Privacy Policy

This Privacy Policy describes how Flyt ("Flyt," "we," "us," or "our") collects, uses, and shares information when you use our website at flyt.so, our AI workspace application at ask.flyt.so, and any related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

If you have questions about this Privacy Policy, contact us at privacy@flyt.so.

1. Information We Collect

Information You Provide

• Account Information: When you create an account, we collect your name, email address, and authentication credentials. We use WorkOS for authentication, which may include single sign-on (SSO) and Google OAuth.
• Workspace Data: Content you create or upload within your workspace, including conversations, messages, files, attachments, and any data generated through your use of the Service.
• Integration Data: When you connect third-party services (such as Gmail, Slack, HubSpot, Google Drive, Linear, Notion, LinkedIn, or others) through our integration layer, we access and process data from those services on your behalf and according to the permissions you grant.
• Payment Information: If applicable, payment and billing information is processed by our third-party payment processor. We do not directly store credit card numbers.
• Communications: Information you provide when you contact us for support or feedback, including email address and message content.
• Waitlist Information: If you join our waitlist, we collect your email address.

Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including features used, actions taken, timestamps, and general usage patterns.
• Device and Browser Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, pages viewed, referring URLs, and other standard server log information.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze usage. See Section 6 for details.

Information from AI Processing

• Conversation Data: Messages and instructions you send to the Flyt AI agent are processed to generate responses and execute tasks on your behalf.
• Generated Content: The AI agent may generate text, code, data visualizations, and other content based on your instructions and workspace context.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including AI agent execution, real-time communication, and third-party integrations
• Process and fulfill your instructions to the AI agent
• Authenticate your identity and manage your account
• Monitor and enforce workspace-level data isolation (multi-tenancy)
• Track credit usage and manage your workspace balance
• Improve, personalize, and optimize the Service
• Monitor performance, reliability, and security of the Service
• Communicate with you about updates, security alerts, and support
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Third-Party Service Providers: We use trusted service providers to operate the Service, including cloud infrastructure (Microsoft Azure), authentication (WorkOS), AI model providers (OpenAI), integration services (Composio), sandbox execution environments (E2B), observability tools (Langfuse), and communication infrastructure (LiveKit). These providers process data on our behalf and are contractually obligated to protect your information.
• Connected Integrations: When you connect third-party apps through the Service, data is exchanged with those services according to the permissions you authorize. Each integration is governed by its own privacy policy.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
• With Your Consent: We may share information with your explicit consent for purposes not described in this policy.

4. Data Storage and Security

Your data is stored on servers hosted on Microsoft Azure. We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Workspace-level data isolation ensuring your data is separated from other users
• Secure authentication via WorkOS with support for SSO and OAuth
• Sandboxed execution environments for AI agent code
• Regular security monitoring and access controls

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Conversation data, workspace content, and associated files are retained until you delete them or close your account. Upon account deletion, we will remove your personal data within a reasonable timeframe, except where retention is required by law.

6. Cookies and Tracking

We use the following types of cookies and tracking technologies:

• Essential Cookies: Required for authentication, session management, and core functionality of the Service.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can control cookies through your browser settings. Disabling essential cookies may impair your ability to use the Service.

7. AI and Automated Processing

The Service uses artificial intelligence to process your instructions and generate responses. Key details about our AI processing:

• Your conversations and workspace context are sent to third-party AI model providers to generate responses. We use commercially available large language models.
• AI-generated code executes in isolated cloud sandbox environments, separate from your local systems.
• We may use anonymized and aggregated usage data to improve AI performance and the Service. Your specific conversation content is not used to train third-party AI models.
• We use observability tools to monitor AI agent performance and reliability. Trace data may include conversation metadata but is subject to the same security and access controls as other data.

8. Your Rights

All Users

Regardless of your location, you may:

• Access and download your personal data
• Correct inaccurate information in your account
• Delete your account and associated data
• Disconnect third-party integrations at any time
• Opt out of non-essential communications

European Economic Area (EEA) and UK Residents

Under the GDPR, you have additional rights including the right to data portability, the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing personal data includes performance of a contract, legitimate interests, and consent where applicable.

California Residents

Under the CCPA/CPRA, California residents have the right to know what personal information is collected, to delete personal information, to opt out of the sale or sharing of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at privacy@flyt.so. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@flyt.so.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Flyt
Email: privacy@flyt.so
Website: flyt.so