Privacy Policy

Flahive AI ("we," "us," or "our") operates an AI-powered supportive chat platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our Service.

This Policy applies to all users of the Service, including visitors to our website and registered account holders. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

2.1 Information You Provide Directly

• Account information: When you register, we collect your email address and an encrypted hash of your password. We do not store your password in plain text.
• Conversation data: The messages, questions, and information you submit during conversations with the AI ("Conversation Data"). This may include personal and sensitive information you choose to share.
• Support communications: If you contact us for help, we may collect your name, email address, and the content of your communication.
• Feedback: Any feedback, ratings, or suggestions you voluntarily provide about the Service.

2.2 Information Collected Automatically

• Usage data: Information about how you use the Service, including features accessed, session duration, click patterns, and navigation paths.
• Device and technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URLs.
• Log data: Server logs, error reports, and performance metrics collected automatically during your use of the Service.
• Cookies and local storage data: As described in Section 8 below.

2.3 Information We Do Not Collect

We do not knowingly collect: financial payment information (we do not currently process payments through the Service); government- issued identification numbers; precise geolocation data; biometric data; or sensitive personal information beyond mental health information you voluntarily share in conversations.

We recognize that conversations with a mental health support application may involve highly sensitive personal information. We apply the following protections to your Conversation Data:

• We do not sell your Conversation Data to any third party.
• We do not share your Conversation Data with advertisers, data brokers, or marketing companies.
• We do not use your Conversation Data to build advertising profiles or target you with advertisements.
• We do not use your Conversation Data to train AI models without your explicit, separate consent.
• Access to your Conversation Data within our organization is strictly limited to personnel with a need to access it for operational or safety reasons.

Safety Exception: In rare circumstances, if you share information that indicates an imminent risk of serious harm to yourself or others, we may take action, which could include reviewing conversation content for safety purposes or, where required or permitted by law, contacting emergency services. We take this exception extremely seriously and will exercise it only in genuine emergency situations.

HIPAA Limitation: Flahive AI is not a HIPAA-covered entity. Your conversations are treated with heightened sensitivity, but they do not receive the specific legal protections of HIPAA "protected health information." If you need HIPAA-compliant mental health support, please seek care from a licensed healthcare provider.

We use the information we collect to:

• Provide the Service: Process your messages, generate AI responses, maintain your conversation history, and deliver the core features of Flahive AI.
• Authenticate you: Verify your identity when you log in and maintain your secure session.
• Personalize your experience: Remember your preferences such as theme settings and model selections.
• Improve the Service: Analyze usage patterns (using de-identified or aggregated data where possible) to improve the quality, safety, and effectiveness of the Service.
• Communicate with you: Send important notices about the Service, respond to support requests, and provide information you request.
• Ensure safety and prevent abuse: Monitor for and address violations of our Terms of Service, detect fraud, and protect the safety of our users and the public.
• Comply with legal obligations: Respond to lawful requests from government authorities, courts, or other legal processes, and comply with applicable laws.

We use your personal information only for the purposes described in this Privacy Policy or for purposes that are compatible with those described. We do not use your Conversation Data to train AI models without your explicit consent.

We do not sell your personal information. We share your information only in the following limited circumstances:

5.1 Third-Party AI Providers. To generate AI responses, your conversation messages are transmitted to and processed by third-party artificial intelligence model providers. These providers process your message content to generate a response. We contractually require these providers to use your data only to provide services to us and not to retain, sell, or use your data for their own purposes. We do not send your email address or account identifiers to AI providers.

5.2 Infrastructure and Service Providers. We work with trusted third-party service providers who assist us in operating the Service, including cloud hosting providers, database services, and analytics tools. These providers are contractually required to handle your data only as directed by us and in accordance with our security and confidentiality requirements.

5.3 Legal Requirements. We may disclose your information if required to do so by law, court order, subpoena, government request, or other legal process. We will notify you of such requests to the extent permitted by law.

5.4 Safety and Protection. We may disclose information when we believe in good faith that disclosure is necessary to protect the safety, rights, or property of any person or the public — including, in extreme circumstances involving imminent risk of harm, contacting emergency services.

5.5 Business Transfers. If Flahive AI is involved in a merger, acquisition, financing, reorganization, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you before such a transfer occurs and will provide you with an opportunity to opt out of the transfer where required by law.

5.6 With Your Consent. We may share your information in other ways if you provide explicit consent for us to do so.

The core function of Flahive AI relies on third-party large language model (LLM) providers. When you send a message, that message is transmitted to an AI provider's servers for processing to generate a response. You should be aware of the following:

• Your message content is sent to external AI model servers. While we take steps to protect your privacy (such as not including your account email address with requests), the content of your messages leaves our direct infrastructure.
• We select AI providers that commit to not using your data to train their models without consent and that maintain appropriate data security standards.
• AI providers may have data retention policies that govern how long they temporarily store request data. We require providers to minimize data retention to the extent technically feasible.
• AI-generated responses are algorithmic outputs and may reflect biases or inaccuracies present in AI training data. We do not guarantee the accuracy or appropriateness of AI responses.

