Privacy Policy

This Privacy Policy explains how Fload Technologies Limited (“Fload”, “we”, “us”, or “our”) collects, uses, and shares information when you use:

• our websites (including www.fload.com and any subdomains) (the “Site”),
• our web and mobile applications, browser-based interfaces, and chat interfaces,
• our integrations and connectors (e.g. App Store Connect, Google Play, Stripe, Apple Search Ads, Meta Ads, Google Ads, RevenueCat, Firebase, Slack/Discord/Teams), and
• any other products, services, content, tools, and features we make available (collectively, the “Services”).

This Privacy Policy is incorporated into and made part of our Terms of Service (the “Terms”). Capitalized terms not defined here have the meanings given to them in the Terms.

By accessing or using the Services, you represent that you have read and understood this Privacy Policy and the Terms, and that you are at least 18 years old. If you do not agree, you must not use the Services.

We are:
Fload Technologies Limited
A TSL company registered in Abu Dhabi Global Market (ADGM), Abu Dhabi, United Arab Emirates
Contact: support@fload.com
Privacy contact / DPO: dpo@fload.com

1. What We Mean by “Personal Data”

In this Privacy Policy, “Personal Data” means any information relating to an identified or identifiable natural person. This includes information that directly identifies someone (like a name or email address) or that can be used to identify someone when combined with other information.

We distinguish between:

• Your Data – information relating to you and your team as Fload users (e.g. your account, login, billing, communications).
• Customer End-User Data – information about your apps' end users that you choose to connect to or process through Fload (e.g. analytics, purchase data, usage events, public reviews).

For most Customer End-User Data, you are the data controller and Fload acts as your data processor. For some things (like our own marketing emails to you), we act as a controller.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• visit the Site or sign up for an account,
• onboard your apps and connectors,
• invite teammates,
• configure alerts and reports,
• communicate with us, or
• otherwise use the Services.

This may include:

• Account and Profile Data – Name, email address, password or authentication data, company name, job title, organization name, billing address, and any other details you add to your profile or organization.
• Organization & Team Data – Information about your organization, the apps connected under it, and the teammates you invite (name, email, role, permissions).
• Billing and Subscription Data – Plan type, number of apps (seats), subscription status, invoices, payment method details processed by Stripe (we do not store full card numbers), and related billing metadata.
• Support and Communications – Information contained in emails, support tickets, chat conversations, or other communications with us (including attachments and logs you choose to send).
• Marketing and Preferences – Information you provide when subscribing to newsletters or updates, event registrations, preferences about communication channels and alerts, and any content of your responses to surveys or feedback requests.
• Recruitment Data (if applicable) – If you apply to work with us, we may process your CV/resume, contact details, and other information you choose to share as part of the recruitment process.

You may choose not to provide certain information, but this may limit your ability to use some or all of the Services.

2.2 Data from Connectors and External Platforms

To do its job, Fload connects to the tools you already use. When you connect a third-party account or invite our “AI Analyst” email as a user on your account, we access data from that third-party service on your behalf.

Depending on the connectors you enable and your configuration, we may process data from:

• App distribution & stores: Apple App Store Connect, Google Play Store / Google Play Console
• Payments & subscriptions: Stripe, RevenueCat
• Advertising & user acquisition: Apple Search Ads, Meta Ads (Facebook, Instagram, etc.), Google Ads and related Google marketing services
• Analytics & events: Firebase, Other analytics platforms you choose to connect
• Communication platforms: Slack, Microsoft Teams, Discord

The types of data we may process via these connectors include (depending on the integration and your configuration):

• app performance metrics (downloads, installs, uninstalls, revenue, refunds, churn, retention, active users, cohorts, etc.),
• subscription and purchase metrics,
• campaign, ad group, and creative performance metrics,
• attribution and funnel metrics,
• aggregated event data and analytics metrics,
• public app store reviews and ratings, including usernames and review text,
• and other operational metrics exposed via the relevant APIs or interfaces.

