Privacy Policy Flattr

Privacy Policy

Privacy Policy for Flattr

This Privacy Policy describes Flattr's information practices for our website and browser extension. We take your privacy seriously and want you to understand exactly what information we collect, how we process that information, which pieces of information you can request us to remove, and how to contact us about this policy. Please read this policy carefully.

  1. What kind of personal data do we process?

    • When you visit the Flattr website:
      • We collect unique ID, logging of some of the button clicks on our website (clicking download, for example), user event logging data and transaction data. When the Flattr extension communicates with our servers, we receive the computer’s IP address but we do not use this information to personally identify you or collect any other personally identifiable information without your explicit consent..
    • When you set up a subscription on Flattr website and enable the extension function:
      • We collect and store your account information including email address,, unique ID, logging some of the button clicks (payment, download buttons), user event logging, transaction data, voluntary data you provide to initiate refund requests, excluding the credit card number given during the payment process. Flattr does not handle or have access to full credit card numbers, bank account details or payment account login information. The payment processor stores and uses the data you provide them differently. (Flattr uses Stripe as a payment processor when you initiate a subscription. To learn more about their data collection policies, please consult its privacy policy).

  2. How do we process your data?

    • When you subscribe to our website
    • Contact form
    • Cookies

  3. Why do we process your data?

    • To provide our services to you.
    • To initiate refunds upon your request.

  4. How do we disclose collected information?

    • Your information is not for sale

      Flattr never has and never will sell your personal information to any third party without your consent.

    • Flattr discloses personal information as part of business development

      As part of the further development of our business, it may happen that the structure of Flattr AB changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions user information may be shared with the transmitted part of the company. In the event of a transfer of personal information Flattr AB will ensure that it is done in accordance with this privacy policy and the GDPR and applicable EU laws.

    • Flattr uses external services that may require you to enter personal information.

      We currently use Stripe (privacy policy https://stripe.com/en-gb-de/privacy) for payment processing. Flattr may use more services in the future and when we do, we will update our privacy policy. We do not control the data on these external services and can not remove or delete the data; any data given to external services is not bound by this policy, and you should read the external service's privacy policy before providing any information. We will not transfer your personal data to third parties as a matter of course without letting you know in advance. We will ask for your prior permission unless the transfer of such data is permitted by GDPR or any other applicable EU laws.

  5. How long do we keep data?

    User Account data and transaction data will be retained for 60 days after expiration or termination of customer’s subscription so that customer may extract the data. Flattr will disable the customer's account and delete the data immediately upon expiration of the 60 days period.

Data security

All personal and usage information that Flattr collects is stored in our databases and Flattr takes reasonable steps to keep it secure. That said, no database or server is 100% secure and we cannot guarantee the absolute security of your data in our system or while being transmitted over the Internet. Our best effort is given, but you use Flattr’s website and browser extension at your own risk.

What is the legal basis?

We collect and process your personal information in compliance with the GDPR and the applicable EU laws.

  • Collection and processing is based on your consent: Art. 6 (1) a GDPR, Art. 4 (11) GDPR

    We will always ask for your consent to collect and process your personal information for the aforementioned specific purposes, unless the collection and processing of your personal information is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal information for the aforementioned specific purposes, you have the right to withdraw your consent at any time.

  • Collection and processing is necessary for taking steps prior to enter into a contract: Art. 6 (1) b GDPR

    All data you provide us with in connection with the use of Flattr is necessary for the sole purpose of providing you with our services. The collection and processing of your personal information is necessary for the performance of a contract to which you are a party. Prior to entering into such a contract, the collection and processing of your personal information may also be necessary in order to take steps at your request. This applies for installation and the use of our extension as well as to facilitate payment processing to subscribe to our extension.

  • Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject: Art. 6 (1) c GDPR

    Collection and processing of your personal information may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.

  • Collection and processing is necessary for the purposes of our legitimate interests: Art. 6 (1) f GDPR

    The collection and processing of your personal information may be necessary for the purposes of our legitimate interests. We may collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Ensuring the security of our extension is in your and our vital interest and therefore we may use data processed via subscription downloads, extension update checks, emergency notifications and feedback data. Furthermore, we may collect and process such data to ensure that our website and extension are constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. Ensuring the usability of our websites and of our extension is in your and our vital interest and therefore we may use such data for the above mentioned purposes.

International data transfers

Whenever there is transfer of personal data outside the European Union, we contractually require the service provider to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws. We ensure the service provider provides sufficient guarantees to ensure an adequate level of data protection and may only use the personal data for the purposes stipulated by us and in accordance with our instructions, including entering into the EU Standard Contractual Clauses as per the European Commission Decision 2021/914.

We use external service provider tools for payment processing services. This service is provided by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. We have entered into a data processing agreement with Stripe including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:privacy@flattr.com.

We use external service provider tools for domain name services. This service is provided by Cloudflare, Inc., 701 Townsend St., San Francisco, CA 94107 (USA). We have entered into a data processing agreement with Cloudflare including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:privacy@flattr.com.

We use external service provider tools for email delivery and management. This is provided by Twilio Inc., a Delaware corporation, with a place of business at 101 Spear Street, 5th Floor, San Francisco, California, 94105, United States of America. We have entered into a data processing agreement with Twilio including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:privacy@flattr.com.

We use external service providers for account verification, protection against overload attacks and web application hosting (Firebase). These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement mailto:privacy@flattr.com

What rights do you have?

In compliance with the GDPR and the applicable EU laws and to the extent legally permitted, you have the following rights to protect your personal information collected and processed by us:

  • Information, access, rectification and restriction rights

    Naturally you have the right to receive, upon request, information about the personal information stored by us about you and information about how we collect, process and store your personal information. Where that is the case, you have the right to gain access to such personal information stored by us. You have the right to request from us the rectification of your inaccurate personal information. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal information completed. You have the right to request restriction of processing.

  • Right to data portability

    You also have the right (1) to receive all personal information concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.

  • Right to erasure of your data

    You have the right to demand from us the erasure of your personal information, where – inter alia – one of the following grounds applies:

  • If we no longer need your personal information for the aforementioned purposes.

  • If you withdraw your consent on which the collection and processing is based and where there are no other legal grounds for the collection and processing.

  • If you object to the collection and processing and there are no overriding legitimate grounds for the collection and processing.

    Please note, if data needs to be retained for legal purposes pursuant to Art. 17 (3) GDPR, we will restrict the use of the respective data.

  • Right to lodge a complaint with a supervisory authority

    You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal information relating to you infringes the GDPR.

  • Right to object to the processing of your data

    You have the right to object at any time to the collection and processing of your personal information on grounds relating to your particular situation, when collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).

  • Right to withdraw your consent at any time

    You have the right to withdraw your consent at any time, when you have provided us with your consent to the collection and processing of your personal information for one or more specific purposes. You can revoke your consent at any time with future effect by sending a message to us via www.flattr.com/contact.

How to exercise your rights

To exercise your rights, please contact us here.

Flattr AB
Box 4111
20312 Malmö
Sweden

Contact our Data Protection Officer

If you have any questions regarding your personal data, please contact our Data Protection Officer by email:

Carlo Piltz

Email: privacy@flattr.com

California Privacy Notice

This section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.

“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

What Personal Information we collect and how we use it

In order to provide you with our products and services (“Products”), we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided above. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:

  • Identifiers; and
  • Subscription information

We may have collected these categories of Personal Information for the following business purposes:

  • To evaluate and improve our Product;
  • To facilitate transactions in connection to your use of our Product;
  • To provide limited analytic services;
  • To communicate with you;
  • To ensure security and functionality of our Product; and
  • To perform other business purposes.

How we share Personal Information:

Subject to the limitations in this Privacy Policy, we share your Personal Information with external vendors (“Service Providers”) that are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than the specific business purposes described in the contract. These Service Providers include:

  • Service providers that protect against overload attacks ensuing that our website and application remain available and responsive to our users; and
  • Service providers that facilitate payment in connection with your subscription of our Product.

Sources from which we collect Personal Information

We receive Personal Information from you, our websites, and our external service providers. The categories of sources from which we have collected or received Personal Information include:

  • You/Your Flattr accounts: We collect information to register and verify your account, to comply with applicable fraud, money laundering, and anti-terrorism regulations. We may also collect information about any information that you volunteer to improve our Products.
  • Our Websites: We collect information about how you interact with and use our websites. We also collect information related to your Flattr account and any affiliate programs that you participate in.
  • Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including, customer service and hosting of Products.

What are your rights under the CCPA?

The CCPA provides you with the following rights:

  • Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
  • Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity.

Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.

To exercise any of these rights, please submit a request to privacy@flattr.com.

Contact for more information

If you have any questions about this section or how to exercise your rights under the CCPA, please contact us.

Changes and updates to the Privacy Policy

As our Services evolve, we may change this Privacy Policy from time to time. The respective current version is available at https://flattr.com/privacy. We encourage you to check the Privacy Policy frequently to see if it has changed.

Last updated: 2023-07-24