Privacy Policy
This policy explains how Flex collects, uses, shares, and protects information when you use our website, application, integrations, APIs, browser extension, and AI development workflows.
Last updated: 2026-07-09
Who We Are
Flex provides tools that help teams turn requests into internal apps, prototypes, and reviewable product changes. In this policy, "Flex", "we", "us", and "our" refer to the Flex service and the team operating it.
When an organisation uses Flex for its team, that organisation may also decide what information is added to Flex and how it is used. In those cases, Flex may process information on behalf of that organisation.
Information We Collect
Account and team information
Name, email address, login details, organisation or tenant information, team membership, invitation status, and role or permission information.
Workspace content
Prompts, product context, repository metadata, generated changes, preview status, logs, branch names, pull request links, and configuration needed to run previews.
Connected service data
Information from services you connect, such as GitHub, Slack, browser extension workflows, webhooks, or other tools your team chooses to use with Flex.
Usage and device data
Pages viewed, product events, IP address, browser and device information, cookie identifiers, diagnostics, security events, and performance information.
Please avoid adding personal data to prompts, repository content, environment variables, logs, or connected tools unless your team has a valid reason to process it through Flex.
How We Use Information
- To create and manage accounts, tenants, teams, permissions, and invitations.
- To run AI development workflows, provision preview environments, and show workflow status.
- To connect Flex with repositories, Slack, webhooks, browser extension flows, and other integrations you enable.
- To send transactional emails, service notices, security messages, and support responses.
- To secure Flex, prevent abuse, debug problems, monitor availability, and improve product quality.
- To understand website and product usage through analytics where enabled.
- To comply with legal obligations and enforce our agreements.
Legal Bases
Where UK or EU data protection law applies, we rely on legal bases including performance of a contract, legitimate interests, consent where required, and compliance with legal obligations. Our legitimate interests include operating, securing, improving, and supporting Flex.
How We Share Information
We do not sell personal data. We may share information with service providers and subprocessors that help us operate Flex, including cloud infrastructure, database hosting, email delivery, analytics, error monitoring, security tooling, AI model providers, and integration providers you connect.
If your team connects services such as GitHub or Slack, information may be exchanged with those services according to your configuration and their own terms and privacy policies. If Flex runs workloads on your secure infrastructure, relevant workflow data may be processed in that environment.
We may also disclose information if required by law, to protect rights and safety, in connection with a business transaction, or with your consent.
AI Workflows and Workspace Content
Flex may process prompts, repository context, code, logs, and related workflow data to perform the actions your team requests. Depending on your configuration, this information may be sent to AI model providers or processed by agents running in your secure infrastructure.
Stored integration tokens and project secrets are encrypted at rest. Runtime workflows may receive the credentials and configuration they need to clone repositories, run previews, call model providers, or perform other requested tasks.
Cookies and Analytics
Flex uses cookies and similar technologies for authentication, security, session management, preferences, and product analytics. We may use analytics providers, including PostHog when enabled, to understand how people use the website and product.
You can control cookies through your browser settings. Blocking some cookies may affect login, security, or product functionality.
Security and Retention
We use technical and organisational measures designed to protect information, including tenant isolation, access controls, encrypted secrets, authenticated runtime channels, and operational monitoring. No system is perfectly secure, so we also encourage teams to limit sensitive information shared with any development workflow.
We keep information for as long as needed to provide Flex, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support backups or audit records. Retention periods vary based on the type of information and your team's configuration.
International Transfers
Flex and its service providers may process information in countries other than where you are located. Where required, we use appropriate safeguards for international transfers, such as contractual protections and other mechanisms recognised by applicable law.
Your Rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.
If you use Flex through your organisation, we may direct your request to that organisation where it controls the relevant workspace data. You may also have the right to complain to your local data protection authority.
Children
Flex is intended for business and professional use. It is not directed to children, and we do not knowingly collect personal data from children.
Changes to This Policy
We may update this policy from time to time. If changes are material, we will take reasonable steps to notify users, such as updating the date above or providing an in-product notice.
Contact
If you have questions about this policy or want to make a privacy request, contact us at privacy@flexenv.com.
This policy is intended to describe how Flex handles personal data in practice. It should be reviewed by legal counsel before being relied on as legal advice or a final compliance document.