1. Introduction
Flayr (“we”, “us”, “our”) is an AI-powered advertising platform that generates video advertisements, analyzes competitive advertising strategies, and manages Meta (Facebook & Instagram) ad campaigns on behalf of its users.
This Privacy Policy explains what data we collect when you use Flayr at https://app.useflayr.com, how we use it, who we share it with, and what rights you have over your data.
By using Flayr you agree to this policy. If you do not agree, please stop using the service.
2. Information We Collect
2.1 Account Information
- Email address and display name, collected via Google OAuth or email/password sign-up through Supabase Auth
- Authentication tokens and session cookies required to keep you logged in
2.2 Brand & Business Information
- Brand name, website URL, and product descriptions you provide
- Target audience profiles, pricing information, and value propositions
- Product images and demo videos you upload
- Character reference images you use for AI avatar generation
2.3 Meta Ads Data (when you connect your Meta account)
- Ad account ID and name
- Campaign names, statuses, and budgets
- Ad performance metrics: spend, impressions, clicks, CTR, CPC, ROAS, conversions, and cost per action
- Ad creative data: headlines, body copy, and thumbnails
We access this data through Meta’s Marketing API using OAuth tokens you explicitly authorize. Permissions requested: ads_management, ads_read, business_management.
2.4 Competitor Intelligence Data
- Publicly available competitor ad data sourced from Meta Ad Library
- Ad creative text, run dates, advertiser names, and platform data
- AI-analyzed creative formulas, hooks, and emotional triggers derived from public ad content
- Video and audio analysis of publicly available competitor ad content
2.5 AI-Generated Content
- Video scripts generated by AI based on your brand information
- Video files generated through third-party AI models on your behalf
- Ad creative assets including first frames and thumbnails
- Creative strategy recommendations and ad copy suggestions
2.6 Usage Data
- Pages visited, features used, and actions taken within Flayr
- Browser type, device information, and IP address
- Error logs and performance diagnostics
3. How We Use Your Information
3.1 Core Service Delivery
- Generate AI-powered video advertisements for your brand
- Analyze your brand’s competitive landscape using publicly available data
- Read and display your Meta ad campaign performance data within Flayr
- Create, modify, pause, and manage Meta ad campaigns on your behalf
- Generate scripts, creative strategies, and ad recommendations
3.2 AI Processing
- Your brand information is sent to AI language models (Anthropic Claude, Google Gemini) to generate scripts and analyze competitors
- Character images are processed by AI image and video generation services (OpenAI, fal.ai) to create video content
- Competitor ad videos may be analyzed using AI transcription (Groq) and visual analysis (Google Gemini)
We do NOT use your data to train any AI models.
3.3 Service Improvement
- Analyze aggregate usage patterns to improve features and usability
- Debug technical issues and fix errors
- Develop new capabilities requested by users
4. Third-Party Services
We share data with the following third-party services to provide our core functionality. Each service has its own privacy policy.
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, file storage | Account data, brand data, uploaded files |
| Meta (Facebook) | Ad campaign management, Ad Library | OAuth tokens, campaign actions |
| Anthropic (Claude) | Script generation, ad analysis | Brand info, competitor ad text |
| Google (Gemini) | Video visual analysis | Competitor video content |
| Groq | Audio transcription | Competitor video audio |
| fal.ai | Video generation (Kling) | Character images, motion prompts |
| OpenAI | Image generation (GPT Image 2) | Scene descriptions, character references |
| Apify | Competitor ad data collection | Brand name search keywords |
| Vercel | Application hosting | All application data in transit |
| Stripe | Payment processing (future) | Payment information |
5. Meta Platform Data
5.1 What We Access
When you connect your Meta ad account, we request:
ads_read— to view your campaign performance dataads_management— to create and manage ads on your behalfbusiness_management— to access your business portfolio
5.2 How We Use Meta Data
- Display campaign performance metrics (spend, CTR, ROAS) inside Flayr
- Push AI-generated video ads to your Meta ad account
- Modify campaign budgets and pause or enable ads on your instruction
- Provide AI-powered recommendations based on your ad performance
5.3 Data Storage
- Your Meta OAuth access token is stored encrypted in our database
- Campaign performance data may be cached temporarily for faster loading
- We do NOT store your Meta password
- You can disconnect your Meta account at any time from Settings
5.4 Meta Platform Terms
Our use of Meta data complies with Meta’s Platform Terms and Developer Policies. We do not sell Meta user data or use it for any purpose other than providing our advertising management service to you.
Data deletion requests: andrewbussiness123@gmail.com
6. Data Storage & Security
- All data is stored in Supabase (hosted on AWS eu-west-1) with row-level security
- All data in transit is encrypted via TLS/HTTPS
- OAuth tokens are stored encrypted at rest
- File uploads are stored in Supabase Storage with access controls
- We use Vercel for hosting with enterprise-grade infrastructure
- Your data is retained for as long as your account is active; upon deletion, personal data is purged within 30 days
While we implement industry-standard security measures, no internet transmission is 100% secure.
7. Your Rights
7.1 Access & Portability
You can view all your data within Flayr. To request a machine-readable export, email andrewbussiness123@gmail.com.
7.2 Deletion
Delete your account from Settings → Account. Personal data, brand data, and generated content are deleted within 30 days.
7.3 Disconnect Services
Disconnect your Meta account at any time from Settings, immediately revoking our API access.
7.4 Correction
Update your brand information and account data directly within Flayr. For other corrections, contact us.
8. Children’s Privacy
Flayr is intended solely for users 18 years of age or older. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected such data, please contact us immediately.
9. International Data Transfers
Data is primarily stored in the EU (AWS eu-west-1). Some third-party service providers (Anthropic, OpenAI, Vercel, Groq) process data in the United States and other countries. By using Flayr you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you via email and/or a prominent in-app notice at least 7 days before material changes take effect. Continued use after changes constitutes acceptance.
12. GDPR Compliance (EU/EEA Users)
Legal bases for processing:
- Contract performance — processing necessary to deliver the Flayr service
- Legitimate interests — service improvement, security, fraud prevention
- Consent — connecting your Meta account (withdraw anytime from Settings)
Your GDPR rights: access, rectification, erasure, restriction of processing, data portability, and right to object.
To exercise these rights, email andrewbussiness123@gmail.com. We respond within 30 days. You may also lodge a complaint with your local data protection authority.
13. CCPA Compliance (California Residents)
- Right to know — the categories and specific pieces of personal information we have collected and how it is used
- Right to delete — request deletion of your personal information
- Right to opt out — we do not sell your personal information
- Right to non-discrimination — we will not discriminate for exercising CCPA rights
To submit a CCPA request: andrewbussiness123@gmail.com
14. Contact Us
For privacy-related questions, requests, or concerns:
We aim to respond within 5 business days, and within 30 days at most.