Privacy Policy

Last updated: March 8, 2026

1. Introduction

Flint Pay Inc. ("Flint," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, APIs, dashboard, and related services (collectively, the "Services").

2. Information We Collect

Information you provide

  • Account registration information (name, email, business details)
  • Identity verification information required for payment processing onboarding
  • Transaction data (orders, payment amounts, refunds, customer information you submit through the API)
  • Communications you send to us (support requests, feedback)
  • Messages and prompts you submit through the AI Assistant feature in the dashboard

Information collected automatically

  • Usage data (API calls, dashboard interactions, feature usage)
  • Device and browser information (IP address, browser type, operating system)
  • Log data (access times, pages viewed, error logs)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Process transactions and send related information
  • Verify your identity and comply with legal obligations (KYC/AML)
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Send administrative information, such as updates, security alerts, and account notifications
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends to improve user experience

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance — to provide the Services you have signed up for and process transactions
  • Legal obligation — to comply with KYC/AML regulations, tax reporting, and other legal requirements
  • Legitimate interests — to detect fraud, improve the Services, and communicate with you about your account
  • Consent — where required by applicable law, for marketing communications or optional analytics

5. How We Share Your Information

We may share your information with:

  • Payment processing partners (Stripe) to facilitate payment processing, identity verification, and compliance
  • AI service providers (such as OpenAI and Anthropic) to power the AI Assistant feature in the dashboard, as described in Section 6 below
  • Service providers who perform services on our behalf (hosting, analytics, email delivery)
  • Law enforcement or regulators when required by law or to protect our rights
  • Business transfers in connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

6. AI-Powered Features

The dashboard includes an optional AI Assistant powered by third-party AI providers (currently OpenAI and Anthropic). When you use the AI Assistant:

Data sent to AI providers

  • Messages and prompts you type in the AI Assistant chat
  • Account context such as your merchant name, business name, current dashboard page, and onboarding status
  • Data retrieved by AI tool calls, such as order details, customer names, payment amounts, and subscription information

Data redacted before sending

We apply redaction to protect sensitive information before it reaches the AI provider:

  • Email addresses are masked (e.g., "j***e@example.com")
  • Phone numbers show only the last four digits
  • Billing and shipping addresses are fully redacted
  • API key secrets are fully removed
  • IP addresses and merchant notes are redacted

Storage and retention

AI Assistant conversation history is stored only in your browser's local storage. Conversations are not stored on Flint Pay servers and are not synced across devices. Conversations are automatically deleted after 30 days or when you clear your browser data. AI providers may process your data in accordance with their own privacy policies, but data sent via their APIs is not used to train their models.

Opting out

Use of the AI Assistant is entirely optional. If you do not use the AI Assistant, no data is sent to AI providers.

7. Data Controller and Processor Roles

Flint Pay acts as a data controller for merchant account data (registration, onboarding, billing). When merchants submit their customers' data through our APIs (e.g., customer names, email addresses, and payment information associated with orders), Flint Pay acts as a data processor on behalf of the merchant. Merchants are responsible for providing appropriate privacy notices to their own customers and obtaining any required consents.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Services. We also retain data as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes (e.g., financial record-keeping requirements). AI Assistant conversations are stored only in your browser and are not retained by Flint Pay.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments. Data sent to AI providers is transmitted over encrypted connections. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@withflintpay.com.

11. Cookies and Tracking

We use essential cookies to maintain session state and authentication. We may use analytics tools to understand how the Services are used. You can control cookie preferences through your browser settings.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including to AI service providers that may process data in the United States. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

13. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know — You may request that we disclose the categories and specific pieces of personal information we have collected about you
  • Right to delete — You may request deletion of your personal information, subject to certain exceptions
  • Right to opt-out of sale — We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at privacy@withflintpay.com. We will respond within 45 days as required by law.

14. Children's Privacy

The Services are not directed to individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@withflintpay.com.