By accessing or using Flain, you agree to this Privacy Policy. If you do not agree, do not use the Service.
01Who we are
Middletown, DE 19709, United States
For Flain users in the European Economic Area (EEA), United Kingdom, or Switzerland, Dorik, Inc. is the data controller of personal data described in this Policy.
02Information we collect
We collect information in three categories: information you provide, information we receive from third-party services you connect, and information collected automatically.
2.1 Information you provide
When you create an account, configure the Service, or contact us, we collect:
- Account information: name, email address, password (hashed), workspace name, role, billing address, and payment information (processed by Stripe; we do not store full card numbers)
- Workspace content: contacts, companies, deals, conversations, notes, files, custom fields, and any other information you import into or create in Flain
- Configuration data: sequence templates, agent instructions, workflow rules, custom integrations, and preferences
- Communications: support requests, feedback, survey responses, and any other content you submit to us
2.2 Information from connected third-party services
When you connect external services to Flain, we receive data those services are authorized to share. Examples:
- Google Workspace (Gmail, Calendar, Contacts): email messages, message metadata, calendar events, contact lists, and profile information from accounts you authorize
- LinkedIn: profile data, conversation messages, and connection information when you authorize a LinkedIn integration
- Microsoft 365 / Outlook: email messages, calendar events, and contact data
- Communication platforms (Twilio, WhatsApp Business, Slack, etc.): messages, phone numbers, and metadata from authorized accounts
- Data enrichment providers (Prospeo, Icypeas, and similar): contact records, company data, and verified contact details
- Payment and billing platforms (Stripe and similar): subscription status, payment events, and customer identifiers
You control which services you connect and can revoke access at any time through your Flain settings or the third-party service’s own controls.
2.3 Information collected automatically
When you use Flain, we automatically collect:
- Device and connection information: IP address, browser type, operating system, device identifiers, language, and time zone
- Usage data: pages visited, features used, actions taken, timestamps, and referring URLs
- Performance and error data: logs, crash reports, and diagnostic information
- Cookies and similar technologies: see Section 8
03Google API Services User Data Policy
Flain’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, if you connect a Google account (Gmail, Google Calendar, Google Contacts, or other Google Workspace service) to Flain, we use that data only to provide and improve user-facing features of Flain that are clearly visible to you, such as:
- Syncing your inbox so messages can be managed in Flain
- Reading email threads so AI agents can summarize, draft, or reply (only when you configure them to do so)
- Reading calendar events so meeting briefs and scheduling features can function
- Reading contact lists so Flain can populate your CRM
We do not use Google user data to:
- Serve advertising
- Sell or transfer to data brokers, ad networks, or information resellers
- Train generalized or generic AI/ML models
- Allow humans to read your Google user data, except (a) with your explicit consent, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) in aggregated/anonymized form for internal operations
If we use any third-party AI model to process Google user data on your behalf (for example, to draft replies via an agent), the AI provider acts as a sub-processor under our agreement and is contractually bound to delete the data after processing and not train models on it.
You can revoke Flain’s access to your Google account at any time at myaccount.google.com/permissions.
04Meta Platform Terms disclosure
If you connect Facebook, Instagram, or WhatsApp Business accounts to Flain, we use data received from Meta APIs solely to provide the features you authorize. We do not use Meta data for advertising, do not sell or transfer it to third parties for unauthorized purposes, and adhere to the Meta Platform Terms and applicable developer policies.
You can revoke Flain’s access at facebook.com/settings?tab=applications.
05How we use information
We use information for the following purposes:
| Purpose | Examples |
|---|---|
| Provide the Service | Authenticate users, sync data, run sequences, draft AI responses, schedule meetings, route conversations |
| Improve the Service | Analyze feature usage in aggregate, debug errors, develop new features |
| Communicate with you | Send service notifications, account alerts, billing notices, security updates, and (with your consent) marketing |
| Personalize the experience | Show relevant features, customize defaults, recall preferences |
| Protect the Service | Detect fraud, abuse, security incidents; enforce our Terms; comply with legal obligations |
| Comply with legal obligations | Respond to lawful requests, tax and accounting records, regulatory reporting |
We do not use your workspace content (including the content of email messages, calendar events, or contacts) to train generalized AI models, sell to third parties, or serve advertising to your users.
06Legal bases for processing (EEA, UK, Switzerland)
If GDPR or UK GDPR applies to you, we rely on the following legal bases:
- Contractual necessity: to provide the Service you signed up for
- Legitimate interests: to secure, improve, and personalize the Service, provided your interests do not override ours
- Consent: where required (e.g., for certain cookies, marketing emails, or sensitive data)
- Legal obligation: where we must process to comply with law
You may withdraw consent at any time without affecting prior processing.
07How we share information
We do not sell personal information. We share information only as described below.
7.1 With your workspace members
If you use Flain as part of a team workspace, other members of that workspace may see content you create or import (conversations, contacts, deals, notes, etc.) based on the access controls you configure.
7.2 With sub-processors and service providers
We use the following categories of sub-processors. A current list is maintained at flain.ai/subprocessors.
| Category | Examples | Purpose |
|---|---|---|
| Cloud infrastructure | Render, Neon (PostgreSQL), Dragonfly Cloud (Redis) | Hosting and database |
| Search | Typesense Cloud | Conversation search |
| Logging and monitoring | Axiom | System logs and observability |
| Email delivery | Resend | Transactional email |
| Payment processing | Stripe | Subscriptions and billing |
| AI / LLM providers | Anthropic (Claude), OpenAI (where used) | AI agent processing |
| Data enrichment | Prospeo, Icypeas | Lead enrichment features |
All sub-processors are bound by written agreements requiring them to safeguard personal data consistent with this Policy and applicable law.
7.3 With third-party services you connect
When you connect an external service (Google, LinkedIn, Slack, etc.), data flows between Flain and that service under your authorization. Each third-party service has its own privacy policy.
7.4 For legal reasons
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Dorik, our users, or others.
7.5 In a business transfer
If Dorik is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to confidentiality obligations.
08Cookies and tracking technologies
Flain uses cookies and similar technologies for:
- Strictly necessary: authentication, session management, security
- Functional: preferences, language, workspace selection
- Analytics: aggregated usage measurement (where consented)
You can manage cookie preferences via our cookie banner. Blocking strictly necessary cookies may break core functionality.
We do not use cookies for cross-site advertising or behavioral retargeting.
09Data retention
We retain your information for as long as your account is active and as needed to provide the Service. Specific retention periods:
| Data type | Retention |
|---|---|
| Account data | Duration of account + 90 days after deletion |
| Workspace content (contacts, conversations, deals) | Duration of account + 30 days after deletion (recoverable during this window) |
| Connected service data (Gmail, Calendar, etc.) | Synced for as long as connection is active; deleted within 30 days of disconnection |
| Billing and tax records | 7 years (legal requirement) |
| Logs and diagnostics | 90 days |
| Backups | Up to 90 days |
You may request earlier deletion (see Section 11).
10Security
We implement reasonable technical and organizational measures to protect your information, including:
- Encryption in transit (TLS 1.2+)
- Encryption at rest for sensitive data
- Role-based access controls
- Session-based authentication via Better Auth
- Audit logging of administrative actions
- Regular security reviews and penetration testing
- Sub-processor due diligence
No system is 100% secure. If we become aware of a breach affecting your data, we will notify you and applicable regulators consistent with law.
11Your rights and choices
Depending on where you live, you may have the following rights:
- Access: request a copy of your personal data
- Correction: request correction of inaccurate data
- Deletion: request deletion of your data
- Portability: request your data in a portable format
- Restriction: request restriction of certain processing
- Objection: object to processing based on legitimate interests
- Withdraw consent: where processing is based on consent
- Lodge a complaint: with your local data protection authority
To exercise these rights, email privacy@flain.ai. We will respond within 30 days (or as required by applicable law).
California residents (CCPA / CPRA)
California residents may also:
- Know what categories of personal information are collected and shared
- Opt out of “sale” or “sharing” of personal information (Flain does not sell or share for cross-context behavioral advertising)
- Limit use of sensitive personal information
- Not be discriminated against for exercising privacy rights
Other jurisdictions
If you live in Virginia, Colorado, Connecticut, Utah, Texas, or another state with a comprehensive privacy law, you have similar rights. Contact privacy@flain.ai to exercise them.
12International data transfers
Dorik is based in the United States. If you access Flain from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our sub-processors operate.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK Addendum to the SCCs
- Adequacy decisions where applicable
You may request a copy of the safeguards we use by emailing privacy@flain.ai.
13Children
Flain is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact privacy@flain.ai and we will delete it.
14Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The “Last updated” date at the top reflects the most recent revision.
15Contact us
For privacy questions, data requests, or complaints:
For users in the EEA/UK/Switzerland, you may also contact your local data protection authority.
This Privacy Policy was last reviewed by counsel on May 22, 2026. It is provided in good faith but does not constitute legal advice. Dorik recommends each user consult their own counsel regarding personal compliance obligations.