Cookie Policy

1. What Are Cookies

Cookies are small text files stored on your device to improve user experience.

2. Types of Cookies We Use
3. Essential Cookies

• Required for website functionality

1. Analytics Cookies

• Help us understand usage patterns

1. Functional Cookies

• Remember user preferences

1. Marketing Cookies (if applicable)

• Used for targeted advertising

3. How We Use Cookies

We use cookies to:

• Improve website performance
• Analyze traffic
• Personalize content

4. Managing Cookies

Users can:

• Accept or reject cookies via banner
• Modify browser settings

5. Third-Party Cookies

We may use:

• Analytics tools (e.g., Google Analytics)
• Cloud and performance services

6. Consent

Where required (e.g., GDPR):

• Cookies are used only after user consent

7. Updates

We may update this Cookie Policy periodically.

4. AI ETHICS POLICY

Flintz commits to responsible AI:

Principles:

• Fairness: No bias or discrimination
• Transparency: Explainable AI systems
• Privacy-first: Data minimization
• Accountability: Human oversight
• Safety: Prevent harmful outputs

Controls:

• Bias testing
• Model monitoring
• Human-in-the-loop for critical use cases

5. DATA PROCESSING AGREEMENT (DPA)

Roles:

• Client = Data Controller
• Flintz = Data Processor

Key Clauses:

1. Processing Scope

Only process data per client instructions

2. Confidentiality

Strict confidentiality obligations

3. Security Measures

• Encryption
• Access control
• Audit logs

4. Sub-processors

• Cloud vendors allowed with safeguards

5. Data Transfers

• GDPR SCCs applied where required

6. Data Breach

• Notify within 72 hours

7. Data Deletion

• On contract termination or request

6. SERVICE LEVEL AGREEMENT (SLA)
7. Availability

• 99.5% uptime commitment

2. Support Response Time

• Critical: 2 hours
• High: 6 hours
• Medium: 24 hours

3. Resolution Targets

• Critical: 24 hours
• High: 48 hours
• Medium: 3–5 days

4. Maintenance

• Scheduled downtime with notice

5. Credits

Service credits applicable for SLA breaches (enterprise contracts)

7. API USAGE POLICY
8. Authentication

• API keys required
• Keys must not be shared

2. Rate Limits

• Enforced per plan

3. Acceptable Use

Prohibited:

• Illegal content
• Abuse or spam
• Reverse engineering

4. Data Usage

• Inputs may be logged for security
• No training without agreement

5. Monitoring

We may:

• Monitor usage
• Suspend abusive accounts

6. Security

• Secure API endpoints
• Token-based authentication

8. ENTERPRISE / INVESTOR-READY ADDITIONS

To strengthen compliance posture:

✔ Governance

• Data Protection Officer (DPO) readiness
• Internal audit logs

✔ Compliance Frameworks

• GDPR, DPDP, CCPA alignment
• SOC 2 (recommended next step)
• ISO 27001 readiness

✔ Risk Management

• DPIA for AI systems
• Vendor risk assessment

✔ Documentation

• RoPA (Records of Processing Activities)
• Incident response plan