Privacy Policy

This Privacy Policy explains how Flexabits LLC (“Flexabits,” “we,” “us,” or “our”) processes Personal Data when you use our website at https://flexabits.com (the “Site”) and our downloadable Digital Products and related Online Services (together, the “Services”). It outlines what we collect, why we process it, how we use, disclose, and protect it, how long we keep it, and your rights and choices.

Depending on context, references to “you” and “your” mean a Visitor, User, or Customer as defined in our Terms of Use. We process Personal Data to operate, deliver, secure, measure, and improve our Services. Depending on your location, applicable law, and the choices you make through our consent tools, we may also use analytics, advertising, attribution, and similar measurement technologies. Additional details are provided in our Cookie Policy.

We honor Global Privacy Control (GPC) signals where required by applicable law. We generally act as the data controller for the processing described in this Privacy Policy. Our Services are operated from the United States, but individuals in various regions may access the Site and interact with our Services. Where applicable data protection laws apply, we provide the disclosures and choices required by those laws, including consent for non-essential technologies where required.

Where the GDPR or UK GDPR applies, this notice is also intended to satisfy the information requirements of Article 13 to the extent that Personal Data is collected directly from you.

1. Data Controller

• Legal Entity: Flexabits LLC (a Wyoming limited liability company, United States)
• Service of Process: Northwest Registered Agent Service Inc
• Registered Agent Address: 30 N Gould St Ste N, Sheridan, WY 82801, USA
• Official Domain: https://flexabits.com
• DPO: Flexabits LLC is not required to appoint a Data Protection Officer under Article 37 GDPR.

2. Scope and Relationship to Other Documents

This Privacy Policy covers Personal Data processed in connection with our “Services” (as defined in our Terms of Use), including the Site, our downloadable Digital Products, and any Online Services that we may make available. This Privacy Policy should be read together with our Terms of Use, Cookie Policy, License Terms (EULA), Refund Policy, Legal Notice, and Disclaimer. The Terms of Use are the master agreement for your use of the Services. For matters relating to Personal Data, this Privacy Policy controls. For cookies and similar technologies, the Cookie Policy controls. The Terms of Use control all other matters and set the overall order of precedence between these documents. Nothing in this Privacy Policy limits any non-waivable consumer rights under applicable law in your jurisdiction.

3. What data we collect

We collect Personal Data needed to operate, deliver, secure, measure, improve, and support our Services.

• Identifiers: Name, email, IP address, account/username.
• Billing information: Country, state/province (and city, where provided), and ZIP/postal code.
• Order currency: Displayed in USD by default. Where available, we may charge in a supported local currency based on your location or browser settings (such as AUD, CAD, EUR, GBP).
• Commercial data: Digital Products ordered, purchase history, order total, processor transaction IDs, processor fees (where applicable), limited payment details (such as card brand, last four digits, and other limited payment method metadata, where applicable), and payment authentication or fraud-review signals returned by our payment processors (such as AVS/CVC verification results, processor or issuer risk indicators, and 3D Secure / liability-shift status, where applicable). We do not receive or store full card/bank numbers or CVV.
• Essential technical and security data: Device, browser, operating system, app or client context, timestamps, access/download events, license or activation state, essential cookies or local storage for login, cart and checkout, abuse-prevention and rate-limit signals, anti-bot or challenge outcomes, transactional email deliverability signals (such as accepted, delivered, bounced, spam complaint, or suppression), and security/audit logs related to order compliance, abuse prevention, fraud prevention, and dispute handling (e.g., evidence export events), with limited retention.
• Analytics and measurement data: Information about interactions with the Site, pages viewed, sessions, approximate location derived from IP or network data, browser/device attributes, referral and campaign data, and event-level measurement data, where analytics or similar measurement technologies are enabled under applicable law.
• Advertising and marketing data: Information about interactions with the Site, campaigns, audiences, browser/device identifiers, conversion and attribution data, and similar marketing-related data, where advertising, attribution, or marketing technologies are enabled under applicable law.
• User-agent variability notice: The user-agent string is provided by the client application/browser and may include different fields depending on the client and context (for example: device model, app/webview version, OS version, screen density/resolution, or other client tokens). As a result, user-agent details may differ between checkout and later download events (e.g., Instagram in-app browser, Gmail link opener, or a standard browser).
• Technical signal examples: For security and forensic integrity, logs may include technical identifiers such as edge/CDN request IDs (e.g., CF-RAY), edge country code, request-hash values, forwarded-IP headers, file identifiers, evidence export events, cryptographic integrity records, and challenge/bot outcome fields. We use these strictly for service security, delivery verification, fraud prevention, abuse prevention, and dispute handling.
• Preferences and consent data: Cookie choices, regional privacy choices, language settings, marketing opt-in/opt-out preferences, consent status, consent channel (such as standard or express checkout), consent mode (where applicable), consent version, the consent statement accepted by the user, a cryptographic hash of that statement, client-provided timestamp, limited interaction-timing metadata (such as time elapsed before acceptance, measured in milliseconds, for fraud detection), and related security identifiers or headers.
• Policy version records: At the time of consent, we capture version identifiers for our Terms of Use, Refund Policy, and Privacy Policy, including policy URLs, internal page identifiers, last-modified timestamps, and cryptographic hashes of the policy content, to ensure verifiable proof of the exact terms accepted.
• Transactional email content: Email address and limited content/metadata (such as receipts, password resets, service notices) needed to send and troubleshoot transactional emails.
• Messages and forms: Information you submit to support (issue description and any device/OS details you choose to share).
• Reviews and feedback: Product reviews, ratings, comments, testimonials, and similar feedback you choose to submit (including your display name or any information you include in the review).

Sources: We collect Personal Data (i) directly from you (for example, when you create an account, place an order, complete checkout, contact us (including via contact form or email), or submit reviews or feedback); (ii) automatically through essential cookies, similar technologies, server-side logs, and security tools when you interact with the Services, including to operate the Services, verify delivery, secure accounts, and prevent fraud or abuse; (iii) from payment processors and payment-related service providers, such as WooPayments (powered by Stripe), which handle your payment credentials and may share back payment status, transaction IDs, and limited payment details (such as card brand and last four digits, where applicable); and (iv) from authentication providers and from analytics, attribution, advertising, or embedded-content providers where those technologies are enabled in accordance with applicable law and your choices.

US Notice at Collection: See U.S. State Disclosures (CPRA) for our 12-month summary and “Do Not Sell or Share” statement. We do not intentionally collect or use categories of “Sensitive Personal Information” as defined by applicable U.S. state privacy laws, other than basic account-authentication data used solely to provide and secure the Services. We honor Global Privacy Control (GPC) signals where required by applicable law.

Not collected currently: Government IDs, precise (GPS) geolocation, biometrics, or sensitive health/financial information. If a future Service needs additional data, we will update this Policy in advance and, where required, seek consent.

4. Purposes and Legal Bases

We process Personal Data for the following purposes on the following lawful bases under applicable data protection and privacy laws: contract performance, legitimate interests, legal obligations, and consent (where required).

• Purchase, delivery, and account operations (including license/activation checks and access/download verification).
• Security, fraud/abuse prevention, and dispute resolution (including chargeback investigation, rate limit enforcement, and operation of security controls such as bot detection and challenge tools).
• Service and operational communications (including receipts, order updates, and internal administrative order alerts such as order number, total, product summary, and customer email address) for order management, support, and fraud/dispute handling.
• Compliance with tax/audit, accounting, sanctions/export controls, and record-keeping obligations.
• Analytics, measurement, attribution, and service-improvement activities, including understanding how users interact with the Site, measuring performance, diagnosing issues, and improving the Services, where permitted under applicable law and, where required, based on your consent.
• Advertising, audience measurement, conversion measurement, attribution, and campaign-effectiveness activities, where these technologies are enabled and permitted under applicable law and, where required, based on your consent, or, in certain jurisdictions, subject to your ability to opt out.
• Email delivery and deliverability monitoring/troubleshooting (without open or link tracking) to ensure reliable transactional communications, detect abuse, and support customer support and dispute resolution (contract performance and/or legitimate interests, depending on context).
• Email marketing and newsletters: When you subscribe to receive marketing emails from Flexabits (such as by ticking the “I consent to receive marketing emails” checkbox in our “Get 10% OFF” or “Claim Now” forms), we use your email address and marketing preferences to send you tips, product updates, coupons, and promotions related to our Services. In the EEA/UK and other jurisdictions where required, we rely on your consent. In some other jurisdictions, where permitted by law, we may also rely on our legitimate interests in promoting our Services. You can unsubscribe at any time by clicking the “Unsubscribe” link in our emails.
• Reviews and testimonials: If you check the consent box when submitting a review, we may publish your product reviews and testimonials (including your display name, rating, and review text) on our Site and in related marketing materials (such as on product pages, landing pages, emails or on our social media channels operated by us). We may also process information derived from reviews in aggregated and de-identified form for analytics and to improve the Services. You may withdraw your consent at any time and request removal or anonymization where feasible by contacting us.

Mapping of Purposes to Legal Bases
Where the GDPR/UK GDPR applies, we rely on the following legal bases:

• Contract performance (Art. 6(1)(b)) to process and deliver your order, manage your account, provide access/downloads, send transactional emails, and provide support.
• Legitimate interests (Art. 6(1)(f)) to secure our Services, prevent fraud and abuse, verify delivery, enforce rate limits and license controls, log access/download events, troubleshoot, improve quality, and maintain records necessary to defend legal claims. We balance these interests against your rights and expectations and use proportionate safeguards.
• Legal obligations (Art. 6(1)(c)) to comply with tax/audit, accounting, sanctions/export‑control, and consumer‑protection laws.
• Consent (Art. 6(1)(a)) is obtained for non-essential cookies/technologies, marketing emails, and the publication of product reviews/testimonials where required by law. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Required Personal Data (Art. 6(1)(b)): Certain Personal Data (such as your name, email address, and payment information) is required to enter into or perform a contract with you, including for processing orders, delivering Digital Products, providing account access, and sending service-related communications. If you do not provide this information, we may not be able to provide the requested Services or enter into the contractual relationship.
• Automated decision-making and profiling: We do not use Personal Data for solely automated decision-making, including profiling, that produces legal or similarly significant effects on you. We do not rely on consent for strictly necessary security, checkout, fraud-prevention, or delivery-verification processing. We may use automated security measures (such as rate limiting, bot challenges, and temporary access restrictions) to protect the Services, and these measures are not used for advertising.

5. Cookies and Similar Technologies

We use cookies and similar technologies for essential operations, security, preferences, analytics, embedded content, and, where enabled, advertising, attribution, and campaign measurement. The types of technologies used, the purposes they serve, the relevant retention periods, and the vendors involved are described in our Cookie Policy. Available choices can be managed through “Cookie Settings” and, where applicable, “Your Privacy Choices”.

6. Payments

Payments are processed by WooPayments (powered by Stripe). We do not collect or store full payment card numbers or CVV. Our payment processors handle your payment credentials and share with us payment status and transaction identifiers, and (where applicable) limited payment details such as card brand and last four digits, for fraud prevention and dispute handling. We may receive tokenized identifiers to support receipts and fraud/dispute workflows. All checkout pages are served over HTTPS/TLS. We do not use transaction data for behavioral profiling, advertising, or marketing purposes. We automatically generate and provide an electronic receipt (PDF) once our payment processor confirms a successful payment. For details on how WooPayments/Stripe process your data, please see the WooPayments documentation and the Stripe Privacy Policy.

7. Disclosures to Third Parties

We may disclose Personal Data to:

• Service providers and subprocessors that help us operate, secure, host, support, measure, and improve the Services.
• Payment processors and payment-related service providers, including payment processors that act as independent controllers with respect to payment credentials and certain related payment-processing activities.
• Identity, authentication, consent-management, communications, analytics, attribution, advertising, and embedded-content providers, depending on the technologies enabled, applicable law, and your choices.
• Competent authorities and parties involved in legal claims, investigations, fraud prevention, or dispute resolution, where required or permitted by law.
• Relevant parties in connection with corporate transactions, such as mergers, acquisitions, financings, restructurings, or asset transfers.
• Our service providers may process Personal Data in the United States and other jurisdictions. We may maintain a list of material subprocessors available upon request via [email protected].

8. International Transfers

Where Personal Data originates in the EEA/UK/CH and is transferred to a country that does not provide an adequacy decision, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) (2021/914), together with the UK Addendum/IDTA and Swiss requirements where applicable. Where applicable, we may rely on the EU–U.S. Data Privacy Framework (including the UK Extension and the Swiss–U.S. DPF) for transfers to participating recipients that are certified under the relevant framework. Otherwise, we rely on the EU SCCs (2021/914) and the UK Addendum/IDTA (and Swiss requirements where applicable), together with supplementary measures as appropriate. We do not rely on GDPR Article 49 derogations on a routine basis. You may request a redacted copy of the relevant safeguards by contacting [email protected]. As of the ‘Last Updated’ date of this Privacy Policy, Flexabits is not certified under the EU–U.S. Data Privacy Framework.

9. Data Retention

• Orders, tax, and consent logs: 5 years.
  • May include IP address, timestamp, consent status/version/channel/source/snapshot, country/region/city, user-agent, security identifiers, consent-text hash, delivery/download logs, policy snapshot records, fraud-review records, cryptographic integrity records, and evidence export logs.
• Support tickets: 3 years.
• Server-side CookieYes consent logs: 3 years.
  • Including timestamp, consent ID, country, pseudonymized IP, and category preferences.
• Transactional email delivery logs and suppression status: 2 years.
• Privacy rights requests: 2 years.
• Browser-side cookie choices:
  • Consent-choice retention periods may vary by region, applicable law, and our consent-tool settings. See our Cookie Policy for current details.
• Marketing consent: Until withdrawal.
• Reviews and testimonials: For as long as they are displayed, or until removal is requested.

We may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, comply with court orders, or fulfill other legal obligations (including applying a legal hold). Once the applicable retention period expires and no legal hold applies, we will delete or irreversibly anonymize the data.

For more information, please see our Cookie Policy.

10. Data Minimization

We limit collection and retention to what is necessary for the purposes described in this Privacy Policy and delete or irreversibly anonymize data when no longer needed.

11. Security

We use commercially reasonable technical and organizational measures to protect Personal Data, including encryption in transit (TLS 1.2+), least-privilege access controls, multi-factor authentication for administrative access, and audit logging with limited retention. We work hard to protect your information, but no method of transmission or storage is 100% secure. If we become aware of a data breach affecting you, we will notify you as required by law.

12. Your Rights

• Global: Depending on your location, you may have rights to access, correct/rectify, delete/erase, restrict or object to processing, data portability, and to withdraw consent at any time.
• EEA/UK (GDPR): If you are located in the EEA or UK, you are entitled to all rights under Articles 12–23 of the GDPR. You may access, rectify, erase, restrict, object to processing, or request portability of your Personal Data. Where processing is based on consent, you may withdraw that consent at any time. You may also lodge a complaint with your local supervisory authority. A list of supervisory authorities in the EEA is available on the EDPB website.
• U.S. State: Right to know/access, correct, delete, opt out (sale/share/targeted advertising), and non-discrimination for exercising your rights.
  • Appeals: If we deny your request, you may appeal our decision by replying to our response email or by submitting a new request via our web form using the subject line “Appeal.” We will review and respond within the time required by law and provide the reasons for any continued denial.
  • Authorized agents (where permitted, such as California): You may submit requests through an authorized agent. We require proof of authorization (such as signed permission or power of attorney) and may need to verify your identity directly.
  • Non-discrimination: We do not discriminate against individuals who exercise their privacy rights under applicable law. We do not offer financial incentives or differential pricing based on data sharing. If we ever introduce such a program, we will publish a Notice of Financial Incentive describing its terms.
• How to submit: Email [email protected] or use our contact form.
  • Verification: To protect your data, we may request limited information to verify your identity or authority (such as confirming your email address, account access, or order details). We use this information solely for verification purposes and delete it once the process is complete, unless retention is required by law. If we are unable to verify your identity, we will explain the reason and decline the request as required by law.
  • Request confirmation and processing workflow: To protect your account, we use an email confirmation step for access/export and erasure requests. We send a confirmation email with a verification link which expires in 72 hours, and we process the request only after confirmation. If not confirmed, the request remains pending.
  • Erasure requests: After confirmation, we erase Personal Data where feasible. For order-linked compliance and security records, we may instead apply anonymization/pseudonymization and retain limited non-identifying evidence when required to establish, exercise, or defend legal claims or to comply with legal obligations.
  • Format of response: When you exercise your access or data portability rights, we will provide your data in a commonly used, machine-readable format (such as .json or .html).
  • Delete account: Erasure/anonymization does not automatically delete your user account. If you want your account deleted, please contact us. We will process verified account-deletion requests promptly, subject to applicable legal retention obligations.
• Response Timeframes and Procedures: We aim to respond to all rights requests without undue delay. The applicable response timeframe begins once we receive a verifiable request, unless additional verification is required. Where applicable, we follow these legal timeframes:
  • GDPR / UK GDPR: Within 1 month of receipt. This may be extended by up to 2 months where necessary due to complexity or volume; you will be informed of any extension within the first month.
  • U.S. States: Within 45 calendar days. If more time is needed, we will notify you and explain the reason.
  • Other Jurisdictions: We will comply with local legal deadlines and inform you accordingly.
• Withdrawal of Consent: Where our processing relies on your consent (such as non-essential cookies, marketing communications, testimonials), you may withdraw it at any time by:
  • Adjusting preferences via the Cookie Settings or Your Privacy Choices in the site footer.
  • Clicking “Unsubscribe” in our marketing emails.
  • Contacting us at [email protected] or use our contact form.
  • If you have submitted a product review, you may request its removal or anonymization.
  • Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.
• Keeping your information up to date: Please help us keep your account information accurate and up to date. You may update certain details through your account settings (if available), or contact us to request a correction.

Nothing in this section limits any non‑waivable rights you have under applicable law.

13. Children

Our Services are intended for adults (18+) and are not directed to minors. We do not knowingly collect Personal Data from anyone under the age thresholds set by applicable law (including under 13 in the U.S. under COPPA). If we obtain actual knowledge that a child has provided Personal Data, we will promptly delete it and, where applicable, disable access. We request a simple age affirmation at checkout; we do not request government IDs for this purpose in the ordinary course. Parents or guardians who believe a minor has used our Services may contact us at [email protected].

14. Delivery Verification, Disputes, and Anti-Fraud

To verify digital delivery, prevent fraud and abuse, and manage disputes and chargebacks, we log limited technical and transactional information about orders and access to our Digital Products and Online Services. This may include:

• License or activation states.
• Timestamps of purchase, access, and download events.
• IP address and approximate location, device/OS and browser information.
• Network and security signals (including CDN/security headers, security event identifiers, and challenge outcomes).
• Order and transaction identifiers, payment processor status codes, and limited payment details (such as card brand and last four digits, where applicable).
• Email deliverability signals (such as whether an email was accepted, delivered, bounced, or marked as undeliverable), including bounce classification, spam complaints, and suppression status. We do not use email open tracking or link tracking for these purposes.
• Checkout consent logs, status/version/text-hash, and limited technical/security metadata.

We use this information to:

• (a) Confirm that Delivery has occurred as defined in our Terms of Use.
• (b) Respond to your support requests.
• (c) Detect and mitigate fraud, abuse, and security incidents.

We process this data on the legal bases of contract performance, our legitimate interests in operating a secure business, and compliance with legal obligations (such as record-keeping and anti-fraud rules). We do not use delivery‑verification, access, license‑state, or fraud‑prevention logs for behavioral profiling, targeted advertising, or marketing optimization. These logs are used solely to secure our Services, confirm digital delivery, and manage disputes or abuse. We retain this information only as long as necessary, in accordance with the specific periods outlined in the Data Retention section.

15. Automated Decision-Making

As described in Section 4 (Purposes and Legal Bases), we do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects on you.

16. Third-Party Services

We use certain third-party services and providers in connection with the Services, including the following material categories and examples:

Cloudflare (security)

• We use Cloudflare for CDN, availability, DDoS mitigation, and security protections (including bot/abuse prevention and rate limiting). Cloudflare acts as a processor/service provider on our behalf for these purposes.

Security challenges (anti-bot)

• Certain flows may trigger security challenges (including Cloudflare Turnstile and Google reCAPTCHA) to protect the Services and prevent fraud or abuse. We use these challenges solely for security and abuse prevention. Providers may process related data under their own notices.

CookieYes (consent management)

• We use CookieYes to manage cookie preferences and maintain consent records. CookieYes acts as a processor/service provider on our behalf for these purposes.

Tag management and measurement tools

• We may use tag management and similar deployment tools to manage the activation of analytics, advertising, consent, and other website technologies.

Analytics and attribution providers

• Where enabled, we may use analytics and attribution providers to understand Site usage, measure performance, analyze events, and improve the Services.

Advertising and social media partners

• Where enabled, we may use advertising, social media, and conversion-measurement partners to measure campaign performance, understand conversions, support audience analysis, and measure or support marketing activities, subject to applicable law and your privacy choices.

Postmark (transactional email delivery)

• We use Postmark to send transactional emails and to process related deliverability and troubleshooting data (such as delivery status, bounces, spam complaints, and suppression status). Postmark acts as a processor/service provider on our behalf for these purposes. We have disabled Postmark’s open tracking and link tracking.

YouTube (embeds)

• We may display YouTube content via embeds or thumbnails.
• We block non-essential YouTube cookies/storage until you consent.
• You can withdraw consent at any time via Cookie Settings.

Sign-In (OAuth 2.0 – Authentication via “Continue with Google”)

• We receive from Google certain identifiers (such as your name, email address, Google ID, profile image, and technical login metadata).
• We do not receive or store your Google password or request access to other Google products.
• A hashed local credential is created to maintain your account. It will not enable password login.
• The Google account linkage on Flexabits is retained while your account is active or until you revoke.
• You may revoke our access (myaccount.google.com > Security > Third-party access).
• After revocation, you can sign in with a password if configured.
• Revoking Google access does not delete your Flexabits account. To delete it, contact us.
• Data from Google is used only to authenticate and secure your account, is disclosed only to processors necessary to provide the service, and is not used for advertising or profiling.

17. California Privacy Rights Notice (CCPA/CPRA)

California Notice at Collection:

At or before collection, we inform consumers of the categories of personal information we collect, the purposes for which each category is used, whether such information is sold or shared, and the applicable retention periods or criteria described in this Privacy Policy.

Categories collected (12-month lookback):

• Identifiers (e.g., name, email, account identifiers, IP address).
• Commercial information (e.g., Digital Products ordered, order history, transaction metadata).
• Internet or other electronic network activity (e.g., access/download events, interaction and security logs, client/browser/app context such as user-agent fields, technical security signals, and analytics, attribution, advertising, and similar measurement data where enabled).
• Approximate geolocation (region/country level derived from network data).
• Limited payment metadata received from processors (e.g., card brand/last4 where applicable).

Business and commercial purposes:

• Provide and secure the Services.
• Process orders and verify digital delivery.
• Customer support and account servicing.
• Fraud prevention, abuse detection, and incident response.
• Legal compliance, recordkeeping, and dispute/chargeback defense.
• Analytics, measurement, attribution, service improvement, and optional marketing-related activities where permitted and based on applicable law and your choices.

Sources:

• Directly from you.
• Automatically from your device/browser during service use.
• From service providers/processors, payment processors, authentication providers, and, where enabled, analytics, attribution, advertising, or embedded-content providers.

Disclosures:

• Service providers/processors for business purposes.
• Payment processors and payment-related service providers, including payment processors that may act as independent controllers with respect to payment credentials and certain related payment-processing activities.
• Identity, authentication, consent-management, communications, analytics, attribution, advertising, and embedded-content providers, depending on the technologies enabled, applicable law, and your choices.

Sale/Share:

• We do not sell Personal Information for money. Depending on the technologies enabled on the Site and applicable law, certain online identifiers, browsing activity, device/browser information, and similar data may be disclosed to analytics, advertising, attribution, or social media partners in a manner that may constitute “sharing” or targeted advertising under certain U.S. state privacy laws.

GPC:

• Where applicable, we recognize and process Global Privacy Control (GPC) and other valid opt-out preference signals as requests to opt out of sale/sharing. We also provide notices and methods to exercise relevant opt-out rights as required by applicable law.

Sensitive Personal Information:

• We do not intentionally collect or use Sensitive Personal Information beyond what is reasonably necessary to provide and secure the Services. See What data we collect.

Retention:

• We describe retention periods and/or retention criteria in Data Retention. We retain each category only for as long as reasonably necessary and proportionate for the disclosed purpose(s), unless a longer period is required or permitted by law.

Notice updates:

• If we intend to collect additional categories of personal information, including sensitive personal information, or use personal information for additional purposes not previously disclosed, we will provide updated notice as required by applicable law.

18. Updates

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top and, where appropriate, update our Privacy Policy Log. Unless stated otherwise, the updated Policy will apply on a going-forward basis and will not retroactively change how we previously processed your Personal Data in a way that is materially less protective without obtaining any required consent. Where required by law or where changes are material, we will provide additional notice (such as via the Site or by email).

19. Contact us

• Privacy contact: [email protected]
• Contact form: flexabits.com/contact-us
• Support hours: 9:00 AM – 5:00 PM ET (New York time), Monday to Friday.
• Typical response time: 1-2 business days. Closed on weekends and US holidays.