platform logo

Privacy Policy

1. Defined Terms

The definitions of the following terms are provided in the Terms of Service:

Platform

Visitor

User

Path Sharer

Path Sharer Profile

Session

Seeker

Booking

Session Review

Session Completion Issue

Feedback

Report

Commission

Payment

Payout

Refund

Dispute

Third-Party Service Provider

2. Introduction

The company FlintOne, a simplified joint-stock company registered with the RCS of Paris under number 104 953 906, with registered office at 58 rue de Monceau CS 48756 75380 Paris Cedex 08, France, operates the website www.beamthru.com (the “Platform”).

This Privacy Policy describes how FlintOne collects and processes the personal data of the User and any Visitor of the Platform as Data Controller.

FlintOne commits to collecting only the information necessary to provide a quality service, guaranteeing the confidentiality and security of such information, including when engaging Third-Party Service Providers, and facilitating the exercise of the User’s and the Visitor’s rights over their personal data in accordance with the European Union’s General Data Protection Regulation 2016/679 (the “GDPR”).

In accordance with the Terms of Service, the Platform is exclusively intended for Users who are at least 18 years old and legal residents of France, Germany, or Luxembourg. The Platform does not intentionally collect or process Personal Data from individuals located outside these countries. Users located outside France, Germany, and Luxembourg access the Platform at their own initiative and FlintOne makes no representation that the Platform complies with the laws of any other jurisdiction.

Data Controller

FlintOne acts as the data controller for the processing operations described in this Policy.

Contact for Personal Data Protection

For any questions regarding the protection of personal data or to exercise their rights, the User or the Visitor may contact FlintOne via the Help Center.

Effective Date and Modification

This Privacy Policy automatically takes effect as of 26 May 2026. FlintOne reserves the right to modify this Privacy Policy at any time. In the event of a substantial modification to this Policy, the User will be notified via email. By continuing to use the Platform after such modifications, the User is deemed to have acknowledged the updated Policy.

3. Processing of Personal Data

Personal data is processed based on the following legal grounds:

Performance of the contract: To provide the services requested by the User and ensure the proper operation of the Platform;

Compliance with legal obligations: To comply with mandatory laws, including those arising from DAC7, anti-money laundering requirements, and applicable tax or accounting regulations;

Legitimate interest: To ensure Platform security, prevent fraud, and improve our services;

Consent: For specific purposes such as marketing or newsletters, where the User has explicitly provided their agreement.

3.1 Activities Concerning Path Sharers Only

Activities:

Profile Management: managing the lifecycle of the Path Sharer Profile, including onboarding, updates and closure. This applies to all applicants, regardless of whether the onboarding process is completed or successful.

Identity Verification: verifying the identity documents of any prospective or active Path Sharer to ensure Platform security and prevent fraud.

Public and Booking Page Display: displaying the Path Sharer’s public and booking page containing notably Professional Information and Session Setup Information.

Search Ranking: determining the display order of Path Sharers in search results based on relevance.

Search Results Display: displaying a list of Path Sharers matching the Seeker’s search query.

Commission Invoice Issuance: issuing invoices and corresponding credit notes (if applicable) to the Path Sharer for the Platform’s Commissions.

Payout Management: managing Payout to the Path Sharer’s bank accounts.

Dashboard Metrics Monitoring: displaying key activity metrics for the Path Sharer.

Tax Reporting (DAC7): collecting and reporting mandatory information to tax authorities and providing the Path Sharer with an annual summary of his or her platform earnings in compliance with EU Directive 2021/514 (DAC7).

Data categories:

Identification Information: full name, date of birth and primary address.

Other Personal Information: email address, photo and timezone.

Identity Documents: copies of official ID cards or passports for identity verification purposes.

Verification Records: notably includes administrative data related to the verification process, such as verification status, completion date, unique reference numbers, and the outcome of the check.

Professional Information: notably includes career experience, educational background and self-introduction.

Session Setup Information: Session topics, duration, pricing and availability.

Tax Information: such as tax identification numbers and VAT details. All such information relates exclusively to data issued within the European Union.

Legal Status Information: information identifying the Path Sharer’s status as a private individual, sole proprietor or single-person company.

Business Information: notably includes business registration number and address.

Statistical Session Data: notably includes number of completed Sessions and number of likes received.

Earnings Data: comprehensive records of income generated through the Platform.

Commission Invoice Records: notably includes issued invoices and corresponding credit notes (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for both the Platform as the seller and the Path Sharer as the buyer), Commission amounts, applicable VAT and transaction records.

