Privacy Policy

This Policy describes how Flasset collects, uses, discloses, and protects personal information in connection with our Sites and services.

Last Updated: 5/12/2026

Scope

If we have entered into separate agreements with you regarding data privacy, including enterprise agreements, data processing agreements, or other written agreements, those agreements will control in the event of a conflict.

This Privacy Policy (“Policy”) describes the privacy practices of Flasset (“we,” “our,” or “us”), including our website at www.flasset.org and other sites under our control where this Policy is posted (collectively, the “Sites”). This Policy explains how we collect, use, disclose, and protect personal information about users, customers, business contacts, and other individuals.

We are committed to complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), Massachusetts privacy laws, and other relevant laws governing personal data.

1. Information We Collect

We collect and receive personal information from multiple sources, including direct interactions, third-party services, and automated technologies. “Personal information” means information relating to an identifiable person.

Platform Services and Business Administration

We may collect personal information from users, customers, business partners, service providers, and other individuals in connection with providing our platform and services, including:

Contact details, such as name, email address, postal address, phone number, and company name.
Account information, such as login credentials, role, organization affiliation, and user permissions.
Billing and payment data, such as payment card information and transaction details, typically processed by payment processors.
Platform data, such as asset metadata, usage rights information, tags, descriptions, ownership notes, permissions, restrictions, and related inputs provided by users.
Support and communication records, such as messages, requests, feedback, and service-related correspondence.

Website Interactions

When you visit our Sites, you may provide information such as event registration data, newsletter subscription information, contact form submissions, and user account details, if applicable.

Third-Party Sources

We may receive personal information from service providers and business partners, such as payment processors, analytics providers, authentication providers, hosting providers, and customer-designated integrations. We may also receive information from public databases or customer-provided datasets.

Device and Browsing Data

We automatically collect certain information when you visit our Sites, including IP address, browser type, device information, operating system, pages visited, session duration, referring URLs, and cookies and tracking technologies as described in Section 7.

We do not intentionally collect sensitive data unless necessary for operational, compliance, security, or legal purposes, or unless provided by a customer or user in connection with the Services.

2. How We Use Personal Information

Providing Platform Services

We use personal information to operate, maintain, and improve the Flasset platform, including organizing, managing, searching, displaying, and analyzing digital assets and related metadata.

User Communication and Support

We process personal information to respond to inquiries, provide support, send administrative updates, manage user relationships, and communicate about the Services.

Regulatory Compliance

We process information as needed to comply with applicable laws, regulations, contractual obligations, and legal processes.

Marketing and Outreach

We may use personal information to send updates, product information, newsletters, or event invitations. You may opt out of marketing communications at any time using the unsubscribe mechanism provided or by contacting us.

Platform Functionality and Security

We process personal information to monitor performance, improve user experience, maintain platform reliability, prevent fraud, detect unauthorized activity, and enhance cybersecurity.

Legal Basis for Processing (GDPR)

For individuals in the EEA or UK, we process data under one or more of the following legal bases:

Performance of a contract, including providing platform services.
Legitimate interests, including platform improvement, security, fraud prevention, analytics, and business administration.
Legal obligations, including compliance with applicable laws.
Consent, including for certain marketing communications, cookie tracking, or optional data collection activities.

3. Disclosure of Personal Information

We do not sell personal data. However, we may share personal information in limited circumstances, such as:

With vendors and service providers performing services on our behalf, including hosting, analytics, authentication, payment processing, customer support, security, and technical infrastructure.
With regulators, courts, law enforcement, or other parties if required by law or legal process, or where necessary to protect our rights, users, customers, or the security of the Services.
In connection with a merger, acquisition, restructuring, financing, or sale of assets, subject to appropriate safeguards.
With customer-designated administrators, integrations, or third parties where authorized by the customer or user.
With other third parties where you explicitly consent.

Where appropriate, third-party recipients are required to comply with confidentiality, privacy, and security obligations.

Flasset provides tools to organize, manage, and display asset-related information. Unless expressly agreed in writing, Flasset does not independently verify asset ownership, licensing rights, permissions, clearance status, or the legal sufficiency of user-provided metadata.

4. Your Privacy Rights

California Consumer Privacy Act (CCPA) Rights

California residents may have the right to access personal information we hold about them, request deletion of certain personal information, correct inaccurate personal information, and opt out of certain data sharing. We do not sell personal data.

General Data Protection Regulation (GDPR) Rights (EEA/UK)

Individuals in the EEA or UK may have rights including access, rectification, erasure in certain circumstances, restriction of processing, data portability, and objection to processing in certain circumstances.

FERPA (Educational Data)

Where applicable to educational records, we comply with FERPA requirements, including applicable rights to review and correct education records and restrict disclosure, subject to FERPA’s rules.

COPPA (Children’s Data)

We do not knowingly collect personal information from children under 13 through our public Sites. If we learn we have received such data without appropriate authorization, we will take appropriate steps to delete it or handle it as required by law.

To exercise privacy rights, contact us at privacy@flasset.org.

5. Data Security and Data Retention

We employ reasonable administrative, technical, and physical safeguards designed to protect personal information, including access controls, security monitoring, and encryption where appropriate.

We retain personal information for as long as reasonably necessary to provide services, comply with legal obligations, resolve disputes, enforce agreements, maintain business records, and support security and audit requirements. When no longer needed, information is securely deleted, anonymized, or otherwise handled in accordance with applicable requirements.

6. Cross-Border Data Transfers

If you access our services outside the United States, your data may be processed in the United States or other jurisdictions where data protection laws may differ from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers, which may include Standard Contractual Clauses or other lawful transfer mechanisms.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to improve website performance, analyze usage, enhance security, support core functionality, and understand how visitors interact with our Sites. You can manage cookies through your browser settings. If we provide a separate Cookie Policy or cookie preference tool, that policy or tool will provide additional information about available choices.

8. Third-Party Links

Our Sites may contain links to external websites or services. We are not responsible for their privacy practices. We recommend reviewing the privacy policies of any external sites before providing personal information.

9. Updates to This Policy

We may update this Policy periodically. If changes are material, we may provide notice by posting an update on our Sites or, where appropriate, by email or other reasonable means. Continued use of the Sites or Services after updates constitutes acceptance of the updated Policy.

10. Contact Information

If you have any questions about this Policy, please contact us:

Flasset
39 Sprague St., Dedham, MA 02026

Email: privacy@flasset.org