We aim to minimize the amount of personal data about your end users that Fload ingests. In most cases, we focus on aggregated or pseudonymized metrics (e.g. counts, revenue totals, retention rates), and we do not intentionally store identifiable end-user data unless it is technically necessary for specific analyses you request.

However, depending on how third-party tools are configured, limited personal data about your end users may be processed by Fload (for example, pseudonymous user IDs, public usernames in reviews, or event-level data tied to device identifiers). You are responsible for ensuring that your use of these connectors and the data you process through Fload complies with applicable law and your own privacy notices.

2.3 Use of “AI Analyst” Accounts and Scraping

To access certain data that is not available through official APIs (for example, some App Store Connect data), you may:

• invite a dedicated Fload-controlled email address as a user on your third-party account, and/or
• authorize Fload to access data via browser-based automation or internal APIs exposed in the relevant web interface.

By doing so, you authorize Fload to:

• log in to those accounts on your behalf,
• access, read and retrieve the data needed to provide the Services, and
• perform limited actions (now or in the future) that you explicitly enable, such as changing certain settings, triggering experiments, or updating configurations.

We do not sell this data, and we do not use your identifiable Customer End-User Data to train our own or third-party machine learning models.

2.4 Information from SDKs (Future Features)

In the future, you may optionally integrate a Fload SDK into your app(s). This may allow Fload to:

• collect usage and behavior data directly from your apps, and/or
• control certain in-app elements on your behalf (for example, paywalls or experiments).

If you choose to use such features, we will process the data sent via the SDK in accordance with this Privacy Policy and any applicable Data Processing Addendum, and you will remain responsible for providing appropriate notices and obtaining any necessary consents from your end users.

2.5 Automatically Collected Information

When you use the Site or Services, we automatically collect certain technical information, which may include:

• Device and browser data – IP address, device type, operating system, browser type, language, time zone.
• Usage data – Log data, timestamps, page views, referring/exit pages, clicks, features used, errors, and interaction with the UI.
• Metadata – Metadata relating to data sets you upload or connect (e.g. schema, table names, metric names).
• Location data – Approximate location derived from your IP address (city, region, country). We do not track precise GPS coordinates unless explicitly enabled for a specific feature.

We may use cookies, pixels, local storage, and similar technologies to collect this information (see Section 4).

2.6 Information Processed by AI/LLM Providers

When you submit queries or use AI-assisted features in Fload, we may send the minimum necessary portion of your data (such as relevant metrics, aggregated statistics, and context) to external large language model providers, such as OpenAI, Anthropic (Claude), or similar (“AI Providers”), to generate responses and insights.

• We do not permit AI Providers to use your data to train their models, to the extent we are able to control this through their enterprise or API settings.
• We do not send your complete raw data sets by default; we strive to send only the data required to answer your specific query or power the relevant feature.
• We may log the prompts and responses (including the contextual fragments of your data that were sent) for debugging, safety, and improvement of our Services.

AI Providers process this data under their own privacy policies and terms. We select providers that support enterprise-grade data protection commitments, but you should review their policies if you have specific concerns.

2.7 Information You Share Through Workspaces or Chat

If you use our Slack, Discord, Teams, or similar connectors:

• messages you send to Fload in those spaces,
• commands / slash commands,
• and the AI responses we send back

may be visible to other members of your workspace according to that platform's own permissions and settings.

You are responsible for:

• managing access rights within your own workspace,
• deciding who can see which channels,
• and ensuring that sending app data to those channels is acceptable under your internal policies.

Fload is not responsible for how your workspace provider handles or discloses data once it is posted there.

2.8 Information You Post Publicly

If we provide public forums, feedback boards, or similar features, information you choose to post there may be publicly visible. Do not share confidential or sensitive information in public areas.

