Privacy Policy

1. Introduction

Flence.com ("Flence", "we", "us", or "our"), a product of Influentive LTD, operates a multilingual e-commerce and networking SaaS platform designed for creative professionals, enabling B2B, B2C, and crowdfunding sales with a focus on fashion, jewelry, and lifestyle products.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA/CPRA).

2. Information We Collect

2.1 Account & Profile Data

When you create an account, we collect:

• Personal information: Name, email address, username, password (encrypted)
• Professional details: Role, skills, bio, headline, location
• Portfolio content: Images, videos, project descriptions
• Social media links (optional)
• Profile and cover photos
• Student verification documents (if applicable)
• Recruitment Profile Data (optional, consent required): Core role, seniority, employment preferences, availability, work experience, education, CV/resume PDF, analytics metrics, AI style descriptors — collected only when you activate the Pro Recruitment feature

2.2 Business & Transaction Data

• VAT number, tax ID, business registration information
• Shipping and billing addresses
• Payment information (processed securely via Stripe - we don't store card details)
• Stripe Connect account information (for sellers and collaborators)
• Transaction history, order details, invoices
• Product listings, pricing, inventory data
• Crowdfunding campaign details, backer information, escrow transactions

2.3 Communication Data

• Messages between users (collaboration chats)
• File attachments shared in chats
• Support tickets and correspondence
• AI-generated content (descriptions, policies, terms, project plans)
• Email communication records

2.3a Creative Studio Data

• Visual Boards: Board titles, pin images (uploaded or external URLs), section names, annotations, activity logs, finalization status, offer prices
• Project Plans (AI Planner): Project titles, descriptions, questionnaire inputs (project type, timeline, team size, aesthetic), AI-generated phases and tasks, Kanban card data
• Operations Calendar: Custom event titles, dates, categories, reminder settings, reminder delivery history
• Performance Analytics: Time-series activity data (profile views per day, collaboration requests, orders, bookmarks), KPI totals across 6 activity categories

2.3b Google Calendar Integration Data (Optional)

If you choose to connect Google Calendar via the Operations Hub, we collect and process:

• OAuth Access Token & Refresh Token: Encrypted and stored securely to authenticate requests to your Google Calendar on your behalf
• Google Account Email: Used to identify which Google account is connected
• Calendar Write Access: We request permission to create and update events in your Google Calendar. We do not read your existing calendar events or share your Google data with any third party
• Scope requested: https://www.googleapis.com/auth/calendar.events — write-only (create/update Flence events in your calendar)

You may disconnect Google Calendar at any time from the Operations Hub → "Disconnect Google Calendar". This immediately revokes our access tokens and we will not make further requests to your Google Calendar. We do not retain your Google OAuth tokens after disconnection.

2.4 Automatically Collected Data

• Device information (browser type, OS, screen resolution)
• IP address and approximate location data
• Usage analytics (pages visited, features used, time spent)
• Cookies and similar tracking technologies (see Cookie Policy)
• Click tracking and interaction patterns
• Affiliate referral data (if using affiliate features)

3. How We Use Your Information

We process your data for the following purposes:

• Service Provision: Create and manage your account, facilitate B2B/B2C/crowdfunding transactions, enable messaging and collaboration
• AI-Powered Features: Generate product descriptions, shipping policies, service terms, perk descriptions, bio refinement, and project plans using OpenAI GPT-4o / Claude (via Emergent LLM key)
• Payment Processing: Process purchases, subscriptions, crowdfunding contributions, and revenue splits via Stripe and Stripe Connect
• Crowdfunding Routing: Route backer pledges directly to the creator's connected Stripe account via Stripe Destination Charges. Flence does not hold the funds; the creator is the merchant of record for the pledge.
• Collaboration Tools: Facilitate partnerships, revenue splitting, and team projects
• Creative Studio: Store and display your visual boards, project plans, kanban tasks, and calendar events
• Google Calendar Sync (Optional): When you authorize Google Calendar access, push your Flence events (orders, tasks, custom events) into your connected Google Calendar. We only write events — we never read your existing calendar data
• Operations Calendar Reminders: Send scheduled reminder emails and bell notifications for events you mark for reminders
• Analytics: Compute and display your Performance Hub activity metrics (profile views, portfolio views, collaboration activity, order history)
• Platform Improvement: Analyze usage patterns via PostHog analytics, develop new features, improve user experience
• Communications: Send transactional emails via SendPulse (order confirmations, 2FA codes, notifications, calendar reminders)
• Affiliate Program: Track referrals via Trackdesk (only if you opt-in to affiliate features)
• Pro Recruitment: Share your professional profile with FashionSpyder.com so HR professionals can discover you (only if you activate the Pro Recruitment subscription — explicit consent required)
• Security & Fraud Prevention: Two-factor authentication, detect suspicious activity, prevent abuse, verify identities
• Legal Compliance: Fulfill tax obligations, respond to legal requests, enforce our terms
• Marketing: Send promotional emails (with consent, opt-out available)

