Privacy & Cookie Policy

Your privacy is important to us. This page explains how we collect, use, and protect your data.

Last updated: March 25, 2026

Privacy Policy

Data controller: FunctionFly LLC (d/b/a FunctionFly), a Wyoming limited liability company with principal operations in Fort Worth, Texas, United States.

These disclosures supplement our Terms of Service, including sections on acceptable use and regulated data.

Sensitive and regulated data

Do not submit PCI data, PHI, or sensitive government-issued identifiers through the Service unless we have explicitly agreed to support that data in writing. Contact us first before sending regulated or highly sensitive data.

Information we collect

We collect information you provide directly to us, such as when you create an account, use our services, publish or execute functions, or contact us for support. We also collect certain technical data necessary to operate and secure the Service.

  • Account and profile information (email, name, company, authentication and session data)
  • Billing and transaction metadata (subscription status, invoice IDs, wallet activity, and related records)
  • Function and execution data (function metadata you publish, deployment/configuration details, execution timestamps, latency, and error logs)
  • Agent and API usage (API keys you create, agent identities you register, quotas/limits events, and policy enforcement outcomes)
  • Device, browser, and network information (IP address, user agent, approximate location, and security signals)
  • Vault data: when you use the vault, we process encrypted ciphertext and operational metadata. We do not receive your vault passphrase and cannot decrypt your vault secrets by design.
  • Support communications (messages and attachments you send to us)
  • AI-assisted interactions (prompts, chat messages, and related context you send through AI features such as FlyMind, in-app assistants, or semantic search)

How we use your information

  • Provide and maintain our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Communicate with you about products and services
  • Improve our services through analytics
  • Operate AI-assisted features you choose to use (chat, search, embeddings, moderation, and optimization)
  • Prevent fraud, abuse, and security incidents; enforce rate limits and acceptable use
  • Comply with legal obligations and respond to lawful requests

Legal bases for processing (EEA/UK)

Where EEA/UK data protection laws apply, we process personal information only when we have a valid legal basis:

  • Contract — to provide the services you request and perform our Terms of Service
  • Legitimate interests — to secure, improve, and operate the Service in ways that are not overridden by your rights
  • Legal obligations — to comply with applicable laws, regulations, and lawful requests
  • Consent — where required, and which you can withdraw at any time for future processing

Information sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.

  • Service providers and subprocessors that help us operate the Service (including hosting, email, payments, and analytics as described below)
  • To comply with applicable law, legal process, or lawful requests, or to protect the rights, property, and safety of FunctionFly, our users, or others
  • In connection with a merger, acquisition, financing, reorganization, bankruptcy, or asset sale, with notice where appropriate
  • With your direction, instruction, or consent

Automated processing and decision-making

We use automated systems to help detect abuse, fraud, security threats, quota misuse, and other policy violations. These systems may flag events for investigation or trigger protective controls. Where required by law, we do not make decisions that produce legal or similarly significant effects based solely on automated processing without appropriate human review.

AI services, model inference, and training

FunctionFly may operate an internal AI layer (for example our FlyMind AI service) that powers features such as LLM-assisted chat and guidance, semantic search and embeddings, routing/optimization suggestions, anomaly detection, and content moderation (including optional third-party moderation APIs when configured).

When you use these features, we send your prompts, messages, function metadata, code snippets, logs, or other inputs you submit to the configured model providers (for example OpenAI, Anthropic, Ollama, or OpenRouter) to generate responses, embeddings, or moderation scores. We use that processing to operate the Service—not to train or fine-tune FunctionFly-owned general-purpose models on your content unless we obtain your explicit consent and describe that program separately.

Third-party model providers may process inputs under their own terms and privacy policies (including how they use data for safety, abuse prevention, and model improvement). We encourage you to review those policies when you choose a provider or model.

We may use aggregated or de-identified operational telemetry (for example latency, error rates, routing outcomes, and usage patterns) to improve reliability and internal optimization models. That is separate from using your conversation prompts to train a consumer-facing LLM.

Our product design and engineering documentation targets not retaining LLM interactions long-term for training purposes; short-lived storage may still occur for session continuity, debugging, support, security, or legal compliance where required.

Data retention

We retain your personal information for different periods of time depending on the type of data and the purpose for which it was collected:

Account data

Account information, profile data, and authentication details are retained for as long as your account remains active and for up to 3 years after account deletion to comply with legal obligations and resolve disputes.

Usage and analytics data

Usage analytics, performance metrics, and security logs are typically retained for up to 2 years to help us improve our services, resolve incidents, and maintain system security.

Execution and platform logs

Operational logs related to function execution, API requests, policy enforcement, and billing events are retained for varying periods depending on the log type and purpose (for example, debugging, abuse prevention, or financial recordkeeping). We may retain certain records longer where required by law.

Communication records

Customer support communications and service-related messages are retained for 3 years for quality assurance and legal compliance purposes.

Marketing data

Marketing preferences and campaign interaction data are retained for 1 year after your last interaction with our marketing communications.

We may retain data longer when required by law, involved in legal proceedings, or necessary for legitimate business purposes. You can request deletion of your data at any time.

Third-party services

We work with trusted third-party service providers to operate our business and deliver our services. These providers may have access to your personal information only to perform specific tasks on our behalf:

Analytics and performance monitoring

  • Sentry — error tracking and application monitoring (dashboard)
  • Website analytics providers (if enabled) — used to understand site usage and improve content

Payment processing

  • Stripe — secure payment processing and transaction management

AI and language model providers

  • OpenAI — LLM completions, embeddings, and optional moderation API when configured
  • Anthropic — LLM completions when configured
  • Ollama — local or self-hosted LLM and embeddings when configured
  • OpenRouter — model routing for chat when configured (see provider capabilities for embeddings)

Cloud infrastructure and hosting

  • S3-compatible object storage — storing artifacts and files (provider varies by deployment)
  • Cloudflare — content delivery network and security services
  • Vercel — frontend deployment and hosting platform

Communication services

  • Resend — transactional email delivery (production/staging)
  • SMTP providers you configure — for example Gmail, SendGrid, or Mailgun (depending on your deployment and settings)

All third-party providers are contractually obligated to maintain the confidentiality and security of your personal information and may only use it for the specific purposes we authorize.

International data transfers

FunctionFly operates globally, and your personal information may be transferred to and processed in countries other than your own. We implement appropriate safeguards to protect your data during international transfers:

Data transfer mechanisms

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with equivalent privacy protections
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent when required by applicable law

Data hosting locations

Your data may be stored and processed in data centers located in the United States, European Union, and other jurisdictions. We use industry-leading cloud providers with robust security certifications.

Cross-border data flows

When transferring data across borders, we ensure that appropriate safeguards are in place, including encryption in transit and at rest, access controls, and regular security assessments.

If you are located in the European Economic Area or other regions with strict data transfer requirements, you have the right to obtain details about the safeguards we use for international data transfers.

Security measures

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption

  • Data in transit: TLS 1.3 encryption for all data transmissions
  • Data at rest: AES-256 encryption for stored data
  • Database encryption: transparent data encryption for sensitive information

Access controls

  • Role-based access control (RBAC) limiting data access to authorized personnel
  • Multi-factor authentication (MFA) for all administrative access
  • Regular access reviews and automated deprovisioning
  • Principle of least privilege applied to all systems

Security monitoring

  • 24/7 security monitoring and intrusion detection systems
  • Regular security audits and vulnerability assessments
  • Automated threat detection and response systems
  • Security information and event management (SIEM) systems

Breach response procedures

In the event of a security breach, we have established incident response procedures that include immediate containment, investigation, notification to affected users within 72 hours (when legally required), and remediation measures. We maintain comprehensive breach logs and conduct post-incident reviews to prevent future occurrences.

While we implement robust security measures, no system is completely immune to risks. We regularly update our security practices based on emerging threats and industry best practices.

Children's privacy

FunctionFly is committed to protecting children's privacy online. Our services are not intended for children under 13 years of age.

COPPA compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and similar international laws regarding children's privacy. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Age verification

During account registration, users must confirm they are at least 13 years old. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

Parental rights

Parents or guardians may request to review, modify, or delete personal information collected from their child under 13. To exercise these rights, please contact us using the information provided below.

Content and features

Our platform is designed for business and professional use. We do not offer features specifically targeted at children, and we do not collect information for marketing to children.

If you believe we have collected information from a child under 13 without proper consent, please contact us immediately.

Zero-knowledge vault

Secrets you store in the vault are encrypted client-side. We process ciphertext and metadata needed to operate the feature; we do not receive your vault passphrase and cannot decrypt your secrets by design.

Cookie details

Status below describes typical categories. Exact storage depends on your choices in the app and this site.

Necessary cookies Always active

Essential cookies required for the website to function properly. These cannot be disabled.

Purpose: Session management, authentication, security features  ·  Duration: Session / 1 year

Analytics cookies Opt-in on dashboard

Help us understand how visitors interact with our website by collecting anonymous information.

Purpose: Usage analytics, performance monitoring  ·  Duration: Up to 2 years

Marketing cookies Opt-in on dashboard

Used to deliver personalized advertisements and track campaign effectiveness where enabled.

Purpose: Targeted advertising, retargeting  ·  Duration: Up to 1 year

Functionality cookies Opt-in on dashboard

Enable enhanced functionality and personalization features.

Purpose: Language preferences, UI customization  ·  Duration: Up to 1 year

Your rights

GDPR rights (EU users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA rights (California users)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of the sale of personal information
  • Right to delete personal information
  • Right to non-discrimination for exercising CCPA rights

Exercising your rights

To exercise applicable privacy rights, contact us at privacy@functionfly.com. We may need to verify your identity before fulfilling a request.

  • Verification may require confirming account ownership or recent account activity
  • Authorized agents may submit requests on your behalf where permitted by law
  • We generally respond within 30 to 45 days, depending on the law that applies to your request
  • Where required, you may request an appeal or review of a rights decision

U.S. state privacy disclosures

FunctionFly does not sell personal information for monetary consideration. We also do not share personal information for cross-context behavioral advertising unless we disclose that practice and provide any legally required opt-out controls.

Changes to this policy

We may update this Privacy & Cookie Policy from time to time. We will update the "Last updated" date on this page when changes are posted, and we will provide additional notice for material changes where required by law.

Contact us

If you have any questions about this Privacy Policy or our cookie practices, please contact us:

Legal entity: FunctionFly LLC (d/b/a FunctionFly), Wyoming (operations: Fort Worth, Texas, United States)

Email: privacy@functionfly.com

Phone: +1 (555) 123-4567

Back to home