3. How We Use the Information We Collect

We use the information described above for the following purposes (and under the legal bases described in Section 7 for GDPR regions):

• To provide and operate the Services – creating and managing accounts and organizations, connecting to and synchronizing with your data sources, running queries, dashboards, alerts, and reports, generating AI-assisted analysis and recommendations.
• To communicate with you and your team – service-related emails and in-app messages, weekly performance recaps, daily marketing updates, anomaly alerts, and optimization recommendations, security, technical, and administrative notices, responding to support requests and inquiries.
• To personalize and improve the Services – customizing content and default views, recommending metrics, queries, and workflows, simplifying onboarding flows and connector configuration.
• To operate AI features – sending minimal, relevant snippets of your data to AI Providers to generate responses, evaluating and improving how AI features work (e.g. prompt quality, hallucination reduction), ensuring safety and abuse prevention in AI interactions.
• To develop and improve our products – analyzing usage patterns, testing new features, benchmarking and performance tuning. For this purpose, we may use aggregated and/or anonymized data derived from your usage to help improve our models, heuristics, and analytics. We do not use your identifiable Customer End-User Data to train general-purpose machine-learning models.
• To handle billing and account administration – processing payments through Stripe, managing subscriptions, upgrades, downgrades, and renewals, calculating seat/app counts and invoicing.
• To maintain security and prevent abuse – protecting accounts, systems, and data from unauthorized access, detecting and blocking suspicious or abusive behavior, enforcing applicable policies and terms.
• To comply with legal obligations and enforce our rights – responding to lawful requests from public authorities, resolving disputes and enforcing contracts, protecting the rights, property, and safety of Fload, our users, or the public.
• For marketing, with appropriate controls – sending you product updates, announcements, and offers, measuring the effectiveness of our campaigns. You can opt out of non-essential marketing communications at any time using unsubscribe links or by contacting us.

4. Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to:

• keep you logged in and maintain sessions,
• remember your preferences,
• measure traffic and usage patterns,
• support analytics and performance,
• and support marketing and retargeting (where permitted by law).

Where required by applicable law, we will present you with a cookie banner and/or manage consent to non-essential cookies.

You may be able to configure your browser to refuse cookies or notify you when a cookie is being set. If you block cookies, some features of the Services may not function properly.

We may also use third-party analytics tools (such as Google Analytics or similar) and marketing tools (such as Meta Pixel or equivalent) in accordance with their privacy policies and with applicable law.

5. How We Share Personal Data

We do not sell your Personal Data. We may share Personal Data with:

• Service providers and sub-processors – hosting and infrastructure providers, database, logging, and monitoring services, email and communications providers, authentication and security tools, analytics and error tracking tools, AI Providers (OpenAI, Anthropic, etc.), other vendors that help us deliver and improve the Services. We engage these providers under contracts that require appropriate confidentiality and security.
• Payment processors (Stripe) – to process payments, manage subscriptions, and handle billing. Your use of Stripe is also governed by Stripe's own terms and privacy policy.
• Your teammates and organization members – information within your organization (apps, metrics, dashboards, alerts, chat history) will be visible to authorized users of your organization based on their roles and permissions.
• Third-party platforms you choose to connect – if you configure Fload to send alerts and reports to Slack, Teams, Discord, or similar, we will send relevant data to those platforms at your direction.
• Professional advisers – lawyers, auditors, or other advisers where necessary for legal, compliance, or business purposes.
• Business transfers – in connection with a merger, acquisition, financing, or sale of all or part of our business, or similar corporate transaction. We will continue to protect your Personal Data in line with this Policy and provide notice of any material changes.
• Legal and safety reasons – if we believe disclosure is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our agreements and policies; to protect the rights, property, or safety of Fload, our users, or others.

6. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Policy, including to:

• provide the Services to you,
• maintain business and transactional records,
• comply with legal obligations,
• resolve disputes, and
• enforce our agreements.

You can remove apps and connectors, or delete your organization or account, through the dashboard or by contacting us. When you do so:

• We will remove or anonymize associated data from our active systems within 30 days, subject to technical limitations and our backup and archival policies.
• We may retain aggregated and anonymized statistics derived from your data, which can no longer be linked back to you, for product improvement and business analytics.
• We may retain some limited data where required by law (for example, billing records, tax documentation, or logs needed for security and compliance).