4. Legal Bases for Processing (GDPR)

• Contractual Necessity: Providing the services you requested (account creation, transactions, collaboration tools, AI assistance)
• Legitimate Interests: Platform security, fraud prevention, business operations, improvements, analytics
• Consent: Marketing communications, analytics cookies, affiliate tracking, AI-generated content refinements
• Legal Obligations: Tax compliance, identity verification for sellers, responding to authorities, financial record-keeping

5. Information Sharing & Third Parties

We share your information with the following trusted third-party providers:

5.1 Essential Service Providers

• Stripe (USA): Payment processing, subscription management, Stripe Connect for seller payouts and crowdfunding revenue splits. Stripe is PCI-DSS Level 1 certified. Stripe Privacy Policy
• OpenAI / Anthropic / Google Gemini (USA): AI-powered content generation (descriptions, policies, terms, bio refinement, project plan generation) via the Emergent LLM integration. Data sent: listing details, user prompts, project briefs. OpenAI Privacy Policy
• Google LLC (USA) — Google Calendar API (Optional): If you connect Google Calendar in the Operations Hub, we send your Flence calendar events to Google's Calendar API to create entries in your calendar. Data sent: event title, date/time, category, description. Legal basis: Consent (you explicitly authorize the OAuth connection). You can revoke access at any time. Google Privacy Policy
• SendPulse (USA): Transactional email delivery (order confirmations, 2FA codes, notifications, password resets, calendar reminders). SendPulse Privacy Policy
• PostHog (USA/EU): Privacy-focused analytics platform for usage tracking and feature analysis (only if you consent to analytics cookies). PostHog Privacy Policy

5.2 Optional Third-Party Services

• Trackdesk (EU): Affiliate marketing tracking (only if you opt-in to affiliate program). Your encrypted API key is stored securely. Trackdesk Privacy
• Karrio (Self-Hosted): Multi-carrier shipping rate calculation service. Self-hosted solution that connects to USPS, FedEx, UPS, DHL, Royal Mail, Aramex, and other carriers to provide real-time shipping cost estimates. No user data is shared with Karrio itself; carrier integrations follow each carrier's privacy policies.
• FashionSpyder.com (EU — Malta): A specialist B2B fashion industry recruitment platform operated by Influentive LTD (same data controller as Flence). Data shared only when you explicitly activate the Pro Recruitment subscription:
  • Professional profile: role, seniority, skills, bio, availability, work preferences, location, portfolio highlights, CV URL
  • Analytics metrics and performance data from your Flence profile
  • Hire event notifications (when HR companies express interest or hire you)
  • Contact details (email/phone) are automatically redacted from all free-text fields before transmission — HR companies cannot see your direct contact details in the public profile
  • Legal basis: Explicit consent — you consent during the Pro Recruitment activation flow. You may withdraw consent at any time by cancelling the subscription (data is deactivated on FashionSpyder immediately)
  FashionSpyder Privacy Policy

5.3 Other Platform Users

• Public profiles and portfolios are visible to all users
• Product listings (B2C, B2B, crowdfunding) are publicly accessible
• Messages and files shared with collaborators
• Crowdfunding campaign updates visible to backers
• Collaboration agreements and revenue split information shared with co-creators

5.4 Legal Requirements

We may disclose data when required by law, court orders, regulatory authorities, or to protect rights, property, or safety.

