Privacy Policy

Flidget is a product operated by Corekit Services("Corekit Services," "we," "us," or "our"). We provide software and services that help businesses understand why customers cancel and improve retention. This Privacy Policy applies to visitors of flidget.comand related subdomains, authenticated users of our dashboard, and end users who interact with the Flidget widget on our customers' websites when those customers have installed it.

By using our services, you acknowledge that you have read this policy. If you do not agree, please do not use the Service. For contractual terms, see our Terms of Service.

The data controller responsible for personal data described in this policy is Corekit Services, the entity operating the Flidget Service. For general privacy inquiries, email hello@flidget.com.

All purchases and subscription billing for Flidget are processed by Paddle.com Market Limited ("Paddle"), which acts as the Merchant of Record and authorised reseller for all Flidget transactions. This means:

• When you purchase a Flidget plan, you are transacting directly with Paddle, not with Corekit Services. Your payment card statement will show a charge from Paddle.
• Paddle collects and processes your payment information, billing address, and transaction data under Paddle's own Privacy Policy, available at paddle.com/legal/privacy.
• Paddle handles all tax calculation, remittance, invoicing, refunds, and payment compliance on our behalf globally.
• For billing support, payment disputes, or invoices, you may contact Paddle directly at paddle.net or contact us at hello@flidget.com.

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

We collect information in the following categories, depending on how you interact with us:

• Account & profile. When you register or manage a Flidget account, we process identifiers such as email address, name or display name, organization, authentication tokens, and settings you save in the product.
• Service & product usage. We log technical and operational data needed to run the Service: IP address, device/browser type, timestamps, feature usage, error logs, API requests, and security signals.
• Billing. Our payment processor Paddle collects payment details and billing address. We receive only limited transaction metadata (subscription status, customer reference, receipts) — not your full card number.
• Support & communications. When you email us or chat with support, we retain the content of those messages and related metadata to respond and maintain service quality.
• Marketing website. On public pages we may assign a pseudonymous visitor identifier to correlate consented analytics and attribution, and log landing path, referrer, and UTM parameters.
• Widget conversations.When an end user interacts with the Flidget widget on a customer's site, we process the conversation content, session identifiers, timestamps, and configuration our customer enables. Our customer decides what is collected; we process such data as a processor on their instructions.

We do not intentionally collect sensitive categories of data through the Service unless you voluntarily include them in free-text fields; please avoid sending unnecessary sensitive information.

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

• Contract — processing necessary to provide the Service you requested, including account management and billing.
• Legitimate interests — securing the Service, preventing abuse, improving features, internal analytics, and limited marketing to business contacts.
• Consent — non-essential cookies, certain marketing activities, or other processing described at the point of collection.
• Legal obligation — compliance with tax, accounting, or regulatory requirements.

We use personal data to:

• Create and maintain accounts, authenticate users, and deliver dashboard and API functionality.
• Operate, host, and secure the Service; detect fraud, abuse, and security incidents.
• Process subscriptions, invoices, and payment-related communications through Paddle.
• Provide customer support and respond to legal or regulatory requests where required.
• Analyze usage in aggregate or pseudonymous form to improve reliability, performance, and product design.
• Send service-related notices and, where allowed, product updates you can opt out of.
• Train and operate AI features that power exit conversations and tagging, consistent with our agreements and applicable law.

We do not sell your personal information as that term is commonly defined in US state privacy laws, and we do not use your dashboard content to train unrelated third-party foundation models for their separate products.

We use cookies, local storage, and similar technologies where needed for authentication, preferences, security, and (with consent) analytics or marketing measurement. You can adjust choices through our cookie banner where offered, or through your browser settings. Blocking essential cookies may limit certain features.

We share data with categories of recipients including:

• Paddle.com Market Limited — our Merchant of Record for payment processing, tax, and invoicing. Paddle processes buyer data under its own privacy policy.
• Infrastructure & hosting providers that store or transmit data.
• Email & communications tools for transactional and support messages.
• AI & ML vendors where we use third-party models or APIs subject to data processing terms.
• Professional advisors (lawyers, accountants) under confidentiality obligations.
• Authorities when required by law or to protect rights, safety, and integrity.

We require subprocessors to protect data appropriately and process it only on documented instructions where we act as a processor for our customers.

We may process data in countries other than your own. Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we use appropriate safeguards such as the EU Standard Contractual Clauses (and UK Addendum where applicable) or other lawful transfer mechanisms.

We retain personal data only as long as necessary for the purposes above, including to comply with legal, tax, or accounting obligations, resolve disputes, and enforce agreements. When data is no longer needed, we delete or anonymize it in line with our internal schedules. Widget conversation transcripts are purged on a schedule determined by your plan (see billing page).

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration — including access controls, encryption in transit, monitoring, and vendor reviews. No method of transmission or storage is completely secure; please use strong passwords and protect your credentials.

Depending on your location, you may have the right to:

• Access, correct, or update personal data we hold about you.
• Request deletion, restriction, or objection to certain processing.
• Data portability for information you provided, where technically feasible.
• Withdraw consent where processing is consent-based, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact hello@flidget.com. We may need to verify your identity. For payment data specifically, please contact Paddle at paddle.com/legal/privacy as they are the data controller for billing information.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have, contact us and we will take steps to delete it.

We use automated systems, including machine learning models, to generate suggested replies, classify churn reasons, and assist with product workflows. These systems support human decision-making and are not intended to produce solely automated decisions with legal or similarly significant effects on individuals without human oversight where required by law.

If you are a California resident, you may have additional rights under the CCPA/CPRA — such as to know, delete, and correct certain personal information, and to opt out of "sale" or "sharing." We do not sell personal information in the conventional sense. Authorized agents may submit requests subject to verification. We will not discriminate against you for exercising privacy rights.

Residents of other US states with comprehensive privacy laws may have similar rights as those laws come into effect.

We may update this Privacy Policy to reflect product, legal, or regulatory changes. We will post the revised version with a new "Last updated" date and, where appropriate, notify you by email or in-product notice. Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.

Questions about this policy or our privacy practices: hello@flidget.com · Contact form & support

For billing and payment queries, contact our Merchant of Record: paddle.net