Flamio
Log InSign Up
Last Updated: 13.05.2026

Flamio AI Privacy Policy

This Privacy Policy explains how Flamio collects, uses, shares, retains, and protects personal information across the website, browser extension, and backend services.

1. Introduction

Flamio is operated by the Flamio team (“Flamio”, “we”, “us”, or “our”) as an early-stage product. We operate the flamio.org, browser extension and backend services (collectively, the “Service”). We act as a data controller for your personal information.

If you have any questions or requests regarding our Privacy Policy or information we store regarding you, you can contact us via email: flamio.community@gmail.com.

This Privacy Policy explains our data practices. Where required, we will ask for your consent separately before collecting certain data, such as screen recordings.

2. Information We Collect

We may collect the following categories of information:

2.1 Account Information

When you create an account, we may collect the following information. Passwords are securely hashed and are never stored in plain text. This information is used to authenticate you as a user and to gather information regarding our customers to provide better service to you.

  • First Name
  • Last Name
  • Email address
  • Authentication credentials (password)
  • Company name
  • Company field
  • Company size
  • Company location
  • Job Title

2.2 Screen Recordings

Flamio allows users to start screen recordings for the purposes of analysis for UX research and interface improvement.

These features do not start automatically. They are started by the user or after the user accepts a research session prompt.

Recordings and screen sharing may capture information visible on the selected page or screen, including page content, clicks, scrolling, cursor movement, navigation actions, and text entered during the session.

The study creator or person who invited you to the session may be able to view the recording and session data.

Please do not use Flamio on pages that contain passwords, payment information, government IDs, health information, private messages, confidential business information, or other sensitive information.

Users can stop an active screen recording session at any time.

2.3 Cookies and Similar Technologies

As of now, Flamio does not use non-essential cookies for advertising or retargeting.

The Service may use local storage, session storage, or similar technologies that are necessary to provide core functionality, such as authentication, session management, user settings, and recording state.

If we introduce non-essential analytics cookies or similar tracking technologies in the future, we will request consent where required and update this Privacy Policy accordingly.

4. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage accounts
  • Improve product functionality and user experience
  • Analyze user behaviour and provide useful UX insights
  • Comply with legal obligations
  • Enforce our terms, policies, and agreements

5. Chrome Web Store Limited Use disclosure

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

We use data collected through Flamio and browser extension permissions only to provide or improve Flamio’s single purpose: helping users analyze and improve user interfaces on pages or sessions they choose.

We do not use or transfer user data for personalized advertising, retargeting, data brokerage, credit decisions, or unrelated purposes.

6. Sharing and Disclosure

We may share session information, session recordings, session screenshots and analysis results with the study creator, workspace owner, or person who invited you to participate in a research session.

We may also share limited data with service providers that help us operate Flamio, such as:

  • Cloud hosting providers
  • Database and storage providers
  • Authentication providers
  • Analytics providers
  • Error monitoring providers
  • Customer support tools
  • We do not sell user data. We do not share user data with data brokers or advertising networks for personalized advertising.
  • Where required by applicable law, we enter into appropriate data processing terms with service providers that process personal data on our behalf.
  • We may also disclose the data to comply with legal obligations, respond to lawful requests from public authorities, or protect our legal rights or the rights and safety of users.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to comply with legal, regulatory, tax, accounting, or reporting obligations.

Retention periods may include:

  • Account information: retained while the account remains active and retained for up to 90 days after deletion unless legally required otherwise.
  • Recordings and UX analysis: retained for up to 90 days unless deleted earlier by the user, study creator, or workspace owner, or unless we need to keep them longer for security, support, or legal reasons.
  • Security and audit logs: retained as necessary for security, fraud prevention, compliance and internal debugging.
  • When personal data is no longer required, we will securely delete or anonymize it.

8. Data Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction.

Security measures may include:

  • Encryption in transit and at rest
  • Secure credential hashing
  • Access controls and least-privilege access management
  • Logging and monitoring systems
  • Internal confidentiality obligations
  • Periodic security reviews
  • However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

9.1 GDPR Rights (EEA/UK Users)

Subject to applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete personal data
  • Request deletion of personal data
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with a supervisory authority

9.2 Exercising Your Rights

To exercise your rights, contact us using the contact details below.

We may require verification of your identity before responding to requests.

We will respond within the timeframes required by applicable law.

10. Automated Decision-Making

Flamio may use automated or AI-assisted tools to generate UX insights, summaries, or interface improvement suggestions.

We do not use these tools to make decisions that produce legal or similarly significant effects on individuals.

We do not use session recordings or page content to train general-purpose AI models unless we disclose this separately and obtain any required consent.

11. Children’s Privacy

The Service is not intended for children under the age required by applicable law (such as 13 or 16 depending on jurisdiction).

We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a child without appropriate consent, we will take reasonable steps to delete such information.

12. Data Breach Notification

In the event of a personal data breach, we will take appropriate measures in accordance with applicable law, including notification to affected individuals and regulatory authorities where required.

We will notify relevant authorities within 72 hours where required by law.

13. Changes to This Privacy Policy

In the future we may update this Privacy Policy out of necessity to keep up to date with current Service functions.

When we make any material changes, we will update the “Last Updated” date and may provide additional notice where required by law.