Privacy Policy
Last updated: March 16, 2026
1. Introduction
This Privacy Policy explains how Marcin Szamatowicz, conducting business activity ("we", "us", "our", or "Flash Flamingo"), collects, uses, stores, and protects your personal data when you use our AI-powered fashion photography platform at https://flashflamingo.ai.
We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the Polish Act on the Protection of Personal Data.
2. Data Controller
The data controller responsible for your personal data is:
Marcin Szamatowicz
NIP: 1133126261 | REGON: 527928004
Address: ul. Kamionkowska 9 lok. 117, 03-805 Warszawa, Poland
Email: marcin@flashflamingo.ai
3. Personal Data We Collect
We collect and process the following categories of personal data:
3.1 Account Information
Name, email address, password (encrypted).
3.2 Payment Information
Handled by our third-party provider, Paddle. We do not store complete credit card details. Paddle may collect billing addresses and transaction history.
3.3 User Content
Product images you upload, AI-generated outputs, and AI fashion models created within the Flash Flamingo platform.
3.4 Technical Data
IP address, browser type, device info, usage logs, and cookies.
4. Purpose and Legal Basis for Processing
We process data under the following bases of Article 6 GDPR:
- Contract Performance (Art. 6(1)(b)): Providing access to the Flash Flamingo platform, generating AI outputs, and managing subscriptions.
- Legitimate Interests (Art. 6(1)(f)): Improving services, preventing fraud, and platform security.
- Legal Obligations (Art. 6(1)(c)): Compliance with Polish tax and accounting regulations.
- Consent (Art. 6(1)(a)): Marketing communications (if opted-in).
5. Data Retention
We retain data only as long as necessary:
- Account Data: Retained while the account is active; deleted within 30 days of request/expiration unless legal holds apply.
- Uploaded/Generated Content: Retained until 30 days after account deletion.
- Payment & Accounting Records: Retained for 5 years from the end of the calendar year in which the tax payment deadline expired (pursuant to Article 70 of the Polish Tax Ordinance).
- Technical Logs: Retained for up to 90 days.
6. AI Model Training and Automated Decision-Making
6.1 No AI Training on Your Data
We do not use your uploaded images or generated content to train our underlying AI models.
6.2 Automated Decision-Making
While Flash Flamingo uses AI to generate images, we do not perform "automated decision-making" that carries legal effects for the user under Art. 22 GDPR.
7. Third-Party Service Providers
We utilize the following processors:
- Hosting: AWS (Frankfurt, Germany).
- Payments: Paddle.
- AI Infrastructure: Replicate and OpenAI.
All processors are bound by Data Processing Agreements (DPA) to ensure GDPR compliance.
8. International Data Transfers
Data is primarily stored in the EEA (Germany). For providers in the USA (OpenAI, Replicate), we ensure protection via Standard Contractual Clauses (SCCs) or other mechanisms approved by the European Commission.
9. Your Rights Under GDPR
You have the right to:
- Access, Rectify, or Erase your data.
- Restrict processing or Object to processing.
- Data Portability.
- Withdraw Consent at any time.
Lodge a Complaint
You have the right to lodge a complaint with the Polish supervisory authority:
Prezes Urzędu Ochrony Danych Osobowych (PUODO)
ul. Stawki 2, 00-193 Warszawa, Poland
Website: https://uodo.gov.pl
10. Data Security
We implement technical measures (encryption, access controls) to protect your data. In the event of a high-risk breach, we will notify you and the PUODO within 72 hours as per Art. 33 GDPR.
11. Customer Testimonials
Flash Flamingo may display customer testimonials or company logos on our website with your prior consent or as agreed in our Terms & Conditions.
12. Contact Us
For any questions regarding your data, please contact: