Flex Engine

Flex Engine Privacy Policy

Last updated: September 16, 2025

Flex Engine (“we,” “our,” or “us”) respects your privacy and is committed to protecting personal information we process. This Privacy Policy explains how we collect, use, store, and safeguard information in connection with our services and integrations, including partnerships with Daxko/Club Automation.

1. Information We Collect

We collect and process information necessary to provide our services, including:

  • Member data: names, contact details, and membership information.
  • Scheduling and attendance: class registrations, check-ins, and activity history.
  • Billing and transactions: payment details and account history.
  • System usage data: logs, API calls, and technical performance metrics.

We do not use customer data for our own marketing or research purposes.

2. How We Use Information

We process customer data to:

  • Enable secure integrations with Club Automation and other connected systems.
  • Provide automation, workflow, and reporting services.
  • Improve platform performance, reliability, and customer experience.
  • Support onboarding, troubleshooting, and technical support.

All customer data remains owned by the customer. Flex Engine does not claim rights to customer-derived data.

3. Data Storage & Location

We use Google Cloud Platform (GCP) for hosting and data processing. GCP provides SOC 2, ISO 27001, and other leading certifications.

  • Data is stored in U.S.-based data centers unless otherwise required by the customer.
  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access is controlled by strict role-based policies, least-privilege principles, and multi-factor authentication.

4. Data Sharing & Sub-Processors

  • We may use trusted sub-processors (e.g., GCP) for infrastructure and support services.
  • Sub-processors are contractually required to follow equivalent security and privacy standards.
  • We do not sell or share customer data with third parties for marketing.

5. Customer Rights

We adhere to GDPR, CCPA, and other applicable privacy regulations. Customers and end users have the right to:

  • Access and obtain a copy of their personal data.
  • Request correction or deletion (“right to be forgotten”).
  • Restrict or object to processing.
  • Request data export in standard formats (CSV/JSON).

Requests may be submitted to info@flexengine.dev.

6. Security Measures

We implement organizational and technical safeguards including:

  • Encryption of all sensitive data at rest and in transit.
  • Network security, firewalls, and intrusion detection.
  • Logging, monitoring, and audit trails for all API and user activity.
  • Annual penetration testing and ongoing vulnerability scans.
  • Employee confidentiality agreements and access restrictions.

7. Data Retention

We retain customer data only as long as required for service delivery or contractual obligations. Logs are retained for up to 12 months, unless otherwise agreed.

8. Incident Response

In the event of a security incident or data breach, we will:

  • Contain and investigate immediately.
  • Notify affected customers and regulators as required by law.
  • Provide remediation details and mitigation guidance.

9. International Data Transfers

Personal data will not be transferred outside the customer’s core operating country unless explicitly requested or legally required. Any transfers will be subject to appropriate legal safeguards (e.g., Standard Contractual Clauses).

10. Privacy Complaints & Contact

We maintain a formal process for handling privacy complaints and regulatory inquiries. If you have concerns about your data, please contact:

11. Policy Updates

We may update this Privacy Policy to reflect changes in regulations, technology, or our services. Customers will be notified of material changes via email or our platform.