Privacy Policy

Effective Date: January 8, 2026
Last Updated: January 8, 2026

1. Introduction

FlexFlow (Sole Proprietorship) (“FlexFlow”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our gym management software-as-a-service platform (“the Service”).

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you:

  • Create an account (email address, first name, last name)
  • Complete your profile (phone number, timezone, preferences)
  • Use the Service (organization details, gym information, athlete data, class schedules)
  • Contact us for support or inquiries

2.2 Information from Google OAuth

When you sign in using Google OAuth, we collect the following information from your Google account:

  • Email address
  • Profile information (name, profile picture)
  • Basic account information necessary for authentication

Google User Data Limited Use Policy: FlexFlow’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access Google user data necessary for authentication and account creation
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We only share Google user data as necessary to provide the Service or as required by law
  • We maintain appropriate security measures to protect Google user data

We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized or non-personalized AI and/or ML models. We do not use Google user data to develop, improve, or train generalized AI/ML models, nor do we transfer such data to third-party AI tools for these purposes.

2.3 Automatically Collected Information

When you use the Service, we automatically collect certain information, including:

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Log data (IP address, access times, error logs)
  • Cookies and similar tracking technologies (see Section 8)

We may use third-party services such as Google Analytics that collect data about your visit to help us understand how the Service is used and improve functionality.

2.4 Information from Third-Party Services

We may receive information from third-party services integrated with the Service, such as:

  • Payment processors (Stripe) for billing purposes
  • Email service providers (Resend) for transactional emails
  • Cloudflare for service delivery

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: Create and manage your account, process transactions, and deliver requested features
  • Authenticate users: Verify your identity and manage access to the Service
  • Process payments: Handle subscription billing and payment processing through Stripe
  • Communicate with you: Send transactional emails, service updates, and respond to your inquiries
  • Improve the Service: Analyze usage patterns, troubleshoot issues, and enhance functionality
  • Ensure security: Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations: Meet legal requirements and respond to lawful requests

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, including:

  • Stripe: Payment processing and billing
  • Resend: Email delivery services
  • Cloudflare: Hosting and content delivery services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others
  • Investigate fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Storage and Security

Your information is stored in cloud-hosted databases and infrastructure. Data may be stored in data centers located in various geographic regions as part of our cloud infrastructure provider’s global network.

We implement appropriate technical and organizational measures to protect your information, including encryption of data in transit and at rest, secure authentication mechanisms, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • As required by applicable law

When you delete your account, we will delete or anonymize your personal information in accordance with our data retention policies and legal requirements. Some information may be retained for a limited period as necessary for legal compliance or legitimate business purposes.

7. Your Rights and Choices

Under PIPEDA and applicable Canadian privacy laws, you have the following rights:

7.1 Access

You have the right to access the personal information we hold about you. You can view and update much of your information through your account settings.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information. You can delete your account at any time through your account settings. We will delete your information in accordance with our data retention policies and legal requirements.

7.4 Withdrawal of Consent

You may withdraw your consent to our collection, use, or disclosure of your information at any time, subject to legal and contractual restrictions. Withdrawing consent may affect your ability to use the Service.

7.5 Data Portability

You may request a copy of your personal information in a structured, machine-readable format.

To exercise these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Cookies and Tracking Technologies

Cookies are files with a small amount of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.

We use cookies to collect information and improve the Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Children’s Privacy

Service Account Holders: You must be at least 13 years old to create a FlexFlow account or use the Service directly.

Athlete Data for Children: FlexFlow is a gym management platform that allows authorized users (parents, guardians, or gym staff) to enter and manage information about athletes, including children under 13 years of age. When athlete information for a child under 13 is entered into the Service:

  • The person entering the information (parent, guardian, or authorized gym staff member) must be at least 13 years old and have obtained express parental consent to provide such information
  • By entering athlete information for a child, you represent and warrant that you have the legal authority and express parental consent to provide such information and consent to our collection and use of it
  • We collect and use this information solely for the purpose of providing gym management services (scheduling, class management, emergency contacts, etc.)
  • We do not knowingly collect personal information directly from children under 13 without express parental or guardian consent through an authorized account holder

If you are a parent or guardian and believe that athlete information about your child has been entered without proper authorization, or if you wish to review, correct, or delete such information, please contact us at [email protected].

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in Canada. When we transfer information internationally, we take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy and applicable law.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites or services you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email to the address associated with your account
  • Displaying a notice within the Service

The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.

14. Complaints

If you have a complaint about our handling of your personal information, you may contact us at [email protected]. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights.