Flable AI

Data Privacy Notice

We are pleased about your visit and your interest in our services. The protection of your personal data is important to us. We would therefore like to inform you below about how personal data is processed at Flable.ai (hereinafter referred to as "Flable").

a. How we treat your data?

Personal data is data that enables the direct or indirect identification of a person. It does not matter whether the determination can be made on the basis of a single piece of information or several pieces of information. The more information and data can be combined, the more precisely the person can be determined. Personal data includes, for example, the name, address, age or e-mail address, but also indirect data such as an IP address or social security number.

Controller

The responsible party for the processing and protection of your personal data is Flable. If you have any questions regarding data protection or questions relating to the processing of your personal data or the exercise of your rights, please contact us by either using the contact form at the bottom of this page or at the following office address telephone number or email address:

Flat no. D-5/102, Bramha Suncity, Pune, 411014, India.

admin@flable.ai

+91 7769975889

b. Data categories and recipients of the data

1. What categories of data we use?

Contact information: name, address, telephone, email.
Professional information: company name, address, position.
Location or preference data.
Product and service data: purchases, assignments, etc.

2. Recipients of personal data

To the extent necessary, departments within Flable will have access to personal data that require it to fulfill their duties. In addition, your personal data may be disclosed to business partners (other service providers) to provide services to us or to you on our behalf. These are carefully selected partners who provide services for Flable. These service providers handle your personal data as so-called processors on our behalf and according to our instructions. Each business partner or service partner is expected to use reasonable security measures appropriate to the nature of the information involved to protect your Personal Information from unauthorized access, use, or disclosure. Service providers are prohibited from using Personal Information that we provide to them other than as specified by us.

Categories of service provider that we may transfer your data to include:

Suppliers of IT and other specific service vendors
Our professional advisers, such as lawyers, accountants, and auditors.
Regulatory authorities, public authorities, law enforcement agencies and courts
Affiliates consist of our determined business enterprise and some other subsidiaries, joint assignment partners, or different companies that we control or that can be under commonplace management with us.
Third party providers

We do not sell your data or share it with third parties unless otherwise specified in the subsequent sections describing the purposes of the processing of personal data.

3. Transfer to third countries or international organizations

When forwarding data within Flable (if permitted), transmitting data abroad and processing data with external partners, We observe the applicable data protection laws and safeguards these activities. A transfer to countries outside the US ("third countries") only takes place to the extent necessary for the respective purpose. Before any transfer of personal data to processors or third parties in third countries, we ensure that a transfer mechanism exists in accordance with applicable law. We have implemented appropriate technical and organizational measures to help protect your information.

A transfer to countries outside the European Union or the European Economic Area ("third countries") only takes place to the extent necessary for the respective purpose. Before any transfer of personal data to processors or third parties in third countries, we ensure that a transfer mechanism exists in accordance with the EU GDPR:

If it's a safe third country, the data transfer is covered by an adequacy decision.
If data is transferred to a so-called insecure third country, this data transfer is covered by standard contractual clauses.

c. Your rights as a data subject

You retain control over all personal data that you provide to us when visiting our website or using our services. You have the following rights, which you can exercise free of charge.

Right of access:

You have the right to obtain information about your personal data stored by us at any time. You have the right to know for what purposes your personal data is processed, how long it is processed and to whom it is disclosed. Please understand that we must first verify the identity of the requesting person before we can provide information.

Right of revocation/objection:

If you have given us consent for a certain processing of your data, you have the right to revoke this consent at any time with effect for the future. If we process your personal data within the framework of a balancing of interests due to our overriding legitimate interest, you have the right to object to this processing at any time with effect for the future.

Right to data portability:

You have the right to request a transfer of your personal data from us to another entity.

Right to rectification, erasure or restriction:

You have the right to have your data rectified and/or supplemented by means of an additional declaration, you also have the right to have your data deleted for the purposes for which they were collected or to limit the processing of your data.

Right of complaint:

You have the right to complain to a supervisory authority or our data protection officer, insofar as you should have a reason to complain. To claim rights against our company, please contact the contact person listed at the beginning of this data protection notice.

d. How is your data secured?

We apply strong technical and organizational measures, and adhere to privacy by design principles.

e. Duration of Storage

We take the protection of personal data seriously and have implemented suitable technical and organizational measures in accordance with legal requirements to ensure the safeguarding of natural persons' rights and freedoms. We take into account the state of the art, implementation costs, as well as the nature, scope, and purposes of the processing to ensure a protection level that is appropriate to the risk. This includes measures to restrict the access to and disclosure of data.

We also adhere to the principles of privacy by design and default. This means that we consider the protection of personal data as early as the development or selection of hardware, software, and processes. Furthermore, we have procedures in place to guarantee the exercise of data subjects' rights, such as the right to access, rectify, and delete personal data. We also have processes in place to respond to data breaches or compromises to ensure timely and appropriate actions are taken.

You may replace, amend, or delete your data at any time by signing in to your account, if you have one, and visiting the account settings section that allows you to control your private data. You could additionally contact us to request entry to, correct, or delete any private facts that you have supplied to us.

In addition, your data will be stored until the expiry of the statutory limitation periods, usually 3 years, insofar as this is necessary for the assertion, exercise or defense of legal claims. After that, the corresponding data will be routinely deleted if it is no longer required to achieve the necessary purposes.

f. Automated decision making incl. profiling

Personal data that we collect, for example, on our websites and that help us to understand your interests may be used for personalization purposes in order to provide you with content and information that is relevant to you. Automated decision-making based on this collected data does not take place.

An informal objection to this type of use is possible without giving reasons at any time for the future.

g. Children (Under the age of 13)

We do not deal with anyone under the age of thirteen. We do not knowingly gather personally identifiable information from anyone under the age of thirteen. If you are a parent or guardian and you are aware that your child has supplied us with personal data, please contact us. If we become aware that we have gathered personal data from anyone under the age of thirteen without verification of parental consent, we will take steps to remove that information from our servers.

If we want to depend on consent as a criminal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we accumulate and use that data.

h. Purpose of Processing data

The following list shows the various processing purposes for personal data here at Flable. Each entry contains a brief description of the respective purpose together with the corresponding legal basis for the processing.

We only collect and processes your personal data if you have given your consent or if it is permitted or required by other legal regulations. We generally obtain this data in two ways: either you have provided us with the data or our registered provider has obtain your data through:

Apps

We collect data from the apps you use, the legal basis of data processing is your consent pursuant of Art.6 a GDPR. Our registered providers provide us with the data from the various apps for mobile devices (iOS and/or Android) that can collect personal data. This personal data is required for the function of the respective app. Apps on mobile devices can gain access to functions of the end device if required and with the consent of the user. Each app that our provider offers will ask you for consent to use the required functions.

Websites: Cookies and functional data under GDPR

As a rule, you can use these websites without providing any personal information. Exceptions are so-called technically necessary cookies, which are required to provide certain functionalities such as secure login or cookie management. For some functionalities offered on the websites, they will request personal information from you to be able to process the respective service quickly and in a user-friendly manner or to be able to offer the service at all. Some data is already collected automatically and for technical reasons when you visit these website. The data processing is based on Art. 6 (1) lit a or f of GDPR. You have the right to revoke your consent at any time with effect for the future.

We would like to send you information about our products and services that may be of interest to you. For this we gather and process your data in different ways. The legal basis of the data processing is your consent pursuant to Art. 6 (1) lit. a GDPR. You have the right to revoke your consent at any time with effect for the future. You will find unsubscribe instructions in the footer of each newsletter.

Marketing Platforms / AI Platforms / CDP

We will receive your data from our registered providers of purchasing or using products or services from various platforms such Marketing, CDP or AI platforms which later will be used for direct marketing measures to draw attention and updates about purchased or related products or services or study your behavior over these products and services. The legal basis for data processing is the safeguarding of the legitimate interests of Flable in accordance with Article 6 (1) lit. f GDPR. Our overriding legitimate interest follows from our interest in being able to send you news and improvements to the products or services you have purchased or related products or services. You can object to the processing of your personal data for these purposes at any time with effect for the future. The objection can be made easily via the request form provided at the bottom of this page.

Google Analytics

The legal basis of the data processing is your consent according to Art. 6 para. 1 lit.a. You have the right to revoke your consent at any time with effect for the future. Google Analytics is a web analytics service provided by Google, Inc. This service allows us as a website operator to track and analyze the interactions of visitors with our website. Google Analytics allows us to obtain information about the origin of visitors, the actions performed on the website and the conversion rate of visitors. This information can be used to improve website performance and optimize the user experience for visitors.

Social Media Platforms

We offer options using social media on the basis of Art. 6 (1) lit. f GDPR. These social media services may independently collect personal data, e.g. via your created profile. If you are already logged in to a social network of your choice, this takes place without another window. Since this transmission is direct, we do not obtain knowledge of the transmitted data. What is transmitted is the fact that you have called up the corresponding page. If you are logged into Facebook & Co. at the same time, this information is assigned to your social media account and is thus associated with your person. For more information about the further use and storage of your personal data by Facebook and Twitter, please contact these social media companies directly.

Third Party Cookies and Consents

Various third-party providers use our websites to compile usage statistics, provide additional functions and personalize content. If you give your consent in the cookie banner, the software of these third-party providers may place cookies. Please click on the link of the third-party provider to be redirected to the corresponding privacy statement.

i. Google API Services User Data

Flable's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. This section specifically discloses how Flable accesses, uses, stores, and shares Google user data obtained through Google API Services.

