Privacy Policy

Last updated: 01.06.2026

Overview

This Privacy Policy explains how SMALL MAGELLANIC CLOUD AI LTD (“Flexus,” “we,” “our,” or “us”) collects, uses, discloses, and protects information when you use our website, apps, and services available at flexus.team (the “Service”). Flexus helps offline service businesses manage inbound customer conversations from messengers such as WhatsApp, Instagram, Telegram, and other supported channels, together with CRM records, calendar-related workflows, onboarding, payments/top-ups, and Sidra, our AI assistant for customer-service messaging.

By using the Service, you agree to this Privacy Policy.

What We Collect

Personal Data

Information that can identify you, such as your name, email address, company information, and your Workspace name and details.

Usage Data

Information about how you access and use the Service, including your device and browser type, IP address, timestamps, referral URLs, and interaction events.

Content

Information, messages, notes, CRM records, calendar-related details, support conversations, attachments, configuration data, and Sidra interactions that you upload, receive, or create within the Service. We use technical and organizational safeguards to protect this data, which may include encryption at rest depending on the system.

Authentication & Billing Data

If you sign in through a supported authentication provider, we receive basic profile data per your consent and the provider’s terms. Purchases are processed by Stripe; we receive limited billing metadata (e.g., payment status) but not your full payment card details.

Third-Party Integrations

When third-party integrations take place, we may receive necessary tokens, identifiers, and metadata to operate those connections. Integration tokens and credentials are stored server-side, access-restricted, and protected using technical and organizational safeguards.

Messenger Data

When your connected business uses Flexus to manage conversations through supported messengers such as WhatsApp, Instagram, Telegram, or other channels, we process the following data on behalf of your business:

  • Message Content: Text, media, documents, and other content exchanged between your business and end customers through supported messengers
  • Sender Identifiers: Phone numbers, usernames, user IDs, chat IDs, WhatsApp Business Account (WABA) IDs, Business Phone Number IDs, Instagram account/Page identifiers, Telegram identifiers, and related account identifiers used by the connected messaging channel
  • Message Metadata: Message IDs, timestamps, delivery status, read receipts, and failed delivery events
  • Media References: URLs and metadata for media files shared through supported messengers (media content is stored according to your workspace settings)
  • CRM Thread Links: Links between messenger conversations and your workspace CRM threads for context and continuity
  • Consent & Opt-out Metadata: Records of opt-in consent, opt-out requests, and unsubscribe status for compliance
  • Audit Metadata: Logs of message routing, human or AI-assisted reply actions, policy gate decisions, and approval workflows
  • Integration Token Metadata: Authentication tokens and credentials necessary to connect to supported messaging APIs

Important: Flexus acts as a data processor for messenger data. The connected business (our customer) is the data controller responsible for obtaining lawful consent from end customers and complying with applicable messaging regulations, platform terms, and channel-specific policies.

Flexus’s current default messenger behavior is focused on reply-only customer-service conversations. Flexus responds to inbound customer threads. Unless explicitly enabled for a customer and permitted by the applicable platform rules, permissions, and review status, Flexus does not provide business-initiated first contact, campaigns, reminders, marketing follow-up, sales follow-up, outbound template messaging, or a user-facing ability to create arbitrary agents that can use Meta messengers.

How We Use the Information We Collect

We may use the information for various purposes, including:

  • To provide and maintain our Service;
  • To notify you about changes to our Service;
  • To allow you to participate in interactive features of our Service;
  • To provide customer support;
  • To gather analysis or valuable information to improve our Service;
  • To monitor the usage of our Service;
  • To detect, prevent, and address technical issues.

Messenger Data Processing Purposes

Specifically for messenger data, we process this information to:

  • Webhook Intake: Receive and validate inbound messages and status events from supported messenger APIs
  • Message Routing: Route incoming messages to the appropriate workspace threads and CRM records
  • AI-Assisted Replies: Enable human or policy-gated AI-assisted replies to inbound customer-service conversations
  • Delivery Tracking: Monitor and report message delivery, read, and failure status
  • Consent Enforcement: Maintain and enforce opt-in/opt-out preferences and unsubscribe requests
  • Compliance Audit: Generate audit records for regulatory compliance, account checks, opt-out checks, and audit-before-provider review
  • Workspace Management: Associate messaging data with the correct workspace, team members, and business context

Third-Party Services

Our Service may use third-party services, such as LLM inferences for AI computation, authentication providers, or other integrations the user connects. These third parties have their own privacy policies addressing how they use such information. We share only what’s necessary to provide the requested functionality.

AI Providers and Subprocessors

When messenger-derived message content is processed by AI providers for policy-gated AI-assisted replies to inbound customer-service threads, the following subprocessors may be involved:

  • OpenAI: May process message content for generating responses. OpenAI’s data handling is governed by their Business Associate Agreement and API terms. We do not make unconditional claims that OpenAI never retains or trains on data; their practices are subject to their own policies and agreements.
  • Anthropic: May process message content for AI-assisted responses, subject to Anthropic’s data processing terms.
  • OpenRouter: May route message content to selected model providers for AI-assisted responses, subject to OpenRouter’s terms and the selected model provider’s data processing terms.
  • Other AI Providers: Additional model providers may be used based on workspace configuration and customer choice.

We recommend reviewing each provider’s privacy policy and data processing terms. We select providers with contractual commitments to data protection, but we cannot guarantee zero retention by third-party AI processors.

Data Storage and Security

We do not sell your Personal Data. Access to Personal Data is limited to: service providers/processors under contract and subject to confidentiality and data protection obligations; parties you authorize (e.g., members invited to your Workspace or enabled integrations); authorities or third parties where required by law.

We use administrative, technical, and organizational measures to protect your information.

Data Retention and Deletion

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

For messenger data:

  • Active message content is retained while the workspace is active and the business maintains the relevant messenger integration
  • Audit records may be retained for compliance and security purposes even after message deletion
  • Backup copies may exist for a limited period as part of standard backup procedures
  • Media references are retained according to workspace media retention settings

You may request deletion of your data at any time. See our Data Deletion Instructions for details, or contact hello@flexus.team.

Your Data Protection Rights (GDPR)

Subject to applicable law, you have the right to:

  • Access your Personal Data;
  • Rectify inaccurate Personal Data;
  • Erase your Personal Data;
  • Restrict processing;
  • Object to processing based on legitimate interests;
  • Data portability for data you provided to us;
  • Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact hello@flexus.team.

Cookies & Similar Technologies

We may use cookies and similar technologies for authentication, security, preferences, analytics, and performance. You can manage cookies through your browser settings; some features may not function properly without them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. The effective date of the current version appears in the “Last Updated” line at the top of this page.

Contact

If you have any questions about this Policy, please contact us: hello@flexus.team.

Non-Affiliation Disclaimer

Flexus is an independent service and is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc., WhatsApp LLC, or Instagram, LLC. WhatsApp is a trademark of WhatsApp LLC. Instagram is a trademark of Instagram, LLC. References to WhatsApp and Instagram are for descriptive purposes only regarding integration capabilities.

Note on Messaging Channels: WhatsApp, Instagram, Telegram, and other messengers are separate channel integrations with their own platform terms, permissions, and review requirements. Flexus uses each channel only where enabled for the connected business and permitted by the applicable platform rules.