Last updated: January 1, 2026
This Privacy Policy explains how Adam Development AB, trading as FlexPortal ("FlexPortal", "we", "us", or "our"), collects, uses, discloses, and protects personal data when you use our subscription management platform and visit our website.
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the Swedish Data Protection Act, and other applicable data protection laws.
Adam Development AB
Organization number: 559430-2027
Björkrisvägen 6A, 702 34 Örebro, Sweden
Email: support@flexportal.io
This Privacy Policy applies to:
FlexPortal is a business-to-business (B2B) platform. When Clients use our Platform to manage their subscription business, they upload data about their own customers ("End Customer Data"). In this relationship:
This Privacy Policy primarily addresses how we process data about our Clients and Users. If you are an end customer of one of our Clients, please refer to that Client's privacy policy for information about how they handle your data.
When you create an account or become a Client, we collect:
When you use our Platform, we automatically collect:
On our marketing website (flexportal.io), we collect:
When you contact us, we collect:
We process your personal data for the following purposes:
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
Legal basis: Legitimate interests (Article 6(1)(f) GDPR) - improving our services
Legal basis: Legitimate interests (security) and legal obligation (Article 6(1)(c) and (f) GDPR)
Legal basis: Performance of a contract and legitimate interests (Article 6(1)(b) and (f) GDPR)
We do not sell your personal data. We share data only in the following circumstances:
We use trusted third-party service providers to help operate our Platform:
| Provider | Purpose | Data Location |
|---|---|---|
| Google Cloud Platform (Firebase) | Infrastructure, database, authentication, file storage | EU (Frankfurt) or US (Iowa) based on your selection |
| Stripe | Payment processing for FlexPortal subscriptions and payment integration for Clients to collect payments from their customers | EU and US (Stripe is PCI DSS Level 1 certified and certified under EU-US Data Privacy Framework) |
| Resend | Transactional email delivery | US (with appropriate safeguards) |
| Vercel | Website hosting and analytics | Global edge network |
All service providers are bound by data processing agreements and are required to protect your data in accordance with applicable data protection laws.
We may disclose your data if required by law, court order, or government request, or when necessary to:
If FlexPortal is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
FlexPortal operates fully isolated regional environments to meet local data residency and compliance requirements. Each region has its own:
Your data never leaves your selected region. There is no data replication or synchronization between regions. Each environment is completely independent.
We currently offer the following regional deployments:
You select your data region during account setup. This choice determines where all your account data, customer data, assets, orders, and files are stored and processed.
For Enterprise customers with specific data residency requirements, we can provision dedicated regional environments in additional locations (e.g., Middle East). These deployments are fully isolated and comply with local data protection regulations. Contact us at support@flexportal.io to discuss your requirements.
While your core Platform data remains in your selected region, certain ancillary functions may involve processing outside that region:
These services process only the minimum data necessary for their function (e.g., email addresses for delivery, payment details for billing) and are bound by data processing agreements.
We retain your personal data for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account plus 30 days after termination for data export |
| Billing records | 7 years (Swedish accounting requirements) |
| Audit logs | 365 days |
| Session data | 7 days after session expiration |
| Support correspondence | 3 years after resolution |
| Marketing analytics | Aggregated data only, no personal data retained |
After the retention period, data is securely deleted or anonymized. You may request earlier deletion of your data subject to legal and contractual obligations.
Our marketing website uses minimal tracking:
The Platform uses only essential cookies necessary for:
These are strictly necessary cookies and do not require consent under GDPR.
You can control cookies through your browser settings. Note that disabling essential cookies may affect Platform functionality. For Google Tag conversion tracking, you can opt out through Google's opt-out browser add-on.
We implement comprehensive security measures to protect your data:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
If you become aware of any unauthorized access to or disclosure of data processed through the Platform, please notify us immediately at support@flexportal.io.
Our infrastructure is hosted on Google Cloud Platform, which maintains extensive security certifications including ISO 27001, SOC 2, and GDPR compliance. Data is stored in secure, redundant data centers with physical security controls.
Under GDPR and applicable data protection laws, you have the following rights:
You have the right to request a copy of the personal data we hold about you and information about how we process it.
You have the right to request correction of inaccurate or incomplete personal data.
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller. Our Platform provides data export functionality.
You have the right to object to processing of your personal data based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
To exercise any of these rights, please contact us at support@flexportal.io. We will respond to your request within 30 days. We may need to verify your identity before processing your request.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm, Sweden
www.imy.se
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (subscription history, transaction data), and internet activity (usage logs, API activity). We collect this information for the business purposes described in Section 4 of this policy.
To exercise your California privacy rights, contact us at support@flexportal.io. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.
Our Platform does not currently respond to "Do Not Track" browser signals. However, we honor Global Privacy Control (GPC) signals as a valid opt-out request under California law. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information.
We may send you marketing communications about our products, services, and updates if you have opted in or where permitted by applicable law. You can opt out of marketing communications at any time by:
Please note that even if you opt out of marketing communications, we will still send you transactional messages related to your account, such as billing notifications, security alerts, and service updates.
FlexPortal is a B2B platform intended for use by businesses and their authorized representatives. We do not knowingly collect personal data from children under 16 years of age. If you believe we have inadvertently collected data from a child, please contact us immediately at support@flexportal.io.
For Enterprise customers, we offer a Data Processing Agreement (DPA) that provides additional contractual commitments regarding our processing of End Customer Data, including:
To request a DPA, please contact us at support@flexportal.io.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes:
We encourage you to review this policy periodically to stay informed about how we protect your data.
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: support@flexportal.io
Mailing Address:
Adam Development AB
Björkrisvägen 6A
702 34 Örebro
Sweden
