Privacy policy

Last updated: April 2026

1. Who we are

Flokk ("we", "us") operates flokk.dev, a managed PostgreSQL hosting service. We are a European company with infrastructure located exclusively in the EU.

2. What data we collect

Account data

When you register, we collect your email address, name (optional), and authentication credentials (password hash or passkey public key). If you sign in with GitHub, we receive your GitHub email and profile name.

Payment data

Payments are processed by Mollie B.V. (Amsterdam, Netherlands). We store your Mollie customer ID and subscription ID. We do not store credit card numbers, IBAN, or other payment instrument details — Mollie holds those directly.

Usage data

We collect database metrics (storage usage, connection counts, query statistics) for service operation and display in your dashboard. We log API requests (timestamp, endpoint, source IP) for security and debugging.

Customer database contents

We host whatever data you store in your PostgreSQL databases. We do not inspect, analyse, or access the contents of your databases except as necessary to operate the service (backups, replication, failover).

3. Legal basis

• Contract performance (Art. 6(1)(b) GDPR): account data, payment processing, service delivery.
• Legitimate interest (Art. 6(1)(f) GDPR): security logs, abuse prevention, service improvement.
• Consent (Art. 6(1)(a) GDPR): marketing emails (explicit opt-in only).

4. Data storage and residency

All data is stored in Frankfurt, Germany (UpCloud de-fra1 region). Data never leaves the European Union. There are no transatlantic transfers.

5. Sub-processors

See our sub-processor list for all third parties involved in delivering the service.

6. Retention

• Account data: retained while your account is active. Deleted within 30 days of account deletion.
• Database contents + backups: deleted within 30 days of database or account deletion.
• Invoices: retained for 10 years per German tax law (§ 147 AO).
• Security logs: retained for 90 days.

7. Your rights

Under GDPR you have the right to access, rectify, erase, restrict processing, data portability, and object. To exercise these rights, email privacy@flokk.dev.

8. Cookies

We use only strictly necessary session cookies (Ory Kratos session cookie). We do not use analytics, tracking, or advertising cookies. No consent banner is needed.

9. Contact

For privacy inquiries: privacy@flokk.dev