Privacy policy

1. General Information

This Privacy Policy ("Policy") describes how FlixTok Inc OÜ ("FlixTok", "we", "us", or "our") collects, uses, stores, and protects the personal data of users ("User", "you") in connection with the use of the FlixTok platform, including the website, mobile applications, and related services (collectively — the "Platform"). FlixTok OÜ is a company registered in accordance with the laws of the Republic of Estonia, located at: Harju maakond, Tallinn, Lasnamäe linnaosa, Keevise tn 10, 11415.

FlixTok OÜ is the data controller of personal data within the meaning of applicable data protection laws, in particular the General Data Protection Regulation (GDPR). If you have any questions regarding this Policy or the processing of your personal data, you may contact us at the following email address: privacy@flixtok.com. This Policy applies to all users of the Platform regardless of their location. By using the Platform, you confirm that you have read and familiarized yourself with this Policy.

2. What Data We Collect

We may collect the following categories of personal data in connection with the use of the Platform:

2.1. Account Data When creating an Account, we may collect:

  • email address;
  • username (nickname);
  • other information provided by the User during registration.

A User may register or log in to the Platform using third-party services (e.g., Google or Apple). In such cases, we may receive basic profile information from the respective provider, including email address and name, in accordance with the User's account settings in such service.

2.2. Platform Usage Data We may collect information about how the User uses the Platform, including:

  • viewed Content;
  • interaction history with Content;
  • User actions on the Platform (e.g., creating Comments).

2.3. Technical Data We may automatically collect technical information, including:

  • IP address;
  • device type, operating system, and browser type;
  • unique device identifiers;
  • network and connection data;
  • information about errors and Platform performance.

2.4. Payment Data The Platform does not store payment credentials (such as bank card details). Payment processing is carried out by third-party payment providers or application stores (e.g., App Store or Google Play). We may receive limited transaction information, such as payment status, date, and amount, necessary for providing access to Content and accounting for payments.

2.5. Age Data We may request information necessary to confirm the User's age or determine their age category for the purpose of complying with legal requirements and restricting access to specific Content. Such information may include confirmation of reaching a certain age (e.g., 18 years) without collecting the full date of birth, unless otherwise required by law.

3. How We Use Data

We use the personal data of Users for the following purposes:

3.1. Provision and Functioning of the Platform We process data to create and manage the Account, provide access to Content, and ensure the operation of the Platform.

  • Legal basis: performance of a contract with the User (specifically the Terms of Use of the Platform).

3.2. Payment Processing and Providing Access to Paid Content We use data to process payments, confirm transactions, and provide access to Paid Content or Platform features.

  • Legal basis: performance of a contract with the User (specifically the Terms of Use of the Platform).

3.3. Personalization and Platform Improvement We may use data to analyze Platform usage, personalize Content, provide recommendations, and improve functionality.

  • Legal basis: legitimate interest in the development and improvement of the Platform.

3.4. Security and Prevention of Abuse We process data to detect, prevent, and investigate fraud, abuse, or other violations of these Terms.

  • Legal basis: legitimate interest and fulfillment of legal obligations.

3.5. Legal Compliance We may process personal data to fulfill requirements of applicable law, in particular regarding accounting, tax obligations, or responses to requests from state authorities.

  • Legal basis: fulfillment of legal obligations.

3.6. Communication with Users We may use contact data to send service messages, including information about the Account, changes to the Platform, or these Terms.

  • Legal basis: performance of a contract with the User (specifically the Terms of Use of the Platform) and legitimate interest.

3.7. Marketing and Notifications (subject to consent) We may use personal data to send marketing communications, information about new Content, special offers, or other advertising materials only upon receiving the User's respective consent, if such consent is required by applicable law. The User has the right to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  • Legal basis: consent.

4. Data Transfer to Third Parties

We may transfer the personal data of Users to third parties only in cases necessary for the functioning of the Platform, performance of a contract, or compliance with the law.

4.1. Service Providers We may engage third-party service providers who process personal data on our behalf, in particular for:

  • hosting and data storage;
  • analytics and Platform improvement;
  • technical support;
  • content delivery (CDN);
  • communication services.

Such providers have access to personal data only to the extent necessary to perform their functions and are obliged to ensure an appropriate level of data protection.

4.2. Payment Providers Payment processing is carried out by third-party payment providers or application distribution platforms (e.g., App Store or Google Play). Such providers independently process personal data in accordance with their own privacy policies.

+2

4.3. Compliance with Legal Requirements We may disclose personal data if necessary to:

  • comply with legal requirements;
  • respond to lawful requests from state authorities;
  • protect the rights, safety, or property of the Platform, Users, or third parties.

