Privacy policy

We want to be clear about how Flynt uses your personal data. This Privacy Policy explains what we collect, why we use it, who we share it with, and your choices.

We collect personal data you provide directly, data generated through your use of Flynt, and data required to run matching, scheduling, events, messaging, and support. This includes:

• Profile and account data: name, email, company, role, seniority, industry, bio, interests, goals, profile image, LinkedIn URL, and onboarding responses.
• Matching and scheduling data: match status, meeting metadata, reveal and reminder states, scheduling availability, calendar event references, and related operational records.
• Communications data: service emails, support requests, in-app messaging metadata, and optional messaging-channel preferences.
• Payments and event data: meetup registration, payment and refund metadata from payment processors, attendance, and event feedback.
• Technical and security data: IP-based abuse prevention signals, device/browser diagnostics, request metadata, error logs, and fraud-prevention records.

We use your personal data to operate, secure, and improve Flynt. This includes:

• Creating and maintaining your account
• Showing your profile to other Flynt users for introductions, matching, in-person events, and networking
• Generating match context, conversation prompts, and product features that support high-quality introductions
• Scheduling meetings, sending reminders, and handling cancellations or reschedules
• Providing support and resolving account, product, or safety issues
• Running operations, diagnostics, analytics, and abuse prevention
• Processing payments and event transactions where relevant

We may ask for feedback and, separately, your consent before using testimonials for promotional purposes.

• Contract: where processing is needed to provide Flynt features you request (account, matching, scheduling, events, and support).
• Legitimate interests: to keep Flynt safe, reliable, and useful, including fraud prevention, diagnostics, operational logging, and service improvement.
• Consent: where required, including optional marketing, optional integrations/channels, and cookie-controlled analytics settings.
• Legal obligation: where we must retain or disclose certain data to comply with law.

We use administrative, technical, and organisational safeguards to protect your data, including access controls and monitored infrastructure. No online service can guarantee absolute security, but we continuously work to reduce risk.

Your rights

Depending on your location, you may have rights to access, correct, delete, or port your data, and to object to or restrict certain processing. You can contact us at hello@flynt-connect.com for privacy requests.

We send service and account emails, and marketing emails where you opt in. We process delivery and engagement events (for example delivered, opened, bounced, dropped, and unsubscribe states) to keep communications reliable and to honour your choices.

Flynt may schedule meetings and generate event metadata (including attendee details and meeting links) to support the matching experience.

If you connect Google Calendar, Flynt may access and process the minimum calendar data required to identify conflicts and schedule meetings on your behalf, based on the permissions you grant. If you do not connect Google Calendar, Flynt can still invite your email address to meetings, but no connected-calendar data is fetched from your account.

If you choose to connect your Google account on the Calendar page, Flynt requests three OAuth scopes from Google. You can review and revoke this access at any time. The scopes, and exactly what Flynt does with each, are:

• https://www.googleapis.com/auth/calendar.readonly — Flynt reads events on your primary calendar so we can show your existing commitments as busy time on your booking page. Event details are fetched at request time and are not retained in our database; we use only start/end times to compute availability.
• https://www.googleapis.com/auth/calendar.events — Flynt creates, updates, and deletes events on your primary calendar in response to actions you take inside Flynt: confirming a Flynt match, accepting a booking, rescheduling, or cancelling. We only modify events Flynt itself created; we do not touch your other events.
• https://www.googleapis.com/auth/userinfo.email — Flynt reads the email address of the Google account you connected so we can show you which account is linked. We do not use this email for marketing or for authentication into Flynt.

Limited Use

Flynt's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In practice this means data obtained via the Google scopes above is used only to provide the user-facing scheduling features described in this policy.

What we never do with Google user data

• We do not sell, rent, or share Google user data with advertisers, data brokers, or any third party for advertising or independent commercial purposes.
• We do not use Google user data to train, fine-tune, or evaluate generative AI / machine learning models, ours or any third party's. The OpenAI processing referenced elsewhere in this policy operates on Flynt profile data only — it never receives calendar events or the email address obtained through Google OAuth.
• We do not transfer Google user data to other applications except where strictly necessary to deliver the user-facing scheduling features (for example, sending the event to Google Calendar itself).

Retention and revocation

OAuth refresh tokens are stored encrypted at rest. Calendar event content is not persisted; we keep only the IDs of events Flynt created so we can update or remove them on your behalf. You can revoke Flynt's access to your Google account at any time:

• Click Disconnect on the Calendar page in Flynt — this immediately calls Google's revocation endpoint and removes the stored tokens from our database.
• Or revoke directly in your Google account at myaccount.google.com/permissions.
• Or email us at hello@flynt-connect.com and we will revoke and delete on your behalf.

After revocation, encrypted tokens and stored event IDs associated with the connection are deleted within 30 days, subject to limited lawful retention exceptions.

We share data with service providers that help operate Flynt, for example:

• Supabase (database, authentication, storage)
• SendGrid (email delivery)
• Google (Calendar/Meet integrations and analytics tooling where enabled). The Google Calendar integration acts only on the calendar of the user who connected it and is governed by the Google user data section above.
• Twilio/WhatsApp providers (optional messaging channels and verification features)
• Stripe (payments and refunds for paid features/events)
• PostHog (product analytics and diagnostics)
• OpenAI (matching-related model features such as embeddings and generated assistance, applied to Flynt profile data only — never to Google user data)
• Hosting and infrastructure providers (for example Vercel and related delivery services)
• Operational support tooling used by Flynt to triage and resolve support/safety issues

Where required, we put contractual and technical safeguards in place with processors.

We may enrich non-personal company context from public sources to improve matching context and internal operations.

Profile uploads are stored in managed object storage and served to support profile display. If you provide links (for example LinkedIn), we may retrieve metadata for preview purposes.

• Session and auth controls designed to reduce account misuse
• Rate limiting and abuse detection signals
• Structured operational logging for support and incident response
• Role-restricted access for privileged admin operations

Flynt uses profile signals, heuristics, and model-assisted processing (including embeddings and generated assistance) to support matching and recommendation flows. These systems are designed to support product experience and do not make legal or similarly significant decisions about you without human-controlled product rules.

Your data may be processed in the UK, EEA, and other countries where our providers operate. Where required, we rely on appropriate safeguards (for example contractual transfer protections).

• Active account data: retained while your account is active.
• Deactivated accounts: retained for 30 days to allow reactivation, then permanently deleted from Flynt systems, subject to limited lawful retention exceptions.
• Support and operational logs: retained for operational, security, and compliance needs for limited periods.
• Webhook, outbox, and delivery records: retained for reliability, retries, auditing, and fraud/safety review for limited periods.
• Payment-related records: retained according to legal, tax, and processor requirements.
• Google OAuth tokens and event IDs: deleted within 30 days of disconnect, as described in the Google user data section.

Flynt is not intended for children under 16 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their personal data.

We honour product consent controls as implemented in Flynt. Browser Do Not Track signals alone may not trigger separate behavior in all environments.

We may update this policy as Flynt evolves. If changes materially affect data use or consent scope, we may notify you and request updated consent or policy acceptance where needed.

You can contact support from your Flynt dashboard at any time, or email us at hello@flynt-connect.com.