Privacy Policy

We collect the minimum needed to run Flempy: who you are (via Google), what you build (your projects), and what you pay us (via Stripe). We use a third-party AI (Anthropic) to generate schematics from your prompts. We don't sell your data.

• Account info: name, email, profile image from Google OAuth. We don't see your Google password.
• Your projects: the prompts you send, the netlists Flempy generates, the chat history with the AI. Stored in MongoDB.
• Billing info: handled entirely by Stripe. We store your Stripe customer ID and subscription status; we never see or store your card number.
• Usage telemetry: per-turn token counts, cost, timing. Used for cost accounting and debugging.
• Cookies: one session cookie that keeps you signed in. No ad tracking, no third-party analytics cookies.

• Authenticate you and show you your projects.
• Send your prompts to Anthropic's API to generate designs. See Anthropic's privacy policy for their data handling.
• Bill you via Stripe and refill your run quota.
• Improve Flempy. We may look at anonymized usage stats and error logs. We don't train models on your prompts or projects without explicit opt-in.
• Email you about your account — billing, important changes, security. Never marketing without opt-in.

Only what's necessary to run the service:

• Google — OAuth sign-in.
• Anthropic — your prompts + netlist context go to the Claude API so the AI can generate designs. Covered by Anthropic's own commitment not to train on API data.
• Stripe — billing.
• MongoDB Atlas — database hosting for your projects and account.

We don't sell your data. We don't share it with advertisers. We'll only disclose it for legal reasons if compelled by a valid legal process, and we'll tell you when we're legally allowed to.

You can:

• Export your projects by emailing privacy@flempy.com — we'll send you a JSON export of every project tied to your account within 7 business days.
• Request deletion of your account by emailing support@flempy.com. Deletion removes your projects and account record within 30 days; billing records we're legally required to keep for tax purposes are retained longer.
• Request a copy of everything we have on you — email privacy@flempy.com.

EU/UK users have GDPR rights (access, rectification, erasure, portability, objection). California users have CCPA rights. To exercise them, email privacy@flempy.com.

We use TLS in transit, encrypted storage at rest (via MongoDB Atlas), and hash sensitive tokens. We're a small team — no SOC 2 yet. Treat Flempy accordingly: appropriate for independent projects and prototyping, not for classified or regulated designs.

Flempy isn't intended for users under 13. If you're a parent who learns your child has created an account, email us and we'll delete it.

Flempy's servers are currently hosted in the US. By using the service from outside the US, you consent to your data being transferred and processed in the US.

We'll notify you of material changes by email and/or in-app banner. Continued use after a change means you accept it.

privacy@flempy.com