6. Your Privacy Rights

6.1 EU/UK Users (GDPR Rights)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data via profile settings or support
• Right to Erasure: Request deletion of your data ("right to be forgotten") - Note: Some records retained for legal/tax compliance
• Right to Restriction: Limit processing of your data
• Right to Portability: Receive your data in machine-readable format (JSON/CSV)
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: For marketing, analytics cookies, and optional processing
• Right to Lodge a Complaint: Contact your data protection authority

6.2 California Users (CCPA/CPRA Rights)

• Right to know what data we collect and how it's used
• Right to delete personal information
• Right to opt-out of data sales (we don't sell your data)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate information

7. Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: 90-day grace period, then permanent deletion (except legally required records)
• Transaction Records: Retained for 7 years for tax and accounting compliance (EU/UK VAT regulations)
• Crowdfunding Escrow Records: Retained for 7 years per financial regulations
• AI-Generated Content: Stored as long as associated listing/campaign is active
• Marketing Data: Until you unsubscribe or 2 years of inactivity
• Analytics Data: PostHog retains anonymized data per their retention policy (typically 1-2 years)
• Support Tickets: 3 years for quality assurance

8. International Data Transfers

Flence is based in Malta (EU), but we use service providers in the USA and other countries. When we transfer your data outside the EU/EEA, we ensure appropriate safeguards:

• Stripe (USA): EU-US Data Privacy Framework certified, Standard Contractual Clauses (SCCs)
• OpenAI / Anthropic (USA): Data Processing Agreement (DPA) with SCCs for GDPR compliance
• Google LLC (USA) — Calendar API: EU-US Data Privacy Framework certified. Covered by Google's DPA and SCCs. Google Calendar integration is optional and consent-based.
• SendPulse (USA): GDPR-compliant with EU data centers available
• PostHog (USA/EU): EU cloud hosting option, GDPR-compliant
• FashionSpyder.com (Malta/EU): Same jurisdiction (EU/Malta) — no international transfer. Data processed under the same GDPR framework as Flence.

9. AI-Powered Features & Data Processing

Flence uses artificial intelligence to enhance your experience. Here's how AI processes your data:

9.1 AI Content Generation

• Provider: OpenAI (GPT-4o)
• Data Sent: Product/service details, category, price, user role, existing text (for refinement)
• Purpose: Generate product descriptions, shipping policies, return policies, service terms, crowdfunding perk descriptions, bio refinement, and multi-carrier shipping rate calculations
• Data Retention: OpenAI retains prompts for 30 days for abuse monitoring, then deletes (per OpenAI API policy)
• Your Control: AI suggestions are optional - you can always write content manually

9.2 AI Recruitment Bio Optimizer

• Provider: OpenAI (GPT-4o-mini)
• Data Sent: Your original bio, core role, skills — only if you choose to use the AI Bio Optimizer in the Pro Recruitment profile form
• Purpose: Rewrite your bio with ATS-compatible keywords to increase discoverability by fashion HR systems
• Your Control: Entirely optional — you can write your recruitment bio manually and never use the AI optimizer
• Data Retention: OpenAI retains prompts for 30 days for abuse monitoring per their API policy

9.3 AI-Assisted Search & Recommendations

• Search query optimization and product recommendations (internal algorithms)
• Featured talent selection (automated + manual curation)
• No external AI providers for search/recommendations

10. Security Measures

• Encryption: All data transmitted via HTTPS/TLS
• Password Security: Bcrypt hashing with salt
• Two-Factor Authentication: Email-based 2FA for superadmin accounts
• Email Verification: Required for account activation
• Payment Security: PCI-DSS compliant via Stripe (we never store card details)
• Access Controls: Role-based permissions, admin audit logs
• Data Backups: Regular encrypted backups with 30-day retention
• Breach Notification: We will notify affected users within 72 hours of discovering a data breach (GDPR requirement)

11. Cookies & Tracking Technologies

We use cookies to provide essential functionality, improve performance, and analyze usage. For detailed information, please see our Cookie Policy.

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in our footer.

12. Children's Privacy

Flence is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@flence.com and we will delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new features. Material changes will be communicated via email or prominent notice on our platform. The "Last Updated" date at the top indicates when changes were made.

14. Contact Information