Payout Data: notably includes payout identifiers, payout status, amount and processing metadata. Note: Bank account details are neither accessed nor stored by FlintOne, such data is processed exclusively and securely by the third-party payment service provider (Stripe).

Profile Metadata: notably includes profile creation date, modification history and records of profile status changes.

Processing activities overview

ActivitiesData processedCollection methodLegal basis
Profile Management- Identification Information - Other Personal Information - Professional Information - Session Setup Information - Business Information (if applicable) - Tax Information - Legal Status Information - Profile Metadata- Profile Metadata generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path SharerPerformance of the contract
Identity Verification- Identification Information - Identity Documents - Tax Information - Verification Records- Verification Records provided by the Platform - Other information and documents provided by the Path SharerCompliance with legal obligations
Public and Booking Page Display- Identification Information (e.g. name) - Other Personal Information (e.g. photo and timezone) - Legal Status Information - Professional Information - Session Setup Information - Statistical Session Data - Session Review Information - Profile Metadata (e.g. date of joining)- Session Review Information: content provided by Path Seekers, other information generated automatically by the Platform - Statistical Session Data and date of joining generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path SharerPerformance of the contract
Search Ranking- Professional Information - Session Setup Information - Search Data- Professional Information and Session Setup Information provided by the Path Sharer - Search Data provided by the Path SeekerPerformance of the contract
Search Results Display- Identification Information (e.g. name) - Other Personal Information (e.g. photo) - Professional Information - Session Setup Information (e.g. pricing) - Statistical Session Data- Statistical Session Data generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path SharerPerformance of the contract
Commission Invoice Issuance- Commission Invoice Records- Path Sharer-related information provided by the Path Sharer - Other data generated automatically by the PlatformCompliance with legal obligations
Payout ManagementPayout Data- Payout status and references obtained from payment service provider (Stripe) - Other data generated automatically by the PlatformPerformance of the contract Compliance with legal obligations
Dashboard Metrics Monitoring- Statistical Session Data - Earnings DataGenerated automatically by the Platform based on Path Sharer’s activitiesPerformance of the contract
Tax Reporting (DAC7)- Identification Information - Legal Status Information - Tax Information - Business Information (if applicable) - Earnings Data - Statistical Session Data (e.g. number of completed Sessions per quarter) - Commission Invoice Records (e.g. Commissions and VAT withheld per quarter)- Identification, Legal Status, Tax and Business Information provided by the Path Sharer - Other data generated automatically by the Platform based on Path Sharer’s activitiesCompliance with legal obligations

Data retention by category

Data categoryProviderRetention period
Identification InformationPath SharerRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Other Personal InformationPath SharerRetained until Path Sharer’s User account closure.
Identity DocumentsPath SharerCollected solely for verification purpose and deleted immediately upon verification.
Verification RecordsPlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Professional InformationPath SharerRetained until the account is closed, as they are essential elements of the Path Sharer Profile.
Session Setup InformationPath SharerRetained until the account is closed, as they are essential elements of the Path Sharer Profile.
Tax InformationPath SharerRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Legal Status InformationPath SharerRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Business InformationPath SharerRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Statistical Session DataPath Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Earnings DataPath Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Commission Invoice RecordsPath Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Payout DataPayment service provider (Stripe) and PlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
Profile MetadataPath Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer.
All data categories collected during onboarding (refer to “Profile Management” in the table above)Prospective Path Sharer (Incomplete or unsuccessful onboarding)Retained for 1 year for security and fraud prevention.

3.2 Activities Concerning Path Seekers Only

Activities:

Search of Path Sharers: enabling the Path Seeker to search for Path Sharers based on specified interests or criteria.

Booking Creation: enabling the Path Seeker to create Booking requests.

Booking Payment: enabling the Path Seeker to pay for the Booking.

Payment Receipt Issuance: issuing payment receipts as proof of transactions to the Path Seeker and corresponding refund receipts (if applicable).

Platform Retention Notice Issuance: issuing Platform Retention Notices directly to the Path Seeker in cases where a session is missed by both parties.

Session Review Submission: enabling the Path Seeker to submit a Session Review after the completion of a Session.

Refund Management: processing applicable refund to the Path Seeker related to Bookings and past Sessions.

Dashboard Metrics Monitoring: displaying key activity metrics for the Path Seeker.

Data categories:

Search Data: notably includes selected topics, search queries and frequency of searches.

Booking Creation Information: notably includes booking details (topic, duration, price), scheduled slot, request description and participant identifiers.

Payment Data: notably includes transaction identifiers, payment status, amount and processing metadata. Note: FlintOne does not have access or store payment details, these are processed directly and securely by payment service provider (Stripe).

Payment Receipt Records: notably includes issued payment receipts and corresponding refund receipts (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for the Path Seeker as the buyer), payment amounts, applicable VAT and transaction records.

Platform Retention Notice Records: includes issued Platform Retention Notices and all associated data required for accounting compliance (such as identity and billing address of the Path Seeker, retained amount and transaction records). Note: these invoices are issued directly by the Platform to the Path Seeker.

Session Review Information: Session Review provided by the Path Seeker and associated metadata.

Refund Data: notably includes refund amount and transaction records.

Statistical Session Data: notably includes number of completed Sessions and number of likes given.

Processing activities overview

ActivitiesData processedCollection methodLegal basis
Search of Path SharersSearch DataSelected and provided by the Path SeekerPerformance of the contract
Booking CreationBooking Creation Information- Booking metadata generated automatically by the Platform - Inputs and Selections provided by the Path SeekerPerformance of the contract
Booking PaymentPayment Data- Transaction status and references obtained from payment service provider (Stripe) - Other data generated automatically by the PlatformPerformance of the contract Compliance with legal obligations
Payment Receipt IssuancePayment Receipt Records- Path Seeker-related information provided by the Path Seeker - Other data generated automatically by the PlatformCompliance with legal obligations
Platform Retention Notice IssuancePlatform Retention Notice Records- Path Seeker-related information provided by the Path Seeker - Other data generated automatically by the PlatformCompliance with legal obligations
Session Review SubmissionSession Review Information- Content provided by the Path Seeker - Other information generated automatically by the PlatformPerformance of the contract
Refund ManagementRefund Data- Refund status and references obtained from payment service provider (Stripe) - Other data generated automatically by the PlatformPerformance of the contract Compliance with legal obligations
Dashboard Metrics MonitoringStatistical Session DataGenerated automatically by the Platform based on the Path Seeker's activitiesPerformance of the contract

Data retention by category

Data categoryProviderRetention period
Search DataPath SeekerRetained, in anonymized form, for as long as the Platform operates.
Booking Creation InformationPath Seeker and PlatformRetained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer.
Payment DataPayment service provider (Stripe) and PlatformRetained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer.
Payment Receipt RecordsPath Seeker and PlatformRetained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer.
Platform Retention Notice RecordsPath Seeker and PlatformRetained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer.
Session Review InformationPath Seeker and PlatformRetained until the Path Seeker's User account closure or until Review deletion, whichever is longer. Upon account closure, the data is anonymized and may be retained for as long as the Platform operates.
Refund DataPayment service provider (Stripe) and PlatformRetained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer.
Statistical Session DataPath Seeker and PlatformRetained until the Path Seeker's User account closure. Upon account closure, the data is anonymized and may be retained for as long as the Platform operates.

3.3 Activities Concerning Both Path Sharers and Seekers

Activities:

Session Invoice Issuance: issuing invoices or receipts in the name and on behalf of the Path Sharer to the Path Path Seeker and corresponding credit notes (if applicable).

Session Completion Issue Handling: enabling the submission, investigation, and Session status arbitration of Session Completion Issues.

Booking Management: enabling the Path Sharer and the Path Seeker to manage a Booking once created and paid, including acceptance, rescheduling, declining and cancellation.

Session Conduct: enabling the Path Sharer and the Path Seeker to conduct scheduled Sessions.

Platform Promotion: using Path Sharers’ public profile information, Session Reviews and success stories to promote the Platform.

Data categories:

Session Invoice Records: notably includes issued invoices or receipts and corresponding credit notes/refund receipts (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for both the Path Sharer as the seller and the Path Seeker as the buyer), Payment amounts, applicable VAT and transaction records. Note: these documents are issued by the Platform in the name and on behalf of the Path Sharer to the Path Seeker.

Session Completion Issue Information: notably includes issue content (type and description), associated Session identifiers, supporting evidence and final arbitration.

Booking Information: notably includes Booking status, Booking details (topic, duration, price), scheduled slot, User-provided notes regarding rescheduling or cancellation, and participant identifiers.

Session Execution Data: notably includes technical metadata such as Session IDs, timestamps, participant counts, and connection logs. Excludes all audio/video recordings.

