Privacy Policy
Table of Contents
1. Defined Terms
The definitions of the following terms are provided in the Terms of Service:
Platform
Visitor
User
Path Sharer
Path Sharer Profile
Session
Seeker
Booking
Session Review
Session Completion Issue
Feedback
Report
Commission
Payment
Payout
Refund
Dispute
Third-Party Service Provider
2. Introduction
The company FlintOne, a simplified joint-stock company registered with the RCS of Paris under number 104 953 906, with registered office at 58 rue de Monceau CS 48756 75380 Paris Cedex 08, France, operates the website www.beamthru.com (the “Platform”).
This Privacy Policy describes how FlintOne collects and processes the personal data of the User and any Visitor of the Platform as Data Controller.
FlintOne commits to collecting only the information necessary to provide a quality service, guaranteeing the confidentiality and security of such information, including when engaging Third-Party Service Providers, and facilitating the exercise of the User’s and the Visitor’s rights over their personal data in accordance with the European Union’s General Data Protection Regulation 2016/679 (the “GDPR”).
In accordance with the Terms of Service, the Platform is exclusively intended for Users who are at least 18 years old and legal residents of France, Germany, or Luxembourg. The Platform does not intentionally collect or process Personal Data from individuals located outside these countries. Users located outside France, Germany, and Luxembourg access the Platform at their own initiative and FlintOne makes no representation that the Platform complies with the laws of any other jurisdiction.
Data Controller
FlintOne acts as the data controller for the processing operations described in this Policy.
Contact for Personal Data Protection
For any questions regarding the protection of personal data or to exercise their rights, the User or the Visitor may contact FlintOne via the Help Center.
Effective Date and Modification
This Privacy Policy automatically takes effect as of 26 May 2026. FlintOne reserves the right to modify this Privacy Policy at any time. In the event of a substantial modification to this Policy, the User will be notified via email. By continuing to use the Platform after such modifications, the User is deemed to have acknowledged the updated Policy.
3. Processing of Personal Data
Personal data is processed based on the following legal grounds:
Performance of the contract: To provide the services requested by the User and ensure the proper operation of the Platform;
Compliance with legal obligations: To comply with mandatory laws, including those arising from DAC7, anti-money laundering requirements, and applicable tax or accounting regulations;
Legitimate interest: To ensure Platform security, prevent fraud, and improve our services;
Consent: For specific purposes such as marketing or newsletters, where the User has explicitly provided their agreement.
3.1 Activities Concerning Path Sharers Only
Activities:
Profile Management: managing the lifecycle of the Path Sharer Profile, including onboarding, updates and closure. This applies to all applicants, regardless of whether the onboarding process is completed or successful.
Identity Verification: verifying the identity documents of any prospective or active Path Sharer to ensure Platform security and prevent fraud.
Public and Booking Page Display: displaying the Path Sharer’s public and booking page containing notably Professional Information and Session Setup Information.
Search Ranking: determining the display order of Path Sharers in search results based on relevance.
Search Results Display: displaying a list of Path Sharers matching the Seeker’s search query.
Commission Invoice Issuance: issuing invoices and corresponding credit notes (if applicable) to the Path Sharer for the Platform’s Commissions.
Payout Management: managing Payout to the Path Sharer’s bank accounts.
Dashboard Metrics Monitoring: displaying key activity metrics for the Path Sharer.
Tax Reporting (DAC7): collecting and reporting mandatory information to tax authorities and providing the Path Sharer with an annual summary of his or her platform earnings in compliance with EU Directive 2021/514 (DAC7).
Data categories:
Identification Information: full name, date of birth and primary address.
Other Personal Information: email address, photo and timezone.
Identity Documents: copies of official ID cards or passports for identity verification purposes.
Verification Records: notably includes administrative data related to the verification process, such as verification status, completion date, unique reference numbers, and the outcome of the check.
Professional Information: notably includes career experience, educational background and self-introduction.
Session Setup Information: Session topics, duration, pricing and availability.
Tax Information: such as tax identification numbers and VAT details. All such information relates exclusively to data issued within the European Union.
Legal Status Information: information identifying the Path Sharer’s status as a private individual, sole proprietor or single-person company.
Business Information: notably includes business registration number and address.
Statistical Session Data: notably includes number of completed Sessions and number of likes received.
Earnings Data: comprehensive records of income generated through the Platform.
Commission Invoice Records: notably includes issued invoices and corresponding credit notes (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for both the Platform as the seller and the Path Sharer as the buyer), Commission amounts, applicable VAT and transaction records.
Payout Data: notably includes payout identifiers, payout status, amount and processing metadata. Note: Bank account details are neither accessed nor stored by FlintOne, such data is processed exclusively and securely by the third-party payment service provider (Stripe).
Profile Metadata: notably includes profile creation date, modification history and records of profile status changes.
Processing activities overview
| Activities | Data processed | Collection method | Legal basis |
|---|---|---|---|
| Profile Management | - Identification Information - Other Personal Information - Professional Information - Session Setup Information - Business Information (if applicable) - Tax Information - Legal Status Information - Profile Metadata | - Profile Metadata generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path Sharer | Performance of the contract |
| Identity Verification | - Identification Information - Identity Documents - Tax Information - Verification Records | - Verification Records provided by the Platform - Other information and documents provided by the Path Sharer | Compliance with legal obligations |
| Public and Booking Page Display | - Identification Information (e.g. name) - Other Personal Information (e.g. photo and timezone) - Legal Status Information - Professional Information - Session Setup Information - Statistical Session Data - Session Review Information - Profile Metadata (e.g. date of joining) | - Session Review Information: content provided by Path Seekers, other information generated automatically by the Platform - Statistical Session Data and date of joining generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path Sharer | Performance of the contract |
| Search Ranking | - Professional Information - Session Setup Information - Search Data | - Professional Information and Session Setup Information provided by the Path Sharer - Search Data provided by the Path Seeker | Performance of the contract |
| Search Results Display | - Identification Information (e.g. name) - Other Personal Information (e.g. photo) - Professional Information - Session Setup Information (e.g. pricing) - Statistical Session Data | - Statistical Session Data generated automatically by the Platform based on Path Sharer’s activities - Other information provided by the Path Sharer | Performance of the contract |
| Commission Invoice Issuance | - Commission Invoice Records | - Path Sharer-related information provided by the Path Sharer - Other data generated automatically by the Platform | Compliance with legal obligations |
| Payout Management | Payout Data | - Payout status and references obtained from payment service provider (Stripe) - Other data generated automatically by the Platform | Performance of the contract Compliance with legal obligations |
| Dashboard Metrics Monitoring | - Statistical Session Data - Earnings Data | Generated automatically by the Platform based on Path Sharer’s activities | Performance of the contract |
| Tax Reporting (DAC7) | - Identification Information - Legal Status Information - Tax Information - Business Information (if applicable) - Earnings Data - Statistical Session Data (e.g. number of completed Sessions per quarter) - Commission Invoice Records (e.g. Commissions and VAT withheld per quarter) | - Identification, Legal Status, Tax and Business Information provided by the Path Sharer - Other data generated automatically by the Platform based on Path Sharer’s activities | Compliance with legal obligations |
Data retention by category
| Data category | Provider | Retention period |
|---|---|---|
| Identification Information | Path Sharer | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Other Personal Information | Path Sharer | Retained until Path Sharer’s User account closure. |
| Identity Documents | Path Sharer | Collected solely for verification purpose and deleted immediately upon verification. |
| Verification Records | Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Professional Information | Path Sharer | Retained until the account is closed, as they are essential elements of the Path Sharer Profile. |
| Session Setup Information | Path Sharer | Retained until the account is closed, as they are essential elements of the Path Sharer Profile. |
| Tax Information | Path Sharer | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Legal Status Information | Path Sharer | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Business Information | Path Sharer | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Statistical Session Data | Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Earnings Data | Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Commission Invoice Records | Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Payout Data | Payment service provider (Stripe) and Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| Profile Metadata | Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until profile closure, whichever is longer. |
| All data categories collected during onboarding (refer to “Profile Management” in the table above) | Prospective Path Sharer (Incomplete or unsuccessful onboarding) | Retained for 1 year for security and fraud prevention. |
3.2 Activities Concerning Path Seekers Only
Activities:
Search of Path Sharers: enabling the Path Seeker to search for Path Sharers based on specified interests or criteria.
Booking Creation: enabling the Path Seeker to create Booking requests.
Booking Payment: enabling the Path Seeker to pay for the Booking.
Payment Receipt Issuance: issuing payment receipts as proof of transactions to the Path Seeker and corresponding refund receipts (if applicable).
Platform Retention Notice Issuance: issuing Platform Retention Notices directly to the Path Seeker in cases where a session is missed by both parties.
Session Review Submission: enabling the Path Seeker to submit a Session Review after the completion of a Session.
Refund Management: processing applicable refund to the Path Seeker related to Bookings and past Sessions.
Dashboard Metrics Monitoring: displaying key activity metrics for the Path Seeker.
Data categories:
Search Data: notably includes selected topics, search queries and frequency of searches.
Booking Creation Information: notably includes booking details (topic, duration, price), scheduled slot, request description and participant identifiers.
Payment Data: notably includes transaction identifiers, payment status, amount and processing metadata. Note: FlintOne does not have access or store payment details, these are processed directly and securely by payment service provider (Stripe).
Payment Receipt Records: notably includes issued payment receipts and corresponding refund receipts (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for the Path Seeker as the buyer), payment amounts, applicable VAT and transaction records.
Platform Retention Notice Records: includes issued Platform Retention Notices and all associated data required for accounting compliance (such as identity and billing address of the Path Seeker, retained amount and transaction records). Note: these invoices are issued directly by the Platform to the Path Seeker.
Session Review Information: Session Review provided by the Path Seeker and associated metadata.
Refund Data: notably includes refund amount and transaction records.
Statistical Session Data: notably includes number of completed Sessions and number of likes given.
Processing activities overview
| Activities | Data processed | Collection method | Legal basis |
|---|---|---|---|
| Search of Path Sharers | Search Data | Selected and provided by the Path Seeker | Performance of the contract |
| Booking Creation | Booking Creation Information | - Booking metadata generated automatically by the Platform - Inputs and Selections provided by the Path Seeker | Performance of the contract |
| Booking Payment | Payment Data | - Transaction status and references obtained from payment service provider (Stripe) - Other data generated automatically by the Platform | Performance of the contract Compliance with legal obligations |
| Payment Receipt Issuance | Payment Receipt Records | - Path Seeker-related information provided by the Path Seeker - Other data generated automatically by the Platform | Compliance with legal obligations |
| Platform Retention Notice Issuance | Platform Retention Notice Records | - Path Seeker-related information provided by the Path Seeker - Other data generated automatically by the Platform | Compliance with legal obligations |
| Session Review Submission | Session Review Information | - Content provided by the Path Seeker - Other information generated automatically by the Platform | Performance of the contract |
| Refund Management | Refund Data | - Refund status and references obtained from payment service provider (Stripe) - Other data generated automatically by the Platform | Performance of the contract Compliance with legal obligations |
| Dashboard Metrics Monitoring | Statistical Session Data | Generated automatically by the Platform based on the Path Seeker's activities | Performance of the contract |
Data retention by category
| Data category | Provider | Retention period |
|---|---|---|
| Search Data | Path Seeker | Retained, in anonymized form, for as long as the Platform operates. |
| Booking Creation Information | Path Seeker and Platform | Retained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer. |
| Payment Data | Payment service provider (Stripe) and Platform | Retained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer. |
| Payment Receipt Records | Path Seeker and Platform | Retained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer. |
| Platform Retention Notice Records | Path Seeker and Platform | Retained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer. |
| Session Review Information | Path Seeker and Platform | Retained until the Path Seeker's User account closure or until Review deletion, whichever is longer. Upon account closure, the data is anonymized and may be retained for as long as the Platform operates. |
| Refund Data | Payment service provider (Stripe) and Platform | Retained for 10 years from the year following DAC7 declaration or until Path Seeker's User account closure, whichever is longer. |
| Statistical Session Data | Path Seeker and Platform | Retained until the Path Seeker's User account closure. Upon account closure, the data is anonymized and may be retained for as long as the Platform operates. |
3.3 Activities Concerning Both Path Sharers and Seekers
Activities:
Session Invoice Issuance: issuing invoices or receipts in the name and on behalf of the Path Sharer to the Path Path Seeker and corresponding credit notes (if applicable).
Session Completion Issue Handling: enabling the submission, investigation, and Session status arbitration of Session Completion Issues.
Booking Management: enabling the Path Sharer and the Path Seeker to manage a Booking once created and paid, including acceptance, rescheduling, declining and cancellation.
Session Conduct: enabling the Path Sharer and the Path Seeker to conduct scheduled Sessions.
Platform Promotion: using Path Sharers’ public profile information, Session Reviews and success stories to promote the Platform.
Data categories:
Session Invoice Records: notably includes issued invoices or receipts and corresponding credit notes/refund receipts (if applicable), and all associated data required for tax and accounting compliance (such as identity, legal status, and billing addresses for both the Path Sharer as the seller and the Path Seeker as the buyer), Payment amounts, applicable VAT and transaction records. Note: these documents are issued by the Platform in the name and on behalf of the Path Sharer to the Path Seeker.
Session Completion Issue Information: notably includes issue content (type and description), associated Session identifiers, supporting evidence and final arbitration.
Booking Information: notably includes Booking status, Booking details (topic, duration, price), scheduled slot, User-provided notes regarding rescheduling or cancellation, and participant identifiers.
Session Execution Data: notably includes technical metadata such as Session IDs, timestamps, participant counts, and connection logs. Excludes all audio/video recordings.
Marketing & Promotional Assets: notably includes testimonials, interviews, and multimedia content (photo/audio/video) either derived from existing Platform content (such as Path Sharers’ public pages and Session Reviews) or produced specifically for promotional purposes.
Processing activities overview
| Activities | Data processed | Collection method | Legal basis |
|---|---|---|---|
| Session Invoice Issuance | Session Invoice Records | - Path Seeker-related information provided by the Path Seeker - Path Sharer-related information provided by the Path Sharer - Other data generated automatically by the Platform | Compliance with legal obligations |
| Session Completion Issue Handling | Session Completion Issue Information | - Content provided by the Path Seeker - Supporting evidence generated automatically by the Platform or video conferencing provider (Zoom) or provided by Path Seeker and Path Sharer - Final arbitration provided by the Platform - Other information generated automatically by the Platform | Performance of the contract |
| Booking Management | Booking Information | - Booking metadata generated automatically by the Platform - Inputs and selections provided by the Path Seeker or the Path Sharer | Performance of the contract |
| Session Conduct | Session Execution Data | Generated automatically by the Platform and video conferencing provider (Zoom) | Performance of the contract |
| Platform Promotion | Marketing & Promotional Assets | Provided directly by Path Sharers and Path Seekers or derived from existing Platform content. | Legitimate Interest & Data subject’s consent |
Data retention by category
| Data category | Provider | Retention period |
|---|---|---|
| Session Invoice Records | Path Seeker, Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer. |
| Session Completion Issue Information | Path Seeker, Path Sharer, Platform and video conferencing provider (Zoom) | Retained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer. |
| Booking Information | Path Seeker, Path Sharer and Platform | Retained for 10 years from the year following DAC7 declaration or until the Path Sharer profile or the Path Seeker’s User account closure, whichever is longer. |
| Session Execution Data | Platform and video conferencing provider (Zoom) | Retained for 3 years for complaint management and customer relationship tracking. |
| Marketing & Promotional Assets | Path Seeker, Path Sharer and Platform | Retained until the end of the promotional use or until consent is withdrawn. |
3.4 Activities Concerning All Users
Activities:
Account Management: managing the lifecycle of User accounts, including creation, maintenance and closure.
Path Sharer Bookmark: enabling the User to bookmark any Path Sharer as favorite.
Feedback Handling: enabling the submission, review, and processing of User-submitted Feedback.
Report Handling: enabling the submission, investigation, and resolution of User-submitted Reports regarding potential violations of the Terms of Service.
Dispute Handling: enabling the submission, assessment, and resolution of User-submitted Disputes between the User and the Platform.
Other Request Handling: enabling the submission, verification, and processing of various User requests other than Feedback, Report and Dispute.
User Communication and Notification: sending relevant communications and notifications to Users.
User Reliability & Fair Booking Management: monitoring Booking-related behaviors to ensure a consistent experience. This includes tracking Booking and cancellation patterns, and applying automated restrictions on Booking management functions where predefined thresholds are exceeded.
Platform Development and Analytics: developing and improving the Platform functionalities to enhance user experience.
Data categories:
Personal Information: notably includes name and contact details.
Bookmark Data: notably includes identifiers for the User and the bookmarked Path Sharer, and activity timestamps.
Feedback Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.
Report Information: notably includes submission ID, content (description and attachments), status, supporting evidence and related communications with the Platform.
Dispute Information: notably includes submission ID, content (description and attachments), status, supporting evidence and related communications with the Platform.
Other Request Information: notably includes request content, supporting evidence, status and related communications with the Platform.
Communication and Notification Information: notably includes recipient details, message content and delivery metadata.
Account Metadata: notably includes User ID, creation date, modification history and records of account status changes.
Usage & Technical Metadata: notably includes browsing behavior (page views, clicks), activity statistics, and technical logs (IP address, device information, login attempts, and error logs).
Processing activities overview
| Activities | Data processed | Collection method | Legal basis |
|---|---|---|---|
| Account Management | - Personal Information - Account Metadata | - Personal Information provided by the User - Account Metada generated automatically by the Platform based on User’s activities | Performance of the contract |
| Path Sharer Bookmark | Bookmark Data | Generated automatically by the Platform based on User’s activities | Performance of the contract |
| Feedback Handling | Feedback Information | - Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the Platform | Legitimate Interest |
| Report Handling | Report Information | - Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the Platform | Compliance with legal obligations & Legitimate Interest |
| Dispute Handling | Dispute Information | - Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the Platform | Performance of the contract & Legitimate Interest |
| Other Request Handling | Other Request Information | - Content provided by the User - Communication records provided by the User and the Platform - Other information generated automatically by the Platform | Performance of the contract & Legitimate Interest |
| User Communication and Notification | Communication and Notification Information | - Recipient information provided by the User - Other information generated by the Platform | Performance of a contract & Data subject’s consent (for marketing communications) |
| User Reliability & Fair Booking Management | - Booking Creation Information - Booking Information | Generated automatically by the Platform based on User’s activities | Legitimate Interest |
| Platform Development and Analytics | Usage & Technical Metadata | Generated automatically by the Platform based on User’s activities | Legitimate Interest |
Data retention by category
| Data category | Provider | Retention period |
|---|---|---|
| Personal Information | User | Retained until User account closure except for data required to be archived for legal and tax compliance (10 years). |
| Bookmark Data | User and Platform | Retained until User account closure. |
| Feedback Information | User and Platform | Retained for 1 year for customer relationship tracking. |
| Report Information | User and Platform | Retained for 3 years for complaint management and customer relationship tracking. |
| Dispute Information | User and Platform | Retained for 3 years for evidentiary purposes in the event of litigation. |
| Other Request Information | User and Platform | Retained for 1 year for customer relationship tracking. |
| Communication and Notification Information | User and Platform | Retained for 3 years for complaint management and customer relationship tracking. |
| Account Metadata | User and Platform | Retained until the account is closed, as they constitute essential elements of the User's account. |
| Usage & Technical Metadata | User and Platform | Retained for 1 year for service security. |
3.5 Activities Concerning All Individuals
This section applies to any person interacting with the Platform, including Users and Visitors who have not yet created an account.
Activities:
Platform Security & Integrity: monitoring and analyzing technical logs and Platform interactions to detect and block unauthorized access, bot attacks, scraping, spam, and other malicious behavior or misuse of the interface by any individual, ensuring the overall security and reliability of the Platform.
Data Rights Request Handling: enabling the submission, identity verification, and resolution of the individual’s requests to exercise their personal data rights in compliance with the GDPR.
General Inquiries Handling: enabling the submission, review, and processing of general inquiries sent by any individual.
Data categories:
Usage & Technical Metadata: notably includes browsing behavior (page views, clicks), activity statistics, and technical logs (IP address, device information, login attempts, and error logs).
Data Rights Request Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.
General Inquiry Information: notably includes submission ID, content (description and attachments), status and related communications with the Platform.
Processing activities overview
| Activities | Data processed | Collection method | Legal basis |
|---|---|---|---|
| Platform Security & Integrity | Usage & Technical Metadata | Generated automatically by the Platform based on individual’s activities | Legitimate Interest |
| Data Rights Request Handling | Data Rights Request Information | - Content provided by the individual - Communication records provided by the individual and the Platform - Other information generated automatically by the Platform | Compliance with legal obligations |
| General Inquiries Handling | General Inquiry Information | - Content provided by the individual - Communication records provided by the individual and the Platform - Other information generated automatically by the Platform | Legitimate Interest |
Data retention by category
| Data category | Provider | Retention period |
|---|---|---|
| Usage & Technical Metadata | Individual and Platform | Retained for 1 year for service security. |
| Data Rights Request Information | Individual and Platform | Retained for 5 years to comply with legal evidentiary obligations. |
| General Inquiry Information | Individual and Platform | Retained for 1 year for customer relationship tracking. |
4. Use of AI
The Platform uses artificial intelligence (AI) systems in limited ways to improve its functionality and security:
Semantic search: AI models are used to enhance the search functionality and return results based on the semantic relevance between the search query and Path Sharer Profiles, in order to improve user experience. The semantic search will only take information in Path Sharer Profile which are publicly displayed, excluding any personal confidential information.
Safety and security: The Platform may also use AI systems to detect and prevent harmful or fraudulent activities, including robot detection, fraud, and spam prevention.
5. Cookie Policy
The Platform uses cookies and similar technologies to ensure its proper operation and security.
5.1 Strictly Necessary Cookies
The Platform exclusively uses strictly necessary cookies to ensure its proper functioning. These cookies are exempt from consent requirements. They include:
Authentication & Identity (Clerk): Used to manage the User’s browsing sessions, keep the User securely logged in, and protect against session hijacking.
Security & Integrity (Clerk & Vercel): Used to detect bot activity, prevent scraping, provide CSRF protection, and ensure the technical stability of the Platform.
Payments & Fraud Prevention (Stripe): Essential for processing secure transactions and identifying fraudulent payment attempts.
Video Conferencing (Zoom): Used to enable the technical conduct of video Sessions and manage real-time connection quality.
Infrastructure & Hosting (Vercel): Used to ensure the reliable operation and availability of the Platform, optimize performance, and protect the Platform against network attacks (DDoS).
5.2 No Advertising or Tracking Cookies
The Platform does not use any cookies for targeted advertising, marketing, or third-party behavioral tracking. Privacy protection is a priority, and data collection is limited to what is strictly necessary for the operation of the Platform.
5.3 Cookie Choices
The Platform exclusively uses strictly necessary cookies. Consequently, the Platform does not provide a technical mechanism to disable these cookies, as the service cannot function without them.
While the User or the Visitor has the technical ability to manage or delete cookies at any time through their individual browser settings, it is noted that blocking or removing these strictly necessary cookies will prevent the proper functioning of the Platform.
6. Data Recipients and Possible Transfers
FlintOne does not sell the User’s or the Visitor’s personal data to third parties.
However, FlintOne may share the User’s or the Visitor’s information with trusted Third-Party Service Providers, professional advisors, potential acquirers, and public authorities where such sharing is necessary to ensure the operation of the Platform, comply with legal or regulatory obligations, enforce FlintOne’s rights, or protect the rights and safety of the User or the Visitor.
6.1 Third-Party Service Providers
FlintOne engages selected Third-Party Service Providers that process data exclusively for the operation of the Platform infrastructure. These providers are contractually committed to GDPR compliance and are prohibited from using the User’s or the Visitor’s data for any other purposes.
FlintOne shares data with the following categories of Third-Party Service Providers:
Identity and authentication provider: account credentials, Session data, and User identity information (applies to all Users).
Payment service provider: transaction data, Payment information, Commission deductions, and Payout management (applies to Path Seekers and Path Sharers).
Cloud infrastructure and hosting provider: all data processed on the Platform as necessary for web hosting, server infrastructure, and database hosting (applies to all Users and Visitors).
Video conferencing provider: Session connection data (applies to Path Seekers and Path Sharers).
Transactional email provider: email address and relevant notification content (applies to all Users).
Where data is transferred outside the European Economic Area (EEA), such transfers are carried out in accordance with applicable data protection laws, notably through the implementation of the European Commission’s Standard Contractual Clauses or other appropriate safeguards provided by the Third-Party Service Providers.
6.2 Public Authorities & Legal Obligations
FlintOne may disclose User and Visitor information to public authorities (notably tax authorities, courts, or law enforcement agencies) when required by law or in response to valid administrative requests. This includes mandatory reporting under DAC7, anti-money laundering regulations, or to ensure the safety and security of the Platform and its Users and Visitors.
6.3 Professional Advisors & Legal Protection
FlintOne may share limited information with professional advisors, including accountants, auditors, legal counsel, insurers or collection agencies to meet FlintOne’s bookkeeping obligations, enforce the Terms of Service, resolve Disputes, or protect FlintOne’s legal interests. These professionals are bound by strict confidentiality and data protection obligations.
7. Data Security
FlintOne attaches the utmost importance to the security and confidentiality of the User’s and the Visitor’s personal data.
FlintOne implements appropriate technical and organizational measures to ensure the ongoing security, confidentiality, integrity, availability, and resilience of its information systems and the personal data of the User and the Visitor, protecting them against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
These measures include, in particular:
SSL/TLS encryption of all data exchanged between the User or the Visitor and the Platform;
storage of personal data on secure infrastructure operated by industry-leading providers;
strict access controls, ensuring that only authorized personnel and Third-Party Service Providers may access personal data, in accordance with the principle of data minimization;
contractual confidentiality and data protection obligations applicable to all persons and Third-Party Service Providers with access to personal data.
8. GDPR rights
Under the GDPR, the User and any Visitor of the Platform benefit from the following rights:
Right of access
Right to rectification
Right to erasure (right to be forgotten)
Right to restriction of processing
Right to data portability
Right to object
Rights in relation to automated decision-making and profiling
Right to withdraw consent (where processing is based on consent)
Right to define instructions regarding the fate of personal data after death (specific to France)
8.1 How to exercise these rights
To exercise any of these rights, the User or the Visitor is invited to contact FlintOne via the Help Center.
In order to protect privacy and security, FlintOne will take reasonable steps to verify the identity of the User or the Visitor before responding to such requests. In accordance with the GDPR, FlintOne will respond to the request within one month except in the case of complex requests.
8.2 Complaints
The User and the Visitor also have the right to lodge a complaint with a supervisory authority. In France, the relevant authority is the CNIL (Commission Nationale de l'Informatique et des Libertés - www.cnil.fr). For other EU countries, the User or the Visitor is invited to consult the directory of the EU Data Protection Authorities.
This document was last updated on 26 May 2026.
