Privacy Policy

Last modified on: 16.10.2020

While operating (‘FlutLab’), hereinafter collectively referred to as the ‘Website’ or ‘Services’, FlutLab Installer (Android Application, available on Play Store), FLUTLAB s.r.o. as the owner of the Website (‘we’, ‘Company’, ‘us’) is committed to being fully transparent as regards our privacy practices.

For this reason, we developed this Privacy Policy to inform you (‘you’ or ‘user’) how your personal data may be processed. We tried to write this Privacy Policy in clear and plain language for your better understanding of the complicated legal stuff. By doing so we hope you will get all needed details to be assured your personal data is safe with us.

In this document, you will find out:

  • what data we process, how and for what purposes we process your personal data;
  • when and how we can share your personal data with third parties;
  • how long we retain your personal data;
  • our protection measures to keep your personal data secure;
  • your rights in respect of processing your personal data.

What is personal data?

Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives the opportunity to a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data also includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information.

Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.

Other terms used in this Privacy Policy have the same meaning as in our Terms of Use and the Regulation (EU) 2016/679 known as General Data Protection Regulation, or GDPR.

What data do we collect?

Account data. When registering a User Account on our Website, you will need to provide us with your chosen user name and a valid email address. You will also need to create a password. Without these data, we will not be able to provide you with our main Services so that we will call it ‘necessary data’. When you sign up through a third-party social media account such as Google or Facebook account, you give us consent to extract from such an account your first and last name and your email address.

While filling your account information afterwards, at your own choice, you may submit to your User Profile links to your social network accounts (like Facebook, Github, Bitbucket, GitLab, Twitter, etc.) and fill a ‘Bio’ field. When you provide us with a link to your public or private account on any social media, you grant our FlutLab users a right to contact you via these social media regarding your Projects. We will call these data as ‘additional account information’ since this information is not required for the Services provision. You provide it at your own discretion. Keep in mind that these data are not necessarily required. Without such information, you will still be able to use our Services.

We kindly ask you not to provide us with any excessive personal data, including sensitive data, in your Bio or otherwise.

Third-parties data. When using FlutLab, you may voluntarily provide us with the email of the third party to share your Project with that email owner. We collect and further process this data without the consent of such a person but to offer them our Services (to conclude the contract with us). Please note that by providing us with the third party’s data, you confirm that you received their clear and unambiguous consent to transfer that data to us. The third party has the right to dismiss the invitation to join your team within FlutLab and to inform us that they have not allowed you to provide us with their data. In such a case, we will immediately delete this data and stop the processing. You are solely responsible for all activities that you perform on our Website with the third parties' data without their consent.

Subscription to newsletters. When you subscribe to our newsletters, we collect and further process your email address and your user name. In no case, we will overwhelm you with hundreds of letters, but, at any time, you can choose to stop receiving our emails. If you want to cease this type of communication, uncheck the “Subscribe to newsletters” button in the ‘Edit Profile’ section, or tap on “Unsubscribe” link which is present in each of our emails.

Data connected with your requests. When you send any request or message via the form for the bug reports, the online chat available on the Website or the email address for user support, we collect and process the data you voluntarily provide us with (e.g. your name, email address, name of the company you represent, phone number etc.). We kindly ask you not to provide us with any excessive personal data, including sensitive data.

Automated collection (cookies and similar technologies). The cookies are tiny pieces of code that may remain in your device after you have visited some website.

Cookies and similar web technologies help us to automatically receive the information from your device and send the information back to improve your interaction with the Website and ensure its effective functioning. The personal data collected through the automated collection could include: IP address and unique device identifiers and device attributes, like operating system and browser type.

If you consent to the respective use of cookies, we may also collect information about your activity on the Website to run the analytics and provide you with more relevant advertisements.

Please refer to our Cookies Policy to find more details.

Also please pay attention that we do not collect your payment credentials (bank credentials, cards numbers and dates of issuance etc.). Such information may be collected exclusively by third-party payment providers with the respective licenses and security measures with regard to your payment credentials.

Why and for what purposes we collect your data?

Lawful basis. As you can see in our Terms of Use, our Services include the Website using, the Website maintenance, as well as the user support and information services. We collect and process most of the personal data described in the Section above to fulfil our contractual obligations under our Terms of Use, that is for the performance of the contract.

We collect your email address to send you our newsletters and other communication if you request us to do so by subscribing to our newsletters or based on our legitimate interest. We may do so to provide you with some useful information, notify you of any updates regarding our Website or Services and inform you about our or our partners’ offers. In no case we will overwhelm you with hundreds of letters, but, at any time, you can choose to stop receiving our emails. If you want to cease this type of communication, simply use the “Unsubscribe” button which is present in each of our emails.

If you voluntarily provide us with data connected with your requests, you also agree that we may collect and process these data to provide you with the additional information and support services within our Terms of Use.

Processing and purposes. We collect and process the personal data described in the Section above in order to provide you with all necessary services within our Website (including to make steps to conclude the contract with the User).

In particular, we collect and process different types of data for such purposes:

  1. your email address and user name in order to provide you with our primary Services, create and maintain your User Account, communicate with you at your request, identify you when you want to publish information in our blog or forum and, send you our newsletters and other communication on the basis of our legitimate interest or if you requested that;
  2. additional account information in order to maintain your User Profile and provide you a possibility to communicate with the users of your Project published on FlutLab using your relevant social media;
  3. third party’s data only to allow you to share your Project with that third party and to provide such third party with access to your Project and our Services (to conclude the contract with us); if such person creates the User Account, further provided personal data would be processed on the terms provided in this Privacy Policy;
  4. data connected with your requests only to provide you with the user support services (e.g. provision of the full and accurate information regarding the User’s issue).

How long do we store your data?

Retention period. Generally, we will not store any data you provide for longer than the specific Service requires. To be more precise, we store your data for such periods of time:

  1. your account data – as long as you keep your User Account active;
  2. your email address and user name provided for subscription to newsletters – as long you are subscribed to newsletters, until you unsubscribe;
  3. third party’s data – as long as you continue to share the Project with that third party until you delete the relevant Project;
  4. data connected with your requests – during our communication with you and 6 (six) months thereafter to ensure that you are satisfied with our response and you have received all needed information.

Back-ups period. We may, from time to time, back up all data placed within the Website as described in our Terms of Use. This procedure allows us to maintain our Website and gives the possibility to restore the previous state of the Website in case of the breakage. The back-ups may include the complete copies of the personal data collected within the Services provision and will exist as a sole file that needs to be unzipped to be used. That is, such backups may include, among other things, your personal data that we collected at the time the copy was made. However, your data in the backups will only be used to restore our Website or your User Account if applicable under the Terms of Use. We delete each back- up 60 days after it has been created.

Other processing

Please note that sometimes we may process your data for the period longer than indicated in the sections above. Such processing could be carried by us only for statistical purposes as it is provided for in Article 5 of the GDPR and subject to the appropriate safeguards in accordance with applicable data protection laws.

What are statistical purposes? Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical results do not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Services.

In most cases, we will anonymize your data before starting processing it for the statistical purposes. As a result, such data will be no longer considered personal and its use will be not governed by data protection laws.

Additionally, we may process your data:

  • for the compliance with our legal obligations;
  • to protect your vital interests or vital interests of another natural person;
  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for the purposes of the legitimate interests pursued by us or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Website or to protect ourselves, our subcontractors, partners and affiliates against legal liability).

If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).

Please note that we do not sell your data or make any decision based solely on automated processing that may produce legal effects or similar significant effects.

Persons accessing your personal data

You probably understand that our Website doesn’t work autonomously. In order to provide high-quality services, the Company hires people, enters into agreements with independent contractors as well as cooperates with other services providers, companies and organizations. For those reasons, some of your personal data can be passed to the mentioned persons.

However, in all cases, we adhere to all the requirements of applicable data protection laws and do our best to ensure the security of data processing at all stages.

To fulfil the above-mentioned purposes, we may share your data with the following persons:
  1. Our employees and contractors

    We may share your data with our employees or verified contractors. We engage individual entrepreneurs and individuals from the EU and Ukraine.

    When we transfer data to the country not recognised by the European Commission as ensuring an adequate level of data protection, we secure such transmission by including standard contractual clauses compliant with the EU data protection laws into our data processing agreements.

  2. Third-partу services

    The Company engages a number of trusted third-party service providers in order to support different features of our Website and ensure its overall functioning. We also use third-party services to organize our work in the most efficient way and provide our clients with the best customer service.

    Therefore, we may grant the following third-party service providers (and their subcontractors) with a limited access to your personal data:

    1. Google Analytics (the USA) is well-known online business analytics service that helps us to understand how our users interact with our Website. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. As a big transnational corporation, Google engages sub- contractors to carry out its obligations under contracts with customers. The list of Google’s sub- contractors engaged in the provision of Google Ads services (including Google Analytics, Google Tag Manager and Google Optimize) is provided for here.
    2. Google Cloud Platform (the USA) is a suite of cloud computing services that offers the infrastructure as a service, platform as a service, and serverless computing environments. They provide us only hosting and website management services. The list of Google’s sub-contractors engaged to the provision of Google Cloud Platform services is provided for here. The DPA is available here.
    3. Contabo (Germany, EU) is our provider of the hosting and website management services. Contabo’s sub-contractors are specified here (section VII).
    4. Digital Ocean (the USA) is our cloud infrastructure provider that help us with the hosting and website management services.Digital Ocean Inc. is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. To provide the above-mentioned services Digital Ocean is cooperating with the sub-contractors specified in Annex A of their DPA.
    5. The Rocket Science Group LLC d/b/a Mailchimp (Georgia, USA) is the email marketing service that help us with the emailing campaigns management. The sub-contractors currently engaged by Mailchimp are available here. You can find more details about Mailchimp’s privacy commitments here.
    6. PayPal (the USA) is our payment services provider that supports online money transfer. They run our billing processes, resolve relevant payment inquiries and help us to make refunds. Please take into account that it is not the Company but only PayPal who collects your payment information. You can find more details about PayPal’s privacy commitments here.
    7. Stripe (the USA) is another one payment services provider that also helps us with billing processes, resolving the relevant payment inquiries and making refunds. Please note that it is not the Company but only Stripe who collects your payment information. You can find more details about Stripe’s privacy commitments here.

    If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. However, we want to reassure you that due to their residency of headquarters or affiliates companies (USA and European Union) they all are subject to the best worldwide standards of data protection. We care about your data security and choose only reliable partners.

    As regards the engagement of the above-mentioned service providers, we take all necessary steps to ensure compliance with the applicable data protection laws such as the GDPR. In particular, we make sure that your personal data is being protected and used only within the purposes specified in this Privacy Policy. This is achieved by using only certified services and products, signing agreements on protection of personal data with contractors and partners, as well as taking technical measures to ensure the information is protected when stored, used and while being processed and transferred.

    When we transfer data to the country not recognised by the European Commission as ensuring an adequate level of data protection, we secure such transmission by choosing service providers certified under EU-U.S. Privacy Shield Framework, including standard contractual clauses compliant with the EU data protection laws into our data processing agreements or using alternative safeguards according with the applicable laws.

    No transfer of your data will be carried unless appropriate safeguards are in place.

    You also have to know that we may disclose your personal data to enforce and comply with the laws. In other words, we may disclose information necessary for the investigation or legal process on official request or the official bodies acting within their powers.

Your rights as to your personal data

You have the following rights regarding your personal data we collect and process:

  1. You have a right to access to your personal data processed by the Company and right to data portability. This means that you can ask us what personal data of yours is processed. You may ask us if we process your personal data or not. You may also ask for the clarifications on the information described in this Privacy Policy, i.e. purpose of collecting and processing, categories of data processed, period of processing, the list of third parties which have access to information, and information on protection measures we implemented. We will provide this requested information in a structured, commonly used and machine-readable format to enable you to transmit those data to another party or service provider.
  2. You have a right to request from us to rectify your personal data. You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.
  3. You have a right to request us to erase personal data. You can request us to erase personal data if its processing is no longer necessary to achieve purposes for which it was collected as well as if there are no legal grounds for the processing. In most cases, we will erase it unless otherwise required by legislation.
  4. You have a right to restrict the processing of your personal data by the Company. In some cases, prescribed by law you will also be able to restrict the processing of your data. For example, if you contest the accuracy of your personal data being processed or if we are not interested in our processing of your personal data any longer, but you want us to do this for other reasons, for example, to bring some claim against somebody – then, instead of the erasure of information, its processing will be just restricted.
  5. You have a right to withdraw your consent. You can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise set by law.
  6. You have a right to object to the processing. In some cases, prescribed by the applicable laws you can object to processing of your personal data. You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms. If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing.

Time for reply and reaction to your request

The Company will provide information on action taken on your request related to your rights specified above within one month of receipt of the request for the longest. That period may be extended by two months if we are overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. We will inform you of any such extension within one month of receipt of the request, together with the reasons of such delay.

If you have doubts as to our reply or reaction, or absence of such, you have the right to lodge a complaint with a supervisory authority that is empowered to process such complaints in your country.

How to exercise your rights as to your personal data?

Any requests to exercise your rights can be directed to us via the contact details provided below. These requests are free of charge.

Please note that we may ask you to verify your identity before responding to such requests.

Your age

The privacy of children is one of our concerns. Here at our Website we can provide services only in case you are aged 18 (or under other age of majority under the law of your country), or older. If you are under the age of majority, you will need to get your parent’s/guardian’s permission before submission of any personal data to us. If you are underage, and there is no data as to your parent’s/guardian’s permission to use our Website, please do not provide us with your consent for data processing.

Security of data and breach notifications

We process your data using computers and/or other IT enabled tools. We also take technical and organizational measures to ensure the personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

For example, we use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. We also use Hypertext Transfer Protocol Secure (HTTPS) to ensure secure communication through the Internet. Moreover, we guide and train our personnel to process your data securely. In particular, we require our contractors to use strong passwords and enable multi-factor authentication.

In regard to protection from unauthorized access to personal data, we have implemented firewall, passwords hashing and two-factor authentication. For emergency cases we also regularly backup data to be able to restore it when it is needed. We require all our employees and subcontractors to enter in the non-disclosure agreements and data processing agreements (if applicable).

While taking necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violation of your rights as a data subject, we would inform you and the respective data protection agencies as to the accidents without undue delay. We will also do our best to minimize any such risks.

Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time. If we decide to do so, we will notify you of any changes via email and/or a prominent notice on our Website. We will also indicate the “Last modified” date at the top of this Privacy Policy and provide you with the details on key changes.

Contact Information

If you have any questions about this Privacy Policy or your data being processed by us, you are welcome to contact us:

Company name: FLUTLAB s.r.o.
Šancová 4007/48, 811 05
Bratislava, Slovakia.


FlutLab Android Installer privacy policy

What data do we collect?

FlutLab installer collects the following details of your android device:

  • Device manufacturer;
  • Android OS build number and version;
  • Android OS name and Platform Id;
  • device Architecture type;
  • is it emulator or real device.

Also, FlutLab Installer collects the data of installation events (which project and when was installed).

Android Installer also collects Application Log messages and stores them inside Flutlab website database.

All the processes of data storage and user rights (related to those processes) described for FlutLab website Privacy Policy are applied for FlutLab Installer also because it (FlutLab Installer) is the logical extension of other FlutLab services and automations.

Cookies Policy

Last modified on: 16.10.2020

This Cookies Policy is a part of our Terms of Use and Privacy Policy.

What are cookies?

Cookies are small pieces of code that are stored on your device when you browse and use websites or other online services. They are installed on your device to enable different useful features, for example, to facilitate navigation on the website. We use cookies to improve your user experience, aggregate statistics and obtain data about how the Website is being used. These data enable us to develop and optimize the Website.

In some cases, cookies are used to collect data that is recognized to be personal data, such as IP addresses and data linked to the IP address. The usage of such cookies is regulated by the data protection laws, and you as a user obtain more rights to control the collection and processing of these data.

After installed on your device, cookies may be either deleted automatically when you close the website/web browser (so-called “session cookies”), or stored on your device to facilitate future visits to the website (so-called “permanent cookies”). Permanent cookies are automatically deleted after a period of time set by the website owner.

Some of the services collect statistics in aggregated form and may not require the consent of the user or may be managed directly by the owner – depending on how they are described – without the help of third parties.

Which cookies do we use?

We may install on your device the following types of cookies:

TypeDescription and purposeNameStorage and retenation period
Analytical cookiesThese cookies are strongly required for the error-free operation of the Website, as well as for its security and accessibility. Without them we will not be able to provide you with the information services as prescribed in our Terms of Use. You may decline these cookies by changing your browser settings, but this may affect how the Website is functioning.auth._refresh_token.local
Stored only for the session duration
Functional cookiesThis type of cookies is also known as ‘preferences cookies.’ We use the functional cookies to remember your choice not to allow analytical and commercial cookies.auth.redirect
Stored only for the session duration
Analytical cookiesThese cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. These cookies are set by third-party analytics service Google Analytics.* The data collected in such a way is stored in aggregated form, and it does not constitute personally identifiable information._ga
Stored for 3 months

* Google Analytics is our online business analytics service that helps us to understand how our users interact with our Website. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

How does the Company deal with data collected through the cookies?

The cookies consent message was the first message that you were likely to see when you visited our Website. In most cases we ask you for a consent to install cookies. This does not apply only to the cookies strictly required for the functioning of the Website in general and some of its features in particular (e.g. the very option to refuse analytical and commercial cookies).

Data that we collect with the cookies, where it is personal data, are processed in accordance with provisions of our Privacy Policy. For instance, our employees and sub-contractors may be able to access these data. Moreover, your data may be processed on our behalf by the third-party service providers mentioned above. For more information on our practices, see our Privacy Policy.

Can you withdraw your consent and turn the cookies off?

Yes, you can do that by choosing the appropriate settings of your browser. The following links might be useful for you to choose the best option of your browser and OS:

In order to opt out of the collection of data by Google Analytics across all websites, please visit the following web-page: Google Analytics Opt-out Browser Add-on.

Contact Information

If you have any questions about this Cookies Policy, please contact us.

Company name: FLUTLAB s.r.o.
Šancová 4007/48, 811 05
Bratislava, Slovakia.