Marketing & Promotional Assets: notably includes testimonials, interviews, and multimedia content (photo/audio/video) either derived from existing Platform content (such as Path Sharers’ public pages and Session Reviews) or produced specifically for promotional purposes.

Processing activities overview

ActivitiesData processedCollection methodLegal basis
Session Invoice IssuanceSession Invoice Records- Path Seeker-related information provided by the Path Seeker - Path Sharer-related information provided by the Path Sharer - Other data generated automatically by the PlatformCompliance with legal obligations
Session Completion Issue HandlingSession Completion Issue Information- Content provided by the Path Seeker - Supporting evidence generated automatically by the Platform or video conferencing provider (Zoom) or provided by Path Seeker and Path Sharer - Final arbitration provided by the Platform - Other information generated automatically by the PlatformPerformance of the contract
Booking ManagementBooking Information- Booking metadata generated automatically by the Platform - Inputs and selections provided by the Path Seeker or the Path SharerPerformance of the contract
Session ConductSession Execution DataGenerated automatically by the Platform and video conferencing provider (Zoom)Performance of the contract
Platform PromotionMarketing & Promotional AssetsProvided directly by Path Sharers and Path Seekers or derived from existing Platform content.Legitimate Interest & Data subject’s consent

Data retention by category

Data categoryProviderRetention period
Session Invoice RecordsPath Seeker, Path Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer.
Session Completion Issue InformationPath Seeker, Path Sharer, Platform and video conferencing provider (Zoom)Retained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer.
Booking InformationPath Seeker, Path Sharer and PlatformRetained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer.
Session Execution DataPlatform and video conferencing provider (Zoom)Retained for 3 years for complaint management and customer relationship tracking.
Marketing & Promotional AssetsPath Seeker, Path Sharer and PlatformRetained until the end of the promotional use or until consent is withdrawn.

3.4 Activities Concerning All Users

Activities:

Account Management: managing the lifecycle of User accounts, including creation, maintenance and closure.

Path Sharer Bookmark: enabling the User to bookmark any Path Sharer as favorite.

Feedback Handling: enabling the submission, review, and processing of User-submitted Feedback.

Report Handling: enabling the submission, investigation, and resolution of User-submitted Reports regarding potential violations of the Terms of Service.

Dispute Handling: enabling the submission, assessment, and resolution of User-submitted Disputes between the User and the Platform.

Other Request Handling: enabling the submission, verification, and processing of various User requests other than Feedback, Report and Dispute.

User Communication and Notification: sending relevant communications and notifications to Users.

User Reliability & Fair Booking Management: monitoring Booking-related behaviors to ensure a consistent experience. This includes tracking Booking and cancellation patterns, and applying automated restrictions on Booking management functions where predefined thresholds are exceeded.

Platform Development and Analytics: developing and improving the Platform functionalities to enhance user experience.

Data categories:

Personal Information: notably includes name and contact details.

Bookmark Data: notably includes identifiers for the User and the bookmarked Path Sharer, and activity timestamps.

Feedback Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.

Report Information: notably includes submission ID, content (description and attachments), status, supporting evidence and related communications with the Platform.

Dispute Information: notably includes submission ID, content (description and attachments), status, supporting evidence and related communications with the Platform.

Other Request Information: notably includes request content, supporting evidence, status and related communications with the Platform.

Communication and Notification Information: notably includes recipient details, message content and delivery metadata.

Account Metadata: notably includes User ID, creation date, modification history and records of account status changes.

Usage & Technical Metadata: notably includes browsing behavior (page views, clicks), activity statistics, and technical logs (IP address, device information, login attempts, and error logs).

Processing activities overview

ActivitiesData processedCollection methodLegal basis
Account Management- Personal Information - Account Metadata- Personal Information provided by the User - Account Metada generated automatically by the Platform based on User’s activitiesPerformance of the contract
Path Sharer BookmarkBookmark DataGenerated automatically by the Platform based on User’s activitiesPerformance of the contract
Feedback HandlingFeedback Information- Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the PlatformLegitimate Interest
Report HandlingReport Information- Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the PlatformCompliance with legal obligations & Legitimate Interest
Dispute HandlingDispute Information- Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the PlatformPerformance of the contract & Legitimate Interest
Other Request HandlingOther Request Information- Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the PlatformPerformance of the contract & Legitimate Interest
User Communication and NotificationCommunication and Notification Information- Recipient information provided by the User - Other information generated by the PlatformPerformance of a contract & Data subject’s consent (for marketing communications)
User Reliability & Fair Booking Management- Booking Creation Information - Booking InformationGenerated automatically by the Platform based on User’s activitiesLegitimate Interest
Platform Development and AnalyticsUsage & Technical MetadataGenerated automatically by the Platform based on User’s activitiesLegitimate Interest

Data retention by category

Data categoryProviderRetention period
Personal InformationUserRetained until User account closure except for data required to be archived for legal and tax compliance (10 years).
Bookmark DataUser and PlatformRetained until User account closure.
Feedback InformationUser and PlatformRetained for 1 year for customer relationship tracking.
Report InformationUser and PlatformRetained for 3 years for complaint management and customer relationship tracking.
Dispute InformationUser and PlatformRetained for 3 years for evidentiary purposes in the event of litigation.
Other Request InformationUser and PlatformRetained for 1 year for customer relationship tracking.
Communication and Notification InformationUser and PlatformRetained for 3 years for complaint management and customer relationship tracking.
Account MetadataUser and PlatformRetained until the account is closed, as they constitute essential elements of the User's account.
Usage & Technical MetadataUser and PlatformRetained for 1 year for service security.

3.5 Activities Concerning All Individuals

This section applies to any person interacting with the Platform, including Users and Visitors who have not yet created an account.

Activities:

Platform Security & Integrity: monitoring and analyzing technical logs and Platform interactions to detect and block unauthorized access, bot attacks, scraping, spam, and other malicious behavior or misuse of the interface by any individual, ensuring the overall security and reliability of the Platform.

Data Rights Request Handling: enabling the submission, identity verification, and resolution of the individual’s requests to exercise their personal data rights in compliance with the GDPR.

General Inquiries Handling: enabling the submission, review, and processing of general inquiries sent by any individual.

Data categories:

Usage & Technical Metadata: notably includes browsing behavior (page views, clicks), activity statistics, and technical logs (IP address, device information, login attempts, and error logs).

Data Rights Request Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.

General Inquiry Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.

Processing activities overview

ActivitiesData processedCollection methodLegal basis
Platform Security & IntegrityUsage & Technical MetadataGenerated automatically by the Platform based on individual’s activitiesLegitimate Interest
Data Rights Request HandlingData Rights Request Information- Content provided by the individual - Communication records provided by the individual and the Platform - Other information generated automatically by the PlatformCompliance with legal obligations
General Inquiries HandlingGeneral Inquiry Information- Content provided by the individual - Communication records provided by the individual and the Platform - Other information generated automatically by the PlatformLegitimate Interest

Data retention by category

Data categoryProviderRetention period
Usage & Technical MetadataIndividual and PlatformRetained for 1 year for service security.
Data Rights Request InformationIndividual and PlatformRetained for 5 years to comply with legal evidentiary obligations.
General Inquiry InformationIndividual and PlatformRetained for 1 year for customer relationship tracking.

4. Use of AI

The Platform uses artificial intelligence (AI) systems in limited ways to improve its functionality and security:

Semantic search: AI models are used to enhance the search functionality and return results based on the semantic relevance between the search query and Path Sharer Profiles, in order to improve user experience. The semantic search will only take information in Path Sharer Profile which are publicly displayed, excluding any personal confidential information.

Safety and security: The Platform may also use AI systems to detect and prevent harmful or fraudulent activities, including robot detection, fraud, and spam prevention.

5. Cookie Policy

The Platform uses cookies and similar technologies to ensure its proper operation and security.

5.1 Strictly Necessary Cookies

The Platform exclusively uses strictly necessary cookies to ensure its proper functioning. These cookies are exempt from consent requirements. They include:

Authentication & Identity (Clerk): Used to manage the User’s browsing sessions, keep the User securely logged in, and protect against session hijacking.

Security & Integrity (Clerk & Vercel): Used to detect bot activity, prevent scraping, provide CSRF protection, and ensure the technical stability of the Platform.

Payments & Fraud Prevention (Stripe): Essential for processing secure transactions and identifying fraudulent payment attempts.

Video Conferencing (Zoom): Used to enable the technical conduct of video Sessions and manage real-time connection quality.

Infrastructure & Hosting (Vercel): Used to ensure the reliable operation and availability of the Platform, optimize performance, and protect the Platform against network attacks (DDoS).

5.2 No Advertising or Tracking Cookies

The Platform does not use any cookies for targeted advertising, marketing, or third-party behavioral tracking. Privacy protection is a priority, and data collection is limited to what is strictly necessary for the operation of the Platform.

5.3 Cookie Choices

The Platform exclusively uses strictly necessary cookies. Consequently, the Platform does not provide a technical mechanism to disable these cookies, as the service cannot function without them.

While the User or the Visitor has the technical ability to manage or delete cookies at any time through their individual browser settings, it is noted that blocking or removing these strictly necessary cookies will prevent the proper functioning of the Platform.

6. Data Recipients and Possible Transfers

FlintOne does not sell the User’s or the Visitor’s personal data to third parties.

However, FlintOne may share the User’s or the Visitor’s information with trusted Third-Party Service Providers, professional advisors, potential acquirers, and public authorities where such sharing is necessary to ensure the operation of the Platform, comply with legal or regulatory obligations, enforce FlintOne’s rights, or protect the rights and safety of the User or the Visitor.

6.1 Third-Party Service Providers

FlintOne engages selected Third-Party Service Providers that process data exclusively for the operation of the Platform infrastructure. These providers are contractually committed to GDPR compliance and are prohibited from using the User’s or the Visitor’s data for any other purposes.

FlintOne shares data with the following categories of Third-Party Service Providers:

Identity and authentication provider: account credentials, Session data, and User identity information (applies to all Users).

Payment service provider: transaction data, Payment information, Commission deductions, and Payout management (applies to Path Seekers and Path Sharers).

Cloud infrastructure and hosting provider: all data processed on the Platform as necessary for web hosting, server infrastructure, and database hosting (applies to all Users and Visitors).

Video conferencing provider: Session connection data (applies to Path Seekers and Path Sharers).

Transactional email provider: email address and relevant notification content (applies to all Users).

Where data is transferred outside the European Economic Area (EEA), such transfers are carried out in accordance with applicable data protection laws, notably through the implementation of the European Commission’s Standard Contractual Clauses or other appropriate safeguards provided by the Third-Party Service Providers.

6.2 Public Authorities & Legal Obligations

FlintOne may disclose User and Visitor information to public authorities (notably tax authorities, courts, or law enforcement agencies) when required by law or in response to valid administrative requests. This includes mandatory reporting under DAC7, anti-money laundering regulations, or to ensure the safety and security of the Platform and its Users and Visitors.

6.3 Professional Advisors & Legal Protection

FlintOne may share limited information with professional advisors, including accountants, auditors, legal counsel, insurers or collection agencies to meet FlintOne’s bookkeeping obligations, enforce the Terms of Service, resolve Disputes, or protect FlintOne’s legal interests. These professionals are bound by strict confidentiality and data protection obligations.

7. Data Security

FlintOne attaches the utmost importance to the security and confidentiality of the User’s and the Visitor’s personal data.

FlintOne implements appropriate technical and organizational measures to ensure the ongoing security, confidentiality, integrity, availability, and resilience of its information systems and the personal data of the User and the Visitor, protecting them against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

These measures include, in particular:

SSL/TLS encryption of all data exchanged between the User or the Visitor and the Platform;

storage of personal data on secure infrastructure operated by industry-leading providers;

strict access controls, ensuring that only authorized personnel and Third-Party Service Providers may access personal data, in accordance with the principle of data minimization;

contractual confidentiality and data protection obligations applicable to all persons and Third-Party Service Providers with access to personal data.

8. GDPR rights

Under the GDPR, the User and any Visitor of the Platform benefit from the following rights:

Right of access

Right to rectification

Right to erasure (right to be forgotten)

Right to restriction of processing

Right to data portability

Right to object

Rights in relation to automated decision-making and profiling

Right to withdraw consent (where processing is based on consent)

Right to define instructions regarding the fate of personal data after death (specific to France)

8.1 How to exercise these rights

To exercise any of these rights, the User or the Visitor is invited to contact FlintOne via the Help Center.

In order to protect privacy and security, FlintOne will take reasonable steps to verify the identity of the User or the Visitor before responding to such requests. In accordance with the GDPR, FlintOne will respond to the request within one month except in the case of complex requests.

8.2 Complaints

The User and the Visitor also have the right to lodge a complaint with a supervisory authority. In France, the relevant authority is the CNIL (Commission Nationale de l'Informatique et des Libertés - www.cnil.fr). For other EU countries, the User or the Visitor is invited to consult the directory of the EU Data Protection Authorities.

This document was last updated on 26 May 2026.