Flagpost

Privacy Policy

Flagpost AI Inc.

Effective Date: May 1, 2026

Overview

Flagpost AI Inc. ("Flagpost," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website or register for and use our platform (collectively, the "Services"), and the choices you have. By using the Services, you agree to the collection and use of information as described here.

This Policy does not apply to the content our customers or their users upload into the platform to run a transaction. We process that content on the customer's instructions and under our agreement with them, not under this Policy. See "Information We Process on Behalf of Our Customers" below.

Definitions

  • Company / we / us / our: Flagpost AI Inc., 325 Front St W, Toronto, Ontario, Canada, responsible for your information under this Policy.
  • Customer: a company, organization, or person that registers to use the Services to run a transaction or manage relationships with their own users.
  • Personnel: individuals employed by, or under contract to, Flagpost.
  • Personal Information: information that identifies, relates to, or could reasonably be linked to an identifiable individual.
  • Customer Content (or End-User Data): documents, files, and other content uploaded into the platform.
  • Service: the website, platform, and related applications provided by Flagpost.
  • Cookie: a small data file saved by your browser to identify it, support functionality, and provide analytics.

Information We Collect

We collect the following categories of personal information directly and through your use of the Services:

  • Information you provide: your name, business email, employer, job title, password, and other details you give us when you request access to, register for, or use the platform, contact us, or complete a form on our website.
  • Usage data: pages visited, features used, and actions taken in the Services.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and log information generated when you access the Services.

How We Use Information

We use the personal information we collect to:

  • Provide, operate, secure, maintain, and improve the Services.
  • Authenticate access, manage accounts, and provide support.
  • Communicate with you about your account, access, service updates, and administrative matters.
  • Send service-related and, where permitted, occasional product communications, which you can opt out of at any time.
  • Monitor and analyze usage to understand and improve the Services.
  • Detect, prevent, and address security incidents, fraud, and misuse.
  • Comply with legal obligations and enforce our agreements.

We do not sell your personal information, and we do not use it for advertising. We do not use your personal information, or any Customer Content, to train, develop, or improve any artificial intelligence or machine-learning models.

Information We Process on Behalf of Our Customers

When you upload Customer Content into the platform for a transaction, we process it as a service provider and processor, on behalf of and under the instructions of the customer that engaged us. We handle it only to provide the Services, keep it confidential, and do not use it for our own purposes, for marketing, or to train AI models. We have no direct relationship with the individuals whose personal information may appear in uploaded content.

Our handling of Customer Content is governed by our agreement with the customer and any applicable Data Processing Addendum, not by this Policy. To access, correct, or delete content in a data room, please contact the customer that invited you (your advisor or the firm running the transaction); we will support their instructions. We retain and delete Customer Content according to the customer's instructions and our agreement with them.

How We Share Information

We do not sell your personal information or share it for advertising. We may share it with:

  • Service providers and subprocessors who help us operate and support the Services. They are bound by confidentiality obligations no less protective than ours and may use the information only to provide services to us. Our current subprocessors are listed at flagpost.ai/subprocessors.
  • Corporate affiliates, who will handle it consistent with this Policy.
  • Legal and protective purposes, where reasonably necessary to comply with law or legal process, enforce our agreements, or protect the rights, safety, and security of Flagpost, our users, or the public.
  • Business transfers, in connection with a merger, acquisition, financing, sale of assets, or insolvency, provided the recipient agrees to handle the information consistent with this Policy.

Cookies and Similar Technologies

We use a limited set of cookies and similar technologies, and we do not use advertising, targeting, or cross-site tracking cookies.

  • Strictly necessary cookies enable core functions such as signing in and keeping the Services secure.
  • Functional cookies remember your preferences and settings.
  • Analytics cookies help us understand how the Services are used so we can improve them.

We also use related technologies such as local storage and sessions to support functionality and remember your preferences. We do not place personally identifiable information in cookies. Most browsers let you block or delete cookies and similar technologies through their settings; blocking strictly necessary cookies may prevent parts of the Services from working, and you may need to clear stored data through your browser directly. Because there is no common standard for "Do Not Track" signals, we do not currently respond to them.

Data Security

We maintain industry-standard organizational, administrative, physical, and technical safeguards to protect personal information, and we restrict employee access to those who need it to deliver and support the Services. No method of transmission or storage is completely secure, but we work to protect your information and will notify affected parties of a confirmed breach as required by law and our customer agreements.

Data Retention

We retain personal information only for as long as necessary for the purposes described in this Policy or as required by law. Customer Content is retained and deleted according to the customer's instructions and our agreement with them.

Your Privacy Choices and Rights

For personal information we control, you may access, correct, or delete it, request a copy, and opt out of non-essential communications. To make a request, contact us at support@flagpost.ai. We may take reasonable steps to verify your identity before acting on a request. For Customer Content uploaded into the platform, where we act as a processor, please direct your request to the customer that invited you, and we will support their instructions.

Please note it is not always technologically possible to remove every record of information you have provided, for example because backups may retain a copy in a non-erasable form. Promptly after receiving your request, information in the systems we actively use will be updated, corrected, or deleted as appropriate, to the extent reasonably and technically practicable.

U.S. State Privacy Rights

This section applies to residents of U.S. states with comprehensive privacy laws, including California (under the CCPA, as amended by the CPRA).

In the past 12 months we have collected the categories of personal information described in "Information We Collect," namely identifiers (such as name, email, and IP address), customer records and contact information, professional or employment information (such as employer and job title), commercial information (such as account and billing details), and internet or network activity (such as usage and log data). We collect this information from you directly and through your use of the Services, and we use and disclose it for the business purposes described in this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes that would require a right to limit.

Subject to applicable law, you have the right to know and access the personal information we have collected, to request correction or deletion, to be free from discrimination for exercising your rights, and, where a state law provides it, to appeal a decision on your request. To exercise these rights, submit a verifiable request to support@flagpost.ai; you may use an authorized agent. We will respond within the timeframes required by law.

For personal information we process on behalf of a business customer, we act as that customer's service provider and do not retain, use, or disclose it except to provide the Services. Requests regarding that information should be directed to the customer, and we will assist them as required.

Canada

For users in Canada, we handle personal information in accordance with applicable Canadian privacy law, including PIPEDA. You may request access to, or correction of, the personal information we hold about you by contacting us at support@flagpost.ai.

Personnel

If you are a Flagpost employee, contractor, or applicant, we collect information you provide for human resources and recruitment purposes. Separate internal notices may apply to that information.

Data Processing Locations

We operate primarily in North America. Your personal information may be stored and processed in the United States and Canada by us and our service providers. Where information is transferred across borders, we apply safeguards consistent with applicable law.

Links to Other Websites and Third-Party Services

The Services may contain links to, or make available, websites and services we do not operate or control. This Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. When you follow a link away from the Services, the third party's own terms and policies govern. We encourage you to review them.

Children's Privacy

The Services are intended for business use and are not directed to anyone under 18. We do not knowingly collect personal information from individuals under 18, and will delete such information if we become aware of it.

Governing Law

This Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-laws principles.

Your Consent

By using the Services or contacting us directly, you consent to this Privacy Policy. If you do not agree, you should not use the Services.

Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new Effective Date and, for material changes, provide additional notice before they take effect.

Contact Us

If you have questions about this Policy or our privacy practices, contact us at support@flagpost.ai, or write to Flagpost AI Inc., 325 Front St W, Toronto, Ontario, Canada.