1. Google User Data We Access

Flable accesses the following categories of Google user data through authorized Google API integrations, only after obtaining your explicit consent via OAuth authorization:

Google Ads Data

Campaign performance metrics (impressions, clicks, conversions, spend, revenue, ROAS, CPA)
Ad group and ad-level performance data
Keyword and search term performance data
Campaign structure and configuration data

Google Analytics Data

Website visitor analytics and traffic sources (read-only access via analytics.readonly scope)
User interaction and behavior data on your website
Conversion tracking and goal completion data
Audience and demographic insights

Google Search Console Data

Search performance data including queries, impressions, clicks, and average position (read-only access via webmasters.readonly scope)
URL indexing and crawl status information

Google Drive & Google Sheets Data

Read access to specific files, spreadsheets, and documents you explicitly choose to connect
Spreadsheet data including cells, rows, and metrics within selected or uploaded files
Document content necessary for your interactions with our AI agent

2. How We Use Google User Data

Flable uses the Google user data described above solely for the following purposes:

Profitability Analytics: We combine Google Ads spend and revenue data with your other business data (e.g., COGS, shipping costs, returns, discounts, payment processing fees) to calculate true contribution margins per channel, per campaign, and per SKU.
Performance Dashboards: We display your Google Ads, Google Analytics, and Google Search Console data in unified dashboards so you can monitor performance across all marketing channels in one place.
AI Agent Interactions: We process your selected Google Drive documents and Google Sheets data so that you can upload custom datasets, interact with them, and receive tailored insights or answers directly from our AI agent.
AI-Powered Insights & Alerts: We analyze your Google campaign data to generate actionable recommendations, such as identifying unprofitable campaigns, scaling opportunities, and margin alerts.
Reporting: We generate automated profitability reports that include Google Ads performance data alongside other channel data.

Important: We do not use Google user data for purposes unrelated to providing and improving the Flable platform's features as described above. We do not use Google user data for serving advertisements. We do not use Google user data to develop or improve unrelated products or services.

3. How We Share Google User Data

Flable does not sell Google user data to any third party. We share Google user data only in the following limited circumstances:

Data Infrastructure Providers: We use cloud hosting and database services (e.g., cloud infrastructure providers) to store and process your data. These providers act as data processors on our behalf and are contractually bound to process data only as instructed by us.
Data Integration Partners: We use data pipeline services (e.g., Fivetran, Airbyte) to securely sync your Google Ads data into Flable. These services act as processors and do not retain your data beyond what is necessary for the sync.
Agency Access (if applicable): If you are onboarded through a marketing agency using Flable, your authorized agency representatives may view your Google performance data within the Flable platform as part of the agreed-upon services.
Legal Requirements: We may disclose Google user data if required to do so by law, such as in response to a court order, subpoena, or regulatory request.

Important: We do not share Google user data with third parties for their own marketing, advertising, or data brokerage purposes. All sharing is strictly limited to what is necessary to provide the Flable service.

4. Data Storage & Protection

We implement the following measures to securely store and protect Google user data:

Encryption in Transit: All data transmitted between Flable and Google APIs is encrypted using TLS/SSL protocols.
Encryption at Rest: Google user data stored in our databases is encrypted at rest using industry-standard encryption algorithms.
Access Controls: Access to Google user data within our systems is restricted to authorized personnel on a need-to-know basis. We use role-based access controls and multi-factor authentication.
OAuth Token Security: Google OAuth tokens (access and refresh tokens) are stored securely in encrypted storage and are never exposed to end users or unauthorized parties.
Regular Security Audits: We conduct regular security assessments and audits of our systems and processes to identify and remediate vulnerabilities.
Infrastructure Security: Our cloud infrastructure utilizes firewalls, intrusion detection, and monitoring systems to protect against unauthorized access.

5. Data Retention & Deletion

We retain Google user data only for as long as necessary to provide you with the Flable service:

Active Accounts: While your Flable account is active and your Google integrations are connected, we retain your Google user data to provide continuous analytics, dashboards, and historical trend analysis.
Account Cancellation: Upon cancellation of your Flable account or disconnection of your Google integration, your Google user data will be deleted from our systems within 90 days.
OAuth Revocation: If you revoke Flable's access to your Google account through your Google Account permissions settings, we will cease accessing your Google data immediately. Previously synced data will be deleted within 90 days.

How to Request Deletion of Your Google User Data

You may request deletion of your Google user data at any time by:

Emailing us at admin@flable.ai with the subject line "Google Data Deletion Request"
Disconnecting your Google integration from your Flable account settings
Revoking Flable's access from your Google Account permissions at myaccount.google.com/permissions

All deletion requests will be processed within 10 working days. You will receive a confirmation once the deletion is complete. For full details on our deletion procedures, please refer to our Data Deletion Guideline.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: