Last updated: April 2026 Effective date: April 27, 2026 Applies to: United States, United Kingdom, European Economic Area, India, and all other regions where Flento is available.

1. Introduction

Welcome to the Flento Privacy Policy ("Policy"). Flento Inc. ("Flento," "we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Policy explains how we collect, use, store, share, and protect your personal information when you:

Visit www.flento.io (regardless of your location)
Use the Flento local SEO platform and its features
Create an account, start a free plan, or subscribe to a paid plan
Contact us for support, respond to a survey, or sign up for our newsletter
Connect third-party services (such as Google Business Profile) to Flento

We will never sell your personal data to any third party.

If you have any questions, contact us at legal@flento.io before using our services.

2. Who We Are

Controller

Flento Inc. is the data controller responsible for your personal data collected through our website and platform.

Contact Details

Company name: Flento Inc.
Website: www.flento.io
Legal & Privacy enquiries: legal@flento.io
Customer support: support@flento.io

Note: Flento Inc. is currently in the process of formal registration. A registered address will be added to this Policy once incorporation is complete. For any legal or privacy matters in the meantime, please contact us at legal@flento.io.

Data Protection Officer (DPO)

Flento has appointed a Data Protection Officer. If you have any questions about how your data is processed, please contact:

DPO email: legal@flento.io

Changes to This Policy

This Policy was last updated in April 2026. We may revise it from time to time. We will notify you of any material changes via email or a prominent notice on our platform. We encourage you to review this page periodically.

Third-Party Links

Our website and platform may contain links to third-party websites and integrations (e.g., Google Business Profile, review directories). We do not control those third parties and are not responsible for their privacy practices. We encourage you to read the privacy notice of every third-party service you connect to Flento.

3. The Data We Collect About You

We may collect, use, store, and transfer the following categories of personal data about you:

Identity Data: first name, last name, username, title, profile photo
Contact Data: email address, telephone number, billing address, social media handles
Financial Data: payment card details and bank information — processed securely via Stripe; Flento does not store raw card data
Transaction Data: details of payments made, subscription plan, invoices, and services ordered or commissioned
Technical Data: IP address, browser type and version, device identifiers, time zone, operating system, login timestamps
Profile Data: username, password (hashed), account preferences, feature usage history, survey responses, and feedback
Usage Data: how you navigate and use our platform, features accessed, session duration, clicks, and scroll behaviour
Business Listing Data: Google Business Profile data, citation data, review data, and local ranking data that you connect to or generate through Flento
Marketing & Communications Data: your preferences for receiving marketing from us and third parties, and your communication history with us
Aggregated / Anonymised Data: statistical or demographic data derived from personal data (e.g., platform-wide usage trends). This does not identify you individually.

We do not collect any Special Categories of Personal Data (e.g., health, race, religion, biometric data) or information about criminal convictions or offences.

This website and platform are not intended for children under 16. We do not knowingly collect data relating to children.

If You Fail to Provide Personal Data

Where we need personal data to perform a contract with you and you do not provide it, we may be unable to deliver our services. We will notify you if this situation arises.

4. How We Collect Your Data

We collect data through the following methods:

Direct interactions: Data you provide when registering, upgrading, contacting support, completing a form, or participating in a survey
Automated technologies: Cookies, server logs, Google Analytics, and Meta Pixel as you interact with our website and platform. See Section 8 (Cookies) for full details.
Third-party integrations: When you connect Google Business Profile or other third-party services to Flento, we receive data from those platforms in accordance with their terms
Payment processor: Stripe shares transaction confirmation and billing details with us when you purchase a plan
Publicly available sources: Business listing data and review data from publicly available directories and platforms

5. How We Use Your Personal Data

We only use your personal data when the law permits. The lawful bases we rely on are:

Performance of a contract — to provide and manage your Flento subscription
Legitimate interests — to improve our platform, prevent fraud, and market our services (where your interests and rights do not override ours)
Legal obligation — to comply with applicable laws and regulations
Consent — for marketing emails and optional data uses (you can withdraw consent at any time)

Specific purposes include:

Registering you as a new customer or free-plan user
Processing payments and managing billing via Stripe
Delivering Flento platform features: Google Review Management Software, Google Business Profile Optimizer, Business Listing Management Software, Local Keyword Rank Tracker, AI Local SEO Software, Local Competitor Analysis Tool, Smart QR Code Generator, and Local Business Content Automation
Managing your account and notifying you of changes to our terms or this Policy
Providing customer support via email (support@flento.io)
Sending service updates, security alerts, and transactional communications
Sending marketing communications (only where you have opted in or we have a legitimate interest)
Analysing usage data to improve our platform, products, and user experience
Detecting and preventing fraud, abuse, and security threats
Complying with legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Marketing

Promotional Communications

We may contact you with information about Flento products, features, blog content, webinars, and offers that we believe may be of interest to you, based on your account activity and preferences.

You will only receive marketing emails from us if you have:

Expressly requested information about our services, or
Purchased or signed up for a Flento plan, or
Provided your details when entering a competition or registering for a webinar, or
Given us your explicit consent

Third-Party Marketing

We will never share your personal data with any company outside of Flento for their own marketing purposes without your explicit opt-in consent.

Opting Out

You can stop receiving marketing communications at any time by:

Clicking the "Unsubscribe" link in any marketing email
Updating your notification preferences in your Flento account settings
Emailing us at legal@flento.io

Opting out of marketing does not affect service emails (e.g., billing confirmations, security alerts, or policy updates) that we are obliged to send.

7. Disclosures of Your Personal Data

We may share your personal data with the following parties for the purposes set out in this Policy:

Internal Parties

Flento employees and contractors who need access to perform their role and are bound by confidentiality obligations

Third-Party Service Providers (Sub-Processors)

We use the following third-party providers to operate our business. All are bound by data processing agreements and may only process your data on our instructions:

Stripe (stripe.com) — Payment processing. Stripe does not share raw card data with Flento.
Amazon Web Services (AWS) — Cloud hosting and data storage for the Flento platform
Vercel — Frontend hosting and deployment of www.flento.io
Google Analytics — Website traffic analytics and usage reporting
Meta Pixel — Advertising measurement and retargeting on Meta platforms (Facebook/Instagram)
Google Business Profile API — Integration to manage and optimise your GBP listings through Flento

We will update this sub-processor list as we add new tools. The most current version is always at www.flento.io/privacy.

Other Disclosures

Regulators, law enforcement agencies, or courts where required by applicable law
Third parties in connection with a business acquisition, merger, restructuring, or sale of Flento assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit third-party service providers to use your personal data for their own purposes.

8. Cookies

We use cookies and similar tracking technologies to improve your experience on our website and platform. The cookies we use include:

Essential cookies: Required for the website to function (e.g., session management, login state)
Analytics cookies: Google Analytics — helps us understand how visitors use our site (page views, session duration, traffic sources)
Advertising cookies: Meta Pixel — measures the effectiveness of our advertising campaigns on Facebook and Instagram

You can control or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of parts of our website. For full details, see our Cookie Policy at www.flento.io/cookie-policy.

9. International Data Transfers

Flento serves customers globally — including in the United States, United Kingdom, European Economic Area (EEA), and India. As a result, your personal data may be transferred to and processed in countries outside your own.

Whenever we transfer your personal data internationally, we ensure an equivalent level of protection by:

Only transferring to countries deemed adequate by the relevant data protection authority (e.g., European Commission adequacy decisions)
Using Standard Contractual Clauses (SCCs) approved by the European Commission for EEA/UK transfers
Relying on the UK Extension to the EU-US Data Privacy Framework where applicable for UK-to-US transfers
Requiring our sub-processors to maintain their own Data Processing Agreements for onward transfers

Our primary infrastructure is hosted on AWS and Vercel, both of which operate under robust data protection frameworks. Please contact legal@flento.io if you require further information about the specific mechanisms used for your data.

10. Data Security

We have put in place appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, alteration, or disclosure. These include:

Encryption of data in transit (TLS/HTTPS) and at rest
Access controls and role-based permissions — only authorised personnel can access personal data
Infrastructure hosted on AWS and Vercel, both of which maintain industry-standard security certifications
Regular internal security reviews and vulnerability assessments
Incident response procedures — we will notify you and applicable regulators of any personal data breach where legally required

While we take security seriously, no method of transmission over the internet is 100% secure. We encourage you to use a strong password and keep your login credentials confidential.

11. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes it was collected for — including satisfying legal, accounting, or reporting requirements.

Our general retention guidelines:

Active account data: retained for the duration of your account plus 6 years after account closure (for tax and legal liability purposes)
Payment and transaction records: 7 years in line with standard financial record-keeping obligations
Marketing preference records: until you withdraw consent or opt out
Support communications: up to 3 years from the date of the interaction
Analytics data: as per Google Analytics data retention settings (default 26 months)

In some circumstances we may anonymise your personal data for research or statistical purposes, in which case we may use it indefinitely without further notice. You may also request deletion of your data — see Section 12 below.

12. Your Legal Rights

Depending on your location, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at legal@flento.io. We will respond within 30 days (or 45 days for CCPA requests).

Rights Under GDPR (EEA & UK Users)

Right of access: Request a copy of the personal data we hold about you (also known as a "Subject Access Request")
Right to rectification: Request correction of inaccurate or incomplete personal data
Right to erasure: Request deletion of your personal data where there is no legitimate reason for us to continue processing it (the "right to be forgotten")
Right to object: Object to processing based on legitimate interests or for direct marketing purposes
Right to restrict processing: Request that we suspend processing your data in certain circumstances
Right to data portability: Request a copy of your data in a structured, machine-readable format for transfer to another controller
Right to withdraw consent: Withdraw consent at any time where processing is consent-based (this does not affect the lawfulness of prior processing)

You also have the right to lodge a complaint with your local supervisory authority. For UK users, this is the Information Commissioner's Office (ICO) at www.ico.org.uk. We would, however, appreciate the opportunity to address your concerns first — please contact us at legal@flento.io before contacting a regulator.

Rights Under CCPA / CPRA (California Residents)

Right to know what personal information we collect, use, disclose, and share
Right to delete personal information we hold about you
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information — Note: Flento does not sell personal information
Right to limit use and disclosure of sensitive personal information
Right to non-discrimination for exercising your CCPA rights

Rights Under Indian Data Protection Law (DPDP Act 2023)

Right to access information about your personal data being processed
Right to correction and erasure of personal data
Right to grievance redressal — contact legal@flento.io
Right to nominate another individual to exercise rights on your behalf in case of death or incapacity

No Fee Usually Required

You will not usually need to pay a fee to exercise your rights. We may charge a reasonable fee or decline a request if it is manifestly unfounded, repetitive, or excessive.

Identity Verification

For your protection, we may need to verify your identity before processing a rights request to prevent unauthorised disclosure of personal data.

13. Glossary

Controller: The entity that determines the purposes and means of processing personal data. For this Policy, that is Flento Inc.

Personal Data: Any information relating to an identified or identifiable natural person. Does not include anonymised data.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

Sub-processor: A third-party vendor that processes personal data on Flento's behalf under a data processing agreement.

Legitimate Interests: A lawful basis for processing where Flento has a genuine business reason that is proportionate and does not override your rights.

Standard Contractual Clauses (SCCs): Legally binding contractual terms approved by the European Commission for international data transfers.

GDPR: General Data Protection Regulation — the data protection law of the European Union and, as retained in UK law, the United Kingdom.

CCPA / CPRA: California Consumer Privacy Act / California Privacy Rights Act — the primary privacy law for California residents in the United States.

DPDP Act: India's Digital Personal Data Protection Act 2023.

Questions about this Policy? Contact us at legal@flento.io · www.flento.io/privacy