7. Legal Bases for Processing (EEA/UK/Similar)

Where applicable data protection law (such as the GDPR) applies, we rely on one or more of the following legal bases:

• Contractual necessity – to provide the Services under the agreement with you or your organization (e.g. account operation, connectors, analytics, alerts).
• Legitimate interests – to operate, secure, and improve the Services; to communicate with you about product updates; to prevent abuse and fraud; and to support business operations. We balance these interests against your rights and expectations.
• Legal obligations – to comply with laws and regulations (e.g. tax, accounting, law enforcement requests).
• Consent – for certain uses of cookies, marketing communications, and any processing where consent is specifically required by law. You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

When we process Customer End-User Data on your behalf, we do so as your processor based on the contract with you, and you are responsible for having an appropriate lawful basis to process that data and share it with us.

8. International Transfers

Fload is headquartered in Abu Dhabi Global Market (ADGM), United Arab Emirates, and uses infrastructure in the European Union and the United States (and potentially other jurisdictions) to host and process data.

This means your Personal Data may be transferred to, stored in, and processed in countries other than the one where it was collected. Those countries may have data-protection laws that differ from those of your country.

Where required by law, we implement appropriate safeguards for international transfers, which may include:

• standard contractual clauses approved by the European Commission or UK authorities,
• data-processing agreements with subprocessors,
• and technical and organizational measures to protect data in transit and at rest.

If you have questions about cross-border transfers, contact dpo@fload.com.

9. Your Rights

Depending on your location and applicable law, you may have some or all of the following rights in relation to your Personal Data:

• Access – to know if we process your Personal Data and to receive a copy.
• Rectification – to have inaccurate or incomplete Personal Data corrected.
• Erasure – to request deletion of Personal Data in certain circumstances.
• Restriction – to ask us to restrict processing in certain circumstances.
• Portability – to receive Personal Data you provided in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
• Objection – to object to certain processing based on legitimate interests (including profiling), and to marketing communications.
• Withdraw consent – where we rely on consent, to withdraw that consent at any time.

You can exercise these rights by contacting us at dpo@fload.com. We may need to verify your identity before processing your request. Some rights may be limited by applicable law (for example, where fulfilling your request would adversely affect the rights and freedoms of others or where we are legally required to keep certain data).

When we process Customer End-User Data only on behalf of a customer, we may redirect requests to the relevant customer (the controller), or work with them to fulfill the request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (as amended) regarding your Personal Data, including:

• the right to know what categories of Personal Data we collect, use, and disclose,
• the right to access specific pieces of Personal Data,
• the right to deletion of your Personal Data, subject to legal exceptions,
• the right to correct inaccurate Personal Data,
• and the right not to be discriminated against for exercising your rights.

We do not sell Personal Data, and we do not share Personal Data for cross-context behavioral advertising in the sense defined by the CCPA/CPRA.

To exercise your California rights, contact dpo@fload.com or support@fload.com. We may ask you to verify your identity and residency.

11. Security

We take security seriously and implement technical and organizational measures designed to protect Personal Data against unauthorized access, loss, misuse, or alteration. These measures may include:

• encryption in transit and at rest where appropriate,
• access controls and least-privilege policies,
• monitoring and logging of key systems,
• regular updates and patching of infrastructure,
• internal policies and training.

However, no system can be guaranteed 100% secure. You are responsible for:

• keeping your account credentials secure,
• using strong, unique passwords and multi-factor authentication where available,
• and limiting access to the Services within your organization.

If you believe your account has been compromised, contact us immediately at support@fload.com.

12. Children

The Services are not directed to individuals under 18, and we do not knowingly collect Personal Data from children. If you are a parent or guardian and believe your child has provided Personal Data to us, please contact us. If we discover that we have collected Personal Data from a child under 18 without appropriate consent, we will take steps to delete it and terminate related access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top. We may also provide additional notice (such as in-app notifications or email) of material changes.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

For questions, concerns, or requests related to privacy or this Policy, contact:

• General support: support@fload.com
• Data protection / privacy requests: dpo@fload.com