4.4. Business Transfers In the event of business reorganization, merger, sale of assets, or other transfer of business, personal data may be transferred to the respective third party, provided that legal requirements regarding data protection are met.

5. International Data Transfer

In the process of providing the Platform, personal data may be transferred and processed outside the European Economic Community (EEA). In such cases, we ensure that the data transfer is carried out in accordance with applicable data protection law and with an appropriate level of personal data protection. Specifically, we may use the following protection mechanisms:

  • decisions of the European Commission on an adequate level of data protection in the respective country;
  • standard contractual clauses (Standard Contractual Clauses) approved by the European Commission;
  • other data transfer mechanisms provided by law.

By using the Platform, you understand that such transfers may occur within the limits necessary for the functioning of the Platform.

6. Data Retention

We store the personal data of Users only for the period necessary to achieve the purposes for which such data was collected, including the performance of contractual obligations, compliance with legal requirements, resolution of disputes, and protection of the rights and interests of the Platform. Specifically:

  • Account data is stored for the duration of the Account's existence;
  • transaction-related data may be stored longer in accordance with accounting and tax law requirements;
  • technical data and usage data may be stored for a limited period necessary for analytics, security, and Platform improvement.

In the event of Account deletion, we may store certain data for a reasonable period if necessary to comply with legal requirements, resolve disputes, or prevent abuse. Upon expiration of the respective retention periods, personal data is deleted or anonymized.

7. User Rights

In accordance with applicable data protection law, in particular the GDPR, the User has the following rights regarding their personal data:

  • 7.1. Right of Access: The User has the right to obtain confirmation as to whether their personal data is being processed, as well as access to such data.
  • 7.2. Right to Rectification: The User has the right to request the rectification of inaccurate or incomplete personal data.
  • 7.3. Right to Erasure: The User has the right to request the erasure of their personal data in cases provided for by applicable law.
  • 7.4. Right to Restriction of Processing: The User has the right to request the restriction of processing of their personal data in cases provided for by applicable law.
  • 7.5. Right to Data Portability: The User has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, if technically possible.
  • 7.6. Right to Object: The User has the right to object to the processing of their personal data in cases where such processing is carried out on the basis of legitimate interest.
  • 7.7. Right to Withdraw Consent: If the processing of personal data is carried out on the basis of consent, the User has the right to withdraw such consent at any time.
  • 7.8. Right to Lodge a Complaint: The User has the right to lodge a complaint with a competent data protection authority in their country of residence or with the supervisory authority in the Republic of Estonia.

To exercise these rights, the User may contact us using the contact details specified in this Policy. We may request additional information to confirm the User's identity before processing such a request and have the right to refuse the request or limit its fulfillment in cases provided for by applicable law.

8. Cookies and Tracking

We may use cookies and similar technologies (e.g., SDKs, pixels, and local storage) to ensure the proper operation of the Platform, improve its functionality, and analyze usage. Cookies are small text files that are stored on the User's device during the use of the Platform. We may use the following categories of cookies and technologies:

  • Necessary: to ensure the operation of the Platform and its basic functions;
  • Analytical: to understand how Users interact with the Platform;
  • Functional: to save settings and improve the user experience;
  • Marketing: to display relevant content and advertising (subject to consent, if required by law).

The User can manage the use of cookies through their browser or device settings, as well as through tools available on the Platform. More detailed information on the use of cookies may be set forth in a separate Cookie Policy.

9. Data Security

We take appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, alteration, or disclosure. Such measures may include, in particular:

  • the use of data encryption during transmission;
  • restriction of access to personal data;
  • application of information system protection tools;
  • regular monitoring and updating of security measures.

At the same time, no method of data transmission over the Internet or electronic storage is absolutely secure. Therefore, despite our efforts, we cannot guarantee the absolute security of personal data. In the event of a security breach that may pose a risk to the rights and freedoms of Users, we will take appropriate measures in accordance with applicable law.

10. Children's Data

The Platform is not intended for use by children under the age of 13. We do not knowingly collect personal data from persons under this age. If we become aware that personal data has been collected from a child under 13 without appropriate legal grounds, we will take steps to delete such data. Additional age restrictions (e.g., 18+) may be established for specific Content or Platform functions. In such cases, access to the respective Content may be restricted based on the User's age information. The User is responsible for providing accurate information regarding their age when using the Platform.

11. Changes to the Policy

We may from time to time update or change this Policy to reflect changes in the Platform's operation, legal requirements, or other circumstances. In the event of significant changes, we may notify Users by posting a corresponding notice on the Platform or by another available method. The updated version of the Policy takes effect from the moment of its publication, unless otherwise stated. We recommend that Users periodically review this Policy to stay informed about how we process personal data