We will update this Policy if our AI provider relationships change in a material way. We encourage you to avoid sharing highly sensitive information (such as specific identifying details about third parties, financial information, or information you would not want processed by any external system) in your conversations.

7.1 Conversation Data. We retain your Conversation Data for as long as your account is active and for a reasonable period thereafter. This allows you to access your conversation history and supports our ability to fulfill legal obligations and resolve disputes.

7.2 Account Information. Your account information (email address and password hash) is retained for as long as your account remains active and for a period thereafter as required by applicable law or legitimate business purposes such as fraud prevention and dispute resolution.

7.3 Deletion Requests. You may request deletion of your account and associated personal information by contacting us at privacy@flahiveai.com. We will honor deletion requests within 30 days, subject to the exceptions noted below.

7.4 Retention Exceptions. We may retain certain information even after a deletion request where: (a) retention is required by applicable law; (b) the information is necessary for legitimate business purposes such as fraud prevention or legal defense; or (c) the information has been anonymized or aggregated such that you cannot reasonably be identified. Some information may persist in backup or archival systems for a limited period after deletion from our primary systems.

We use cookies and browser local storage to provide and improve the Service. We use the following types of technologies:

• Strictly necessary cookies: Required for authentication and maintaining your secure login session. These cannot be disabled without preventing you from using the Service.
• Preference cookies / local storage: Used to remember your settings such as your preferred display theme (light/dark mode) and AI model selection. These persist across sessions to provide a consistent experience.
• Analytics technologies: Used to understand how users interact with the Service so we can improve its design and functionality. Where possible, we use privacy-preserving analytics approaches.

Managing Cookies. You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and set preferences for certain websites. Disabling strictly necessary cookies will prevent you from using the Service. Disabling preference cookies will reset your settings each session.

We do not use tracking technologies for cross-site behavioral advertising.

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption of all data in transit using TLS/HTTPS;
• Secure hashing of passwords (your password is never stored in readable form);
• Access controls and authentication requirements limiting who can access user data within our systems;
• Regular security reviews and monitoring of our systems;
• Contractual security requirements imposed on third-party service providers.

Despite these measures, no method of transmission over the internet or electronic data storage system is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

Depending on your location, you may have certain rights with respect to your personal information. We honor the following rights for all users:

• Right to Access: You may request a summary of the personal information we hold about you.
• Right to Correct: You may request that we correct inaccurate personal information associated with your account.
• Right to Delete: You may request deletion of your account and associated personal information, subject to retention exceptions described in Section 7.
• Right to Data Portability: You may request a copy of certain personal information in a commonly used, machine-readable format.
• Right to Opt Out of Marketing: You may opt out of promotional communications by using the unsubscribe link in any marketing email or by contacting us.
• Right to Withdraw Consent: Where we process your information based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@flahiveai.com. We will respond to verified requests within 30 days. We may need to verify your identity before fulfilling a request.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Right to Know. You have the right to request disclosure of: (a) the categories of personal information we have collected about you; (b) the specific pieces of personal information we have collected; (c) the categories of sources from which we collected it; (d) our business purpose for collecting it; and (e) the categories of third parties with whom we share it.

Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (for example, where retention is required by law).

Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing. We do not sell your personal information or share it for cross-context behavioral advertising. You therefore have no need to opt out of these activities with respect to Flahive AI.

Right to Limit Use of Sensitive Personal Information. Under the CPRA, mental health information you share in conversations may constitute "sensitive personal information." We use such information only as necessary to provide the Service, as described in this Privacy Policy. We do not use it for additional commercial purposes.

Right to Non-Discrimination. We will not discriminate against you — including by denying services, charging different prices, or providing different quality of service — for exercising your CCPA/CPRA rights.

How to Submit a CCPA Request. You may submit a CCPA/CPRA request by emailing us at privacy@flahiveai.com with the subject line "CCPA Request." We will verify your identity before processing your request and will respond within 45 days (with the possibility of a single 45-day extension where reasonably necessary).

Authorized Agent. California residents may designate an authorized agent to submit requests on their behalf. We may require written authorization from you and may verify your identity directly.

In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable state laws, we do not knowingly collect, use, or disclose personal information from children under 18. If we discover that we have inadvertently collected personal information from a child under 18, we will promptly delete that information from our systems.

If you are a parent or guardian and believe that your child under 18 has provided personal information to us through the Service, please contact us immediately at privacy@flahiveai.com. We will take prompt steps to delete such information.

The Service is operated from the United States, and our data infrastructure is located in the United States. If you access the Service from a country outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

By using the Service from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States and to its processing in accordance with this Privacy Policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws. Please contact us at privacy@flahiveai.com for information about our data transfer mechanisms and your applicable rights.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable legal requirements. When we make changes, we will update the "Last Updated" date at the top of this Policy.

For material changes — such as changes to how we use mental health conversation data, changes to our data sharing practices, or significant changes to your rights — we will provide additional notice, such as an email notification to the address associated with your account or a prominent in-app notice, before the changes take effect.

Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to any updated Policy, you must stop using the Service and may request deletion of your account and data.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to verified privacy requests within 30 days (or 45 days for CCPA requests).