Effective Date: August 13, 2025
Last Updated: August 13, 2025
Phleid LLC ("Phleid," "we," "us," or "our"), a Delaware limited liability company, provides AI-powered retention orchestration services that enable businesses to coordinate marketing across email, SMS, push notifications, and other channels. This Privacy Policy explains how we process information when you use our services, website, and platforms (collectively, the "Services").
We are committed to protecting privacy and ensuring transparent data processing practices. As a technology service provider, we primarily act as a data processor on behalf of our business clients who use our platform to orchestrate retention flows across their existing marketing tools. This Privacy Policy describes our processing activities, security measures, and your rights regarding personal information.
Phleid operates in two distinct capacities regarding personal information processing. First, we act as a data controller for information we collect directly from our business clients and website visitors, including account registration information, billing details, and support communications. Second, and more significantly, we act as a data processor when our business clients use our Services to orchestrate retention campaigns to their end users.
In our role as a data processor, we process personal information solely on behalf of and under the instructions of our business clients, who remain the data controllers responsible for determining the purposes and means of processing. We do not permanently store end-user personal information on our servers. Instead, we temporarily process this information through Cloudflare's secure infrastructure to facilitate campaign orchestration, flow execution, and notification delivery.
When providing our Services, we process different categories of information depending on your relationship with Phleid. For our business clients, we collect account registration information including company name, contact person details, email addresses, phone numbers, and billing information necessary for account management and service provision. We also collect usage data regarding pass creation, distribution metrics, and platform interaction patterns.
For end users who receive passes created through our platform, we process information as directed by our business clients. This typically includes device identifiers necessary for pass delivery, location data when geofencing features are enabled, pass interaction data such as updates and deletions, and any custom fields our clients choose to include in their passes. Importantly, this end-user information is processed temporarily to execute the requested service and is not retained on Phleid servers.
Our website and platform also automatically collect certain technical information through standard web technologies. This includes IP addresses, browser types, operating system information, referring URLs, and interaction data with our website and services. This information helps us maintain security, improve our Services, and understand usage patterns.
Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, we process personal information based on several legal grounds. For our business clients, we process information as necessary for the performance of our service contract, including account management, service delivery, and support provision. We also process certain information based on our legitimate interests in maintaining service security, preventing fraud, improving our Services, and conducting business analytics.
When processing end-user information as a data processor, we rely on our business clients to establish appropriate legal bases for their processing activities. Our clients are responsible for obtaining necessary consents, establishing contractual relationships, or identifying other valid legal grounds for processing end-user personal information through our Services.
For marketing communications to our business clients, we rely on consent, which can be withdrawn at any time through the unsubscribe mechanisms provided in our communications or by contacting our support team.
We use the information we process for specific, limited purposes essential to our service provision. Primary uses include delivering our mobile wallet pass services, processing payments and maintaining accurate billing records, providing customer support and responding to inquiries, and ensuring platform security and preventing unauthorized access or abuse.
We also use information to improve and develop our Services based on usage patterns and client feedback, send service-related communications including updates and maintenance notifications, comply with legal obligations and respond to lawful requests from authorities, and protect our rights and the rights of our clients and end users.
We do not sell personal information to third parties. We do not use end-user personal information for our own marketing purposes or create user profiles for advertising. Our processing is limited to what is necessary to provide our Services to our business clients.
Security is fundamental to our service design and operations. We implement comprehensive technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. All data transmitted through our Services is encrypted using industry-standard AES-256 encryption protocols. Data processing occurs through Cloudflare's secure infrastructure, which maintains ISO 27001 and SOC 2 Type II certifications.
Our security measures include regular security assessments and vulnerability testing, strict access controls with role-based permissions for our personnel, secure development practices and code review procedures, incident response procedures for potential security events, and employee training on data protection and security practices.
We maintain detailed logs of system access and data processing activities for security monitoring and audit purposes. Our infrastructure is designed with redundancy and backup systems to ensure service availability and data integrity. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security despite our robust protective measures.
We share personal information only in limited circumstances necessary for service provision. Our primary infrastructure provider, Cloudflare, processes data on our behalf under strict contractual terms ensuring appropriate security and confidentiality. We may engage other service providers for specific functions such as payment processing, customer support tools, and business analytics, all bound by data protection agreements.
We may disclose personal information when required by law, court order, or other legal process, or when necessary to protect our rights, property, or safety, or that of our clients or the public. In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity, with appropriate notice provided to affected parties.
We do not sell, rent, or trade personal information to third parties for their marketing purposes. Any sharing of end-user information is conducted solely as directed by our business clients in their capacity as data controllers.
As a US-based company serving clients globally, we may transfer personal information across international borders. For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries, we implement appropriate safeguards to ensure adequate protection levels.
These safeguards include the use of Standard Contractual Clauses approved by the European Commission, reliance on adequacy decisions where applicable, and technical measures ensuring data protection regardless of processing location. Cloudflare, our primary infrastructure provider, maintains global data centers and implements similar transfer safeguards. For Enterprise tier clients, we can accommodate specific data localization requirements subject to technical feasibility and additional agreements.
Our data retention practices reflect our role as a data processor and our commitment to data minimization. For business client account information, we retain data for the duration of the service relationship and for a reasonable period thereafter as necessary for legal, tax, and business continuity purposes. This typically extends to seven years after account closure for financial records and as required by applicable law for other records.
For end-user information processed through our Services, we do not maintain permanent storage. Information is processed temporarily as necessary to complete the requested service action, such as pass creation, update, or notification delivery. Once the action is completed, the information is not retained in our systems. Our business clients, as data controllers, are responsible for determining retention periods for their end-user data.
Depending on your location and applicable law, you may have specific rights regarding personal information. These rights typically include the right to access personal information held about you, the right to rectification of inaccurate information, the right to erasure under certain circumstances, the right to restrict processing in specific situations, the right to data portability for information you have provided, and the right to object to certain processing activities.
For end users of passes created through our Services, these rights should be exercised directly with the organization that issued your pass, as they are the data controller. We will cooperate with our business clients to help them fulfill their obligations regarding data subject rights requests.
Our business clients can exercise their rights by contacting us at privacy@phleid.com. We will respond to requests within one month, with possible extensions for complex requests as permitted by law. We may request additional information to verify identity before processing any rights request.
For California residents, additional rights exist under the California Consumer Privacy Act (CCPA), including the right to know about personal information collected, used, disclosed, or sold, and the right to opt-out of any sale of personal information. We do not sell personal information as defined under the CCPA.
For EEA, UK, and Swiss residents, you have the right to lodge a complaint with your local supervisory authority if you believe our processing violates applicable data protection laws. You also have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects.
For Nevada residents, you have the right to opt-out of the sale of covered information under Nevada law. As we do not sell personal information, this right is not applicable to our Services, but you may still submit requests to privacy@phleid.com for confirmation.
Our Services are designed for business use and are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have processed personal information from a child under 16, we will take steps to delete such information promptly.
Our business clients are responsible for ensuring their use of our Services complies with age-related restrictions and parental consent requirements applicable to their end users. If you believe a child has provided us with personal information, please contact us immediately at privacy@phleid.com.
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify our business clients through their registered email addresses and update the effective date at the top of this policy.
Continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage regular review of this Privacy Policy to stay informed about our data processing practices.
For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
Phleid LLC
c/o Northwest Registered Agent Service, Inc.
8 The Green, Suite B
Dover, DE 19901
Email: privacy@phleid.com
For our EEA and UK clients and their end users:
EU Representative:
+1 728-230-0478
Data Protection Officer:
Email: dpo@phleid.com