (e.g. security alerts, policy updates) and, where allowed, product updates you can opt out of.
• Train and operate AI features that power exit conversations and tagging, consistent with our agreements and applicable law.

We do not sell your personal information as that term is commonly defined in US state privacy laws, and we do not use your dashboard content to train unrelated third-party foundation models for their separate products.

We use cookies, local storage, and similar technologies where needed for authentication, preferences, security, and (with consent) analytics or marketing measurement. You can adjust choices through our cookie banner where offered, or through your browser settings. Blocking essential cookies may limit certain features.

We share data with categories of recipients including:

• Infrastructure & hosting providers that store or transmit data.
• Payment processors (e.g. Paddle) for checkout, tax, and invoicing.
• Email & communications tools for transactional and support messages.
• AI & ML vendors where we use third-party models or APIs subject to data processing terms.
• Professional advisors (lawyers, accountants) under confidentiality obligations.
• Authorities when required by law or to protect rights, safety, and integrity.

A current list of key subprocessors may be provided on request or in your order documentation. We require subprocessors to protect data appropriately and process it only on documented instructions where we act as a processor for our customers.

We may process data in countries other than your own. Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we use appropriate safeguards such as the EU Standard Contractual Clauses (and UK Addendum where applicable) or other lawful transfer mechanisms.

We retain personal data only as long as necessary for the purposes above, including to comply with legal, tax, or accounting obligations, resolve disputes, and enforce agreements. Retention periods vary: for example, billing records may be kept longer than transient server logs. When data is no longer needed, we delete or anonymize it in line with our internal schedules.

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration. These include access controls, encryption in transit where appropriate, monitoring, and vendor reviews. No method of transmission or storage is completely secure; please use strong passwords and protect your credentials.

Depending on your location, you may have the right to:

• Access, correct, or update personal data we hold about you.
• Request deletion, restriction, or objection to certain processing.
• Data portability for information you provided, where technically feasible.
• Withdraw consent where processing is consent-based, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact privacy@flidget.com. We may need to verify your identity. If you interact with the widget on another company's site, that company is often the controller for your conversation; you may contact them directly or reach us and we will assist as appropriate.

The Service is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take steps to delete it.

We use automated systems, including machine learning models, to generate suggested replies, classify churn reasons, and assist with product workflows. These systems support human decision-making and service delivery; they are not intended to produce solely automated decisions with legal or similarly significant effects on individuals without human oversight where such oversight is required by law.

If you are a California resident, you may have additional rights under the CCPA/CPRA, such as to know, delete, and correct certain personal information, and to opt out of "sale" or "sharing" (we do not sell personal information in the conventional sense and describe targeted advertising practices in our cookie controls where relevant). Authorized agents may submit requests subject to verification. We will not discriminate against you for exercising privacy rights.

Residents of other US states with comprehensive privacy laws may have similar rights as those laws come into effect.

We may update this Privacy Policy to reflect product, legal, or regulatory changes. We will post the revised version with a new "Last updated" date and, where appropriate, notify you by email or in-product notice. Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.

Questions about this policy or our privacy practices: privacy@flidget.com · Contact form & support