Website Privacy Policy

Last updated: November 4, 2025

Flank (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, and share information when you visit our website flank.ai (the “Site”).

This Policy applies only to visitors of our website. It does not apply to users of our SaaS platform or to Flank employees, who are covered by separate policies.

Our Impressum provides further company and contact details in accordance with German law.

1. Information We Collect

We collect only limited information from visitors, for specific, stated purposes and with transparency.

Information you provide directly:

• When you contact us (e.g., through a form or email), we collect your name, email address, and any information you include in your message.

Information collected automatically:

When you browse our Site, we use cookies and analytics tools (if you consent) to collect non-identifiable information such as:

• Browser type and version
  
• Device type and operating system
  
• Pages visited and time spent on each page
  
• Referring website or source
  
• Approximate geographic location (derived from your IP address)

We do not use cookies that personally identify you or track you across other websites.

2. How We Use Your Information

We use the data we collect to:

• Operate, maintain, and improve our website
  
• Understand visitor activity and optimize user experience
  
• Respond to inquiries or requests you send us
  
• Detect and prevent security or technical issues
  
• Comply with applicable legal obligations

We do not sell or rent personal information.

3. Cookies and Consent Management

We use cookies and similar technologies to enhance website performance and analyze traffic.

Types of cookies we use:

• Essential cookies: Required for the website to function (e.g., session management, security).
  
• Analytics cookies: Help us understand how visitors use our Site (only set if you give consent).

Legal basis:

• Essential cookies: Art. 6(1)(f) GDPR – our legitimate interest in ensuring website functionality and security.
  
• Analytics cookies: Art. 6(1)(a) GDPR – your consent under §25(1) TTDSG.

When you visit our Site, you can choose whether to allow analytics cookies via our cookie consent banner.

Your preferences are stored and can be changed at any time through the “Cookie Settings” link in the Site footer.

4. Legal Bases for Processing (GDPR)

For visitors in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar laws, our processing of personal data is based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): for analytics and non-essential cookies.
  
• Legitimate interests (Art. 6(1)(f) GDPR): for website functionality, security, and responding to communications.
  
• Legal obligations (Art. 6(1)(c) GDPR): when required by law or regulatory compliance.

5. Data Sharing

We may share limited data with:

• Service providers who operate or support our website (e.g., analytics, hosting).
  
• Authorities or regulators, when required to comply with applicable law or to protect our rights.

All service providers are contractually bound to handle data securely and only for specified purposes.

6. International Data Transfers

As a global company, we may process and store data outside your country of residence.

If we transfer personal data to countries without an EU adequacy decision, we use Standard Contractual Clauses (Art. 46 GDPR) and other safeguards to ensure an adequate level of protection.

Examples include transfers to service providers offering web analytics or hosting infrastructure.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For example, analytics data may be stored for a limited period defined by our analytics provider (usually between 14 and 26 months).

8. Your Rights (Under the GDPR)

You have the following rights regarding your personal data:

• Access to the personal data we hold about you
  
• Rectification of inaccurate or incomplete data
  
• Erasure (“right to be forgotten”)
  
• Restriction of processing in certain circumstances
  
• Data portability to another provider
  
• Objection to processing based on legitimate interests
  
• Withdrawal of consent at any time (for analytics or cookies)

To exercise these rights, contact us at legal@flank.ai.

We will respond within one month as required under Art. 12 GDPR.

9. Data Protection Officer (DPO)

Flank has appointed a Data Protection Officer (DPO) to oversee privacy and data protection compliance. You can request to contact our DPO at legal@flank.ai.

10. Security

We implement appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction, in accordance with Art. 32 GDPR. We regularly review and update our security practices.

11. Children’s Privacy

Our website is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal data, please contact us so we can delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect new features, legal requirements, or changes in our practices. The latest version will always be available at www.flank.ai/legals/website-privacy-policy with the date of the last update noted above.

13. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact: legal@flank.ai