Privacy Policy

Last Updated: December 24, 2025

Flggd ("we," "us," or "our") operates the Flggd SMS scam detection service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

Your Privacy Matters: We are committed to protecting your privacy and being transparent about our data practices. We do not sell your personal information to third parties.

1. Information We Collect

1.1 Information You Provide

Data Type	What We Collect	Purpose
Phone Number	Your mobile phone number	To send SMS responses and identify your opt-in status
Message Content	Text messages you forward to our service	To analyze for scam indicators and provide assessments
Opt-In Data	Consent timestamp, opt-in method (SMS/web)	TCPA compliance and service authorization

1.2 Information Collected Automatically

Message Metadata: Timestamps, message IDs, delivery status
Device Information: Carrier name, phone type (for SMS delivery)
Web Opt-In Data: IP address, browser user-agent (when using web opt-in forms)
Service Logs: API requests, error logs (with phone numbers masked)

2. How We Use Your Information

We use your information to:

Provide the Service: Analyze messages and send scam assessment responses
Improve Accuracy: Train and improve our AI scam detection models
Service Operations: Process opt-ins/opt-outs, handle STOP/START/HELP keywords
Compliance: Maintain records required by TCPA and carrier regulations
Security: Detect and prevent abuse, fraud, or misuse of our service
Analytics: Understand usage patterns and service performance (aggregated data only)

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

We share data with trusted service providers who help us operate the service:

Telnyx: SMS delivery and phone number management
Google Cloud Platform: Infrastructure hosting and computing
Firebase/Firestore: Database storage and authentication

These providers are contractually required to protect your data and only use it for providing services to us.

3.2 Legal Requirements

We may disclose your information if required by law, including:

In response to valid legal process (subpoenas, court orders)
To comply with government requests or investigations
To protect our rights, property, or safety
To prevent fraud or illegal activity

3.3 We Do NOT Sell Your Data

We do not and will not sell, rent, or trade your personal information to marketers or third parties for their promotional purposes.

4. Data Retention

Active Users: We retain your data while you're subscribed to the service
Opt-Out Records: We keep opt-out requests for compliance (typically 5 years)
Message Content: Analyzed messages are retained for up to 1 year for service improvement, then anonymized or deleted
Logs: Service logs are retained for 90 days (with PII masked)

5. Data Security

We implement industry-standard security measures:

Encryption: Data in transit (HTTPS/TLS) and at rest
Access Controls: Limited employee access to personal data, role-based permissions
PII Protection: Phone numbers masked in logs, message content not logged at INFO level
Authentication: Webhook signature verification, API key protection
Monitoring: Automated security monitoring and incident response

However, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Rights

6.1 Opt-Out / Unsubscribe

You may stop receiving messages at any time by texting STOP to our service number.

6.2 Access and Deletion (CCPA/GDPR Rights)

Depending on your location, you may have rights to:

Access: Request a copy of your personal data we hold
Deletion: Request deletion of your personal data
Correction: Request correction of inaccurate data
Portability: Receive your data in a portable format
Restriction: Limit how we process your data

To exercise these rights, contact us at privacy@flggd.com. We will respond within 30 days.

6.3 Do Not Track (DNT)

Our web opt-in forms do not currently respond to Do Not Track browser signals, as there is no industry standard for DNT compliance.

7. Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect information from minors. If we discover we have collected data from a child, we will delete it promptly. Parents who believe we have collected their child's data should contact us immediately.

8. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of sale (we don't sell data)
Right to deletion
Right to non-discrimination for exercising CCPA rights

To exercise CCPA rights, email privacy@flggd.com with "CCPA Request" in the subject line.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland:

Legal Basis: We process your data based on your consent (opt-in) and our legitimate interests (service operation)
Data Controller: Flggd is the data controller
International Transfers: Your data may be transferred to the US; we use standard contractual clauses for protection
Rights: You have rights under GDPR including access, rectification, erasure, restriction, portability, and objection
Complaints: You may lodge a complaint with your local data protection authority

10. Cookies and Tracking

Our SMS service does not use cookies. Our web opt-in pages may use:

Essential Cookies: For form submission and CSRF protection (strictly necessary)
Analytics: We may use basic analytics to understand web opt-in usage (anonymized)

11. Third-Party Links

Our messages or website may contain links to third-party sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes may be communicated via SMS or email. Continued use of the service after changes constitutes acceptance.

13. International Users

Our service is operated from the United States. If you access our service from outside the US, your information will be transferred to and processed in the US, which may have different data protection laws than your country.

14. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you as required by applicable law, typically within 72 hours of discovery.

Contact Us - Privacy Questions

If you have questions about this Privacy Policy or our data practices:

Email: privacy@flggd.com
Support: support@flggd.com
Website: flggd.com
Mail: Flggd, Privacy Inquiries, [Your Business Address]