Privacy Policy
Last Updated: January 18, 2026
1. Introduction
This Privacy Policy explains how FlutterSDK ("we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our website (fluttersdk.com), services, and applications (collectively, the "Services").
We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR/DSGVO), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
FlutterSDK
Contact: [email protected]
For data protection inquiries, please contact us at the email address above.
3. Personal Data We Collect
We collect personal data in the following ways:
3.1 Information You Provide Directly
| Category | Data Types | Purpose |
|---|---|---|
| Account Registration | Name, email address, password (encrypted) | To create and manage your user account |
| Profile Information | Avatar image, display name | To personalize your experience |
| Newsletter/Waitlist | Email address, phone number (optional) | To send product updates and marketing communications |
| Contact Form | Name, email address, message content | To respond to your inquiries |
| Beta Applications | Motivation statement, application details | To evaluate beta program eligibility |
3.2 Information Collected Automatically
| Category | Data Types | Purpose |
|---|---|---|
| Device Information | IP address, browser type, operating system, device identifiers | Security, fraud prevention, and service optimization |
| Usage Data | Pages visited, features used, timestamps | Service improvement and analytics |
| Session Data | Session tokens, browser fingerprint | Authentication and security |
| Referral Data | Referring URL, campaign parameters | Marketing attribution |
3.3 Information from Third Parties
| Source | Data Types | Purpose |
|---|---|---|
| Google OAuth | Name, email, profile picture | Account authentication |
| GitHub OAuth | Username, email, profile picture | Account authentication |
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6 GDPR:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and management | Performance of contract | Art. 6(1)(b) |
| Service delivery and support | Performance of contract | Art. 6(1)(b) |
| OAuth/Social login | Performance of contract | Art. 6(1)(b) |
| Newsletter and marketing | Your consent | Art. 6(1)(a) |
| Beta program applications | Your consent | Art. 6(1)(a) |
| Contact form responses | Legitimate interest | Art. 6(1)(f) |
| Analytics (Google Analytics) | Legitimate interest | Art. 6(1)(f) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
5. How We Use Your Data
We use your personal data for the following purposes:
- Service Provision: To operate, maintain, and improve our Services
- Account Management: To create, authenticate, and manage your account
- Communication: To respond to inquiries and send service-related notifications
- Marketing: To send newsletters and promotional content (with your consent)
- Beta Programs: To evaluate applications and manage early access programs
- Analytics: To understand usage patterns and improve our Services
- Security: To detect, prevent, and address fraud and security issues
- Legal Compliance: To comply with applicable laws and regulations
6. Data Sharing and Recipients
We may share your personal data with the following categories of recipients:
6.1 Service Providers
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Cloud Platform | Hosting infrastructure | EU/US | EU-US Data Privacy Framework, SCCs |
| Google Analytics | Website analytics | US | EU-US Data Privacy Framework |
| Google OAuth | Authentication | US | EU-US Data Privacy Framework |
| GitHub OAuth | Authentication | US | EU-US Data Privacy Framework |
6.2 Other Disclosures
We may also disclose your data:
- To comply with legal obligations or valid legal requests
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice to you)
- With your explicit consent
We do not sell your personal data to third parties.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework: For US-based providers certified under the framework
- Standard Contractual Clauses (SCCs): EU-approved contractual clauses
- Adequacy Decisions: Where the European Commission has determined adequate protection
8. Cookies and Tracking Technologies
8.1 Essential Cookies
We use essential cookies necessary for the operation of our Services. These do not require consent.
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication and security | Session |
| CSRF token | Security protection | Session |
8.2 Analytics Cookies (Google Analytics)
We use Google Analytics to understand how visitors use our website. Google Analytics uses cookies to collect anonymized usage data.
You may opt out of Google Analytics by:
- Installing the Google Analytics Opt-out Browser Add-on
- Adjusting your browser cookie settings
9. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion |
| Session data | 30 days |
| Contact form submissions | 90 days after resolution |
| Newsletter subscriptions | Until unsubscription |
| Beta applications | Duration of program + 12 months |
| Analytics data | 26 months (Google Analytics default) |
| Backup data | 30 days |
After the retention period, data is securely deleted or anonymized.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access (Art. 15) | Request a copy of your data | Email us or use account settings |
| Rectification (Art. 16) | Correct inaccurate data | Update in account settings |
| Erasure (Art. 17) | Request deletion of your data | Use "Delete Account" in settings |
| Restriction (Art. 18) | Limit how we use your data | Email us |
| Portability (Art. 20) | Receive your data in a portable format | Email us |
| Objection (Art. 21) | Object to certain processing | Email us |
| Withdraw Consent (Art. 7(3)) | Withdraw previously given consent | Email us or use unsubscribe links |
10.1 Account Deletion
You can delete your account at any time through your account settings. Upon deletion:
- Your personal data will be anonymized or deleted
- Connected social accounts will be unlinked
- All OAuth tokens will be revoked
- Your sessions will be terminated
- Anonymized data may be retained for legal or statistical purposes
10.2 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. In Germany, the competent authorities include:
- BfDI (Federal Commissioner for Data Protection): bfdi.bund.de
- State data protection authorities (Landesdatenschutzbeauftragte)
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Passwords are hashed using industry-standard algorithms (bcrypt)
- Transport Security: All data transmitted via HTTPS/TLS
- Access Controls: Role-based access to personal data
- Infrastructure Security: Secured hosting on Google Cloud Platform
- Regular Updates: Timely security patches and updates
While we strive to protect your data, no method of transmission over the Internet is 100% secure.
12. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes (if you have an account)
Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.
14. Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us:
FlutterSDK
Email: [email protected]
We will respond to your inquiry within 30 days.