Privacy Policy
Effective: April 5, 2026
Overview
Flatland is a minimal product. We collect only what we need to operate the Service and communicate with you. We do not sell your data. We do not run advertising. This document explains what we collect, why, and how long we keep it.
1 — What We Collect
Account data. When you subscribe, we collect your email address. This is used to deliver your API key, send billing receipts, and communicate service updates.
API usage data. We log API requests at a high level — timestamps, endpoints called, and response status codes. We do not log the content of your financial models, your driver values, or your formulas. Your model data is processed in memory and not persisted on our servers.
Payment data. Billing is handled entirely by Stripe. We do not store or process payment card information. Stripe's privacy policy governs payment data.
Analytics. We use Vercel Web Analytics, which is privacy-first and cookieless. It collects anonymous page view data (page URL, referrer, country). No personal identifiers. No cookie consent required.
Support communications. If you email us, we retain that correspondence to help resolve your issue.
2 — What We Do Not Collect
- The content of your financial models — assumptions, formulas, computed values
- Any data from your local file system or development environment
- Behavioral tracking, fingerprinting, or cross-site data
- Information about your AI agent's other activities outside of Flatland API calls
3 — How We Use Your Data
- Deliver and operate the Service — authenticate API requests, enforce rate limits
- Send transactional emails — API key delivery, billing receipts, service notices
- Understand usage patterns at an aggregate level to improve the Service
- Respond to support requests
We do not use your data for advertising, profiling, or sale to third parties.
4 — Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database — stores API keys and account records | Email, API key hash |
| Stripe | Payment processing and subscription management | Email, billing details |
| Resend | Transactional email delivery | Email address, message content |
| Vercel | Hosting and anonymous analytics | Anonymous page view data |
| Fly.io | API server hosting | API request logs (no model content) |
Each of these services has their own privacy policy. We have selected providers that take data security seriously.
5 — Data Retention
We retain your account data for as long as your subscription is active. If you cancel and request deletion, we will remove your email and API key records within 30 days.
API request logs are retained for 90 days for operational purposes, then deleted.
To request deletion of your data, email support@flatlandfi.com.
6 — Security
API keys are stored as hashed values. All data in transit is encrypted via TLS. We follow standard practices for access control and secrets management.
No system is perfectly secure. If you discover a vulnerability, please disclose it responsibly to isaac@flatlandfi.com.
7 — Your Rights
You may request access to, correction of, or deletion of your personal data at any time. Email support@flatlandfi.com with your request.
If you are in the EU or UK, you have additional rights under GDPR / UK GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
Because we use Vercel Analytics (cookieless, no personal identifiers), there is nothing to opt out of for analytics tracking.
8 — Changes to This Policy
We may update this policy as the Service evolves. Material changes will be communicated to subscribers by email. The effective date at the top of this page reflects the most recent revision.