Flast Logo
FlastAI Companion

Privacy Policy

Last updated: November 29, 2025

Introduction

At Flast, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI assistant platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Our Commitment to Your Privacy

We are committed to protecting your personal information and being transparent about what data we collect and how we use it:

  • We never sell your data: Your personal information, conversations, and content are never sold to third parties for any purpose.
  • We never share your data for advertising: Your data is not used for targeted advertising or shared with advertising networks.
  • Your data is not used for AI training: We do not use your conversations, content, or personal information to train AI models.
  • You own your content: Everything you create in Flast belongs to you. You can export or delete your data at any time.
  • Industry-standard security: We use encryption, secure infrastructure, and access controls to protect your information.

Information We Collect

We collect the following types of information when you use Flast:

  • Account Information: Email address, full name, nickname, and profile preferences you provide during registration.
  • AI Interactions: Your chat conversations, messages, and AI responses are stored to provide continuous service and context.
  • User Content: Memories, todos, prompts, artifacts, files, and other content you create or upload to the platform.
  • Artifacts: Documents, code, websites, and other content you create using our artifact system, including version history.
  • Playground Usage: Inputs and outputs from pre-built AI templates you execute.
  • Usage Analytics: We use Microsoft Clarity and Google Analytics to understand how you interact with our platform (only with your consent via cookie banner).
  • Technical Data: IP address, browser type, device information, and timestamps for security and service improvement.

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide AI assistant services and maintain chat context across conversations
  • To store and retrieve your memories, todos, prompts, and other personalized content
  • To process your AI requests using your provided API keys or our system keys
  • To send authentication emails (OTP codes for passwordless login)
  • To store and manage files you upload to our secure cloud storage
  • To analyze platform usage and improve our services (with your consent)
  • To ensure security, prevent fraud, and debug technical issues
  • To comply with legal obligations and enforce our Terms of Service

Third-Party AI Providers

Flast acts as an interface to third-party AI providers. When you use AI features:

  • Your messages are sent to the selected AI provider for processing
  • We use your API keys if provided, or our system keys as fallback
  • Each AI provider has their own privacy policy and data retention practices
  • We do not control how third-party AI providers use or store your data
  • We recommend reviewing the privacy policies of AI providers you use

Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: API keys and sensitive data are encrypted in our secure database
  • Authentication: Passwordless OTP system via email
  • Database: Enterprise-grade database with secure access controls
  • File Storage: Encrypted cloud storage for uploaded files with strict access controls
  • HTTPS: All data transmission is encrypted via HTTPS
  • Rate Limiting: Protection against abuse and unauthorized access

Cookies and Tracking

We use cookies and similar tracking technologies with your consent:

  • Microsoft Clarity: Session recordings and heatmaps to understand user behavior (only in production with consent)
  • Google Analytics: Website analytics to measure traffic and user engagement (only in production with consent)
  • Essential Cookies: Authentication tokens (JWT) and user preferences stored in browser localStorage
  • You can manage your cookie preferences through our cookie consent banner

Artifacts and Published Content

Artifacts are documents, code, websites, and other content you create using Flast. Important information about artifact privacy:

  • Private by Default: All artifacts are private by default and only accessible by you.
  • Public Artifacts: When you choose to publish an artifact as 'public', it becomes accessible to anyone with the link. Public artifacts may be indexed by search engines.
  • Unlisted Artifacts: Unlisted artifacts are accessible via direct link but are not indexed or discoverable by others.
  • Your Responsibility: You are solely responsible for the content you publish publicly. Do not publish artifacts containing sensitive, confidential, or personal information.
  • Revocation: You can change an artifact's visibility or delete it at any time. Note that content already accessed or cached by others cannot be recalled.

Playground Templates

Playground provides pre-built AI templates for common tasks. When you use Playground:

  • Input Processing: Your inputs are processed by AI models to generate outputs. Inputs may be temporarily stored for processing.
  • No Persistent Storage: Unless you explicitly save results to a chat, Playground inputs and outputs are not permanently stored.
  • File Uploads: Files uploaded to Playground are processed for the specific task and stored according to our standard file retention policy.

Data Retention

We retain your data as follows:

  • Account Data: Retained until you delete your account
  • Chat History: Retained indefinitely unless you delete specific chats or your account
  • Memories, Todos, Prompts: Retained until you delete them or your account
  • Artifacts: Retained until you delete them or your account. Published artifacts remain accessible until unpublished or deleted.
  • OTP Codes: Automatically deleted after expiration (typically 10 minutes)
  • Files: Retained in secure cloud storage until you delete them or your account

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Delete your account and all associated data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Opt-out of certain data processing activities
  • Right to Withdraw Consent: Remove cookie consent at any time

Data Deletion

You can delete your data at any time:

  • Individual chats, memories, todos, and prompts can be deleted from the UI
  • Your entire account can be deleted from account settings
  • Account deletion permanently removes all associated data from our systems
  • Uploaded files are deleted from cloud storage upon account deletion
  • Some data may remain in backups for up to 30 days

Children's Privacy

Flast is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, or wish to exercise your data rights, please contact us at [email protected]