Privacy Policy

Effective: April 8, 2026 · FlexServe is a product of Nexint Technology Solutions

This privacy policy describes how FlexServe collects, uses, and protects your information. FlexServe is built and operated by Nexint Technology Solutions. References to "we", "us", or "FlexServe" in this policy mean Nexint Technology Solutions in its capacity as the operator of the FlexServe product.

1. Information We Collect

1.1 Account information

When you sign up, we collect your business name, email address, phone number, and payment information (processed by Stripe).

1.2 Business content

Our conversational onboarding captures information about your business: services, pricing, hours, location, and visual preferences. This is used to generate your website.

1.3 Connected social profiles (OAuth)

If you choose to connect your Google Business Profile, Instagram, Facebook Page, TikTok, YouTube, or WhatsApp Business via OAuth, we receive read-only access to profile information, recent posts, reviews, ratings, hours, address, phone, and categories. We do not request or use any "write" or "publish" permissions. We never post on your behalf, send messages on your behalf, or modify your profiles.

1.4 Booking and customer data

When customers book through your FlexServe site, we collect their name, contact info, and booking details. This data belongs to you and is scoped to your tenant account.

2. How We Use Your Information

To generate and maintain your website, booking system, and client portal; to display your own social posts on your own FlexServe site; to pre-fill your business profile during onboarding; to run audits on your connected profiles and surface improvement recommendations; to deliver bookings, reminders, and notifications; to process payments via Stripe.

3. How We Store Your Information

Your data is stored in encrypted PostgreSQL databases hosted in AWS. OAuth access tokens are encrypted at rest using AES-256-GCM with keys held in AWS Secrets Manager.

4. What We Don't Do

We do not sell your data to third parties. We do not use your business or customer data to train machine learning models. We do not share your data with advertisers. We do not post, message, or follow anyone on your behalf via your connected social accounts. We do not retain OAuth tokens for accounts you've disconnected.

5. Third-Party Services

We use Stripe for payment processing, AWS for hosting and email delivery, Anthropic Claude and xAI Grok for AI (no PII sent without your action), Twilio for SMS (when you opt in), and Meta/Google/TikTok only when you OAuth-connect your account.

6. Your Rights

You can disconnect any OAuth-connected profile at any time. You can request export or deletion of your data by emailing privacy@flexserve.ai. EU/UK users have GDPR rights. California users have CCPA rights — we do not sell personal information.

7. Data Retention

We retain your data for the duration of your active subscription. After account closure, all data is permanently deleted within 30 days unless legally required to retain it.

8. Security

We follow industry best practices: HTTPS everywhere, encryption at rest and in transit, role-based access control, regular security audits.

9. Changes to This Policy

We will notify you by email and dashboard banner at least 30 days before any material changes to this policy.

10. Contact Us

Questions about this policy or your data: privacy@flexserve.ai