Who controls your data
FlexGuru Pty Ltd is the data controller for the personal information described in this policy. Contact us at privacy@flexguru.app for any privacy-related question, request, or complaint.
What we collect, in detail
We collect only what we need to run the service. The table below is the complete list, matching the columns in our production database. Anything not on this list, we do not store.
2.1 Account information
| Field | Purpose | Required |
|---|---|---|
| Email address | Sign-in, transactional email, support correspondence | Yes |
| Password (bcrypt hash, 12 rounds) | Sign-in — the plain-text password is never stored or logged | Yes |
| Full name | Display in the dashboard and on receipts | Yes |
| Country and timezone | Schedule blocks in your local time; route to the correct Amazon Flex region | Yes |
| Phone number | Optional 2FA delivery and SMS notifications, only when you opt in | Optional |
| Telegram user ID | Sending Telegram block-alert notifications, only when you connect the bot | Optional |
2.2 Amazon Flex session data
| Field | Purpose | Encryption |
|---|---|---|
| OAuth access token | Authenticating bot requests to Amazon’s driver API on your behalf | AES-256-GCM at rest |
| OAuth refresh token | Renewing your session without asking you to log in again | AES-256-GCM at rest |
| Device profile (model, OS, fingerprint) | Sending request headers that match a real Flex driver app — improves safety | JSON, AES-256-GCM at rest |
| Amazon instance ID | Maintaining one device-identity per user across bot restarts | AES-256-GCM at rest |
| Assigned residential proxy IP and session ID | Per-user sticky IP so Amazon sees a consistent location | AES-256-GCM at rest |
2.3 Activity and earnings data
| Field | Purpose |
|---|---|
| Bot state (running, paused, stopped) | Driving the worker schedule and showing your dashboard widgets |
| Filter configuration | Telling the bot which blocks to grab — only ones that match your criteria |
| Block history | Recording every offer we evaluated, with outcomes ACCEPTED / REJECTED / MISSED / FORFEITED / COMPLETED. Useful for both you and our safety-engine analytics. |
| Earnings | Calculating your total income and the 5% commission |
| Commission charges | Stripe charge IDs, dollar amounts, and status (succeeded / failed / refunded) |
| Audit log | A row per sensitive action (sign-in, settings change, refund, deletion) for security investigations |
2.4 Communication preferences
- In-app notifications shown in your dashboard.
- Email, Telegram, and SMS opt-in flags — we only send to channels you’ve explicitly enabled in settings.
- Support ticket history (subject, body, attachments, our replies). Stored for as long as your account is active.
2.5 Technical and security data
- IP address and approximate geolocation at sign-in (city/region, never street-level), used for security alerts and IP-reputation checks via ipinfo.io.
- Browser user-agent and platform, used for debugging and rate-limiting.
- Server-side request logs, retained 30 days, then anonymised.
How we use your information
- Operate the FlexGuru bot, dashboard, and notifications on your behalf.
- Authenticate sign-in attempts and enforce 2FA where you have enabled it.
- Charge commission via Stripe and issue receipts.
- Send service-related email (block accepted, session expired, billing receipt, security alert). These cannot be turned off because they are essential to the service.
- Send optional notifications (Telegram alerts, SMS, marketing newsletters) only when you have opted in.
- Improve our safety engine through aggregated analytics — no individual user’s session data is shared with third parties for analytics.
- Investigate fraud, abuse, or security incidents.
- Comply with legal obligations (tax records, lawful access requests, ACL compliance).
How we secure your data
- AES-256-GCM authenticated encryption at rest for all Amazon Flex tokens, device profiles, and proxy identifiers. Keys are stored in a separate secret-manager from the application database.
- bcrypt password hashing at 12 rounds. The plain-text password leaves your browser only over TLS to our auth endpoint and is never written to disk or to logs.
- TLS 1.2+ for all data in transit between your browser, our servers, and our processors. HSTS is enabled.
- JWT session tokens with short expiry; refresh tokens are rotated on every use.
- Principle of least privilege across our cloud infrastructure. The bot worker processes hold tokens only in memory; the database row is decrypted just-in-time and re-encrypted at the end of the run.
- Application logs are scrubbed of access tokens, refresh tokens, and password fields before being written.
Third-party processors
We engage the following sub-processors to deliver FlexGuru. Each handles only the data needed for its function, under a written data-processing agreement. We do not sell or rent personal information to advertisers or data brokers.
| Processor | Function | Data shared | Privacy policy |
|---|---|---|---|
| Stripe | Card and bank payments, commission charges, refunds | Name, email, billing address, last 4 of card (Stripe vaults the PAN — we never see it) | stripe.com/privacy |
| Resend | Transactional email (receipts, alerts, security notices) | Email address, message body | resend.com/legal/privacy-policy |
| Twilio | Optional SMS notifications (where enabled) | Phone number, message body | twilio.com/legal/privacy |
| Amazon SNS | Optional fallback SMS channel and pub/sub for worker events | Phone number (SMS only), event payloads (no PII) | aws.amazon.com/privacy |
| MessageBird | Optional SMS routing in regions Twilio doesn’t cover well | Phone number, message body | messagebird.com/privacy |
| Telegram | Optional bot-alert delivery (where you connect the FlexGuru bot) | Your Telegram user ID, message body | telegram.org/privacy |
| IPRoyal | Residential proxy pool for safe Amazon Flex requests | Outbound request metadata only (no account credentials) | iproyal.com/privacy-policy |
| Upstash | Redis cache, rate-limit counters, BullMQ job queue | Job payloads (no plain-text tokens), session keys | upstash.com/trust |
| Neon | Primary PostgreSQL database hosting | All data described in Section 2 (encrypted where listed) | neon.tech/privacy-policy |
| Vercel | Frontend and API hosting, edge caching | Request logs (30-day retention), no token data | vercel.com/legal/privacy-policy |
| AWS Lightsail | Worker VPS that runs the bot engine | Encrypted tokens in memory at run time, server-side logs | aws.amazon.com/privacy |
| ipinfo.io | IP-reputation and geolocation lookups at sign-in | Sign-in IP address only | ipinfo.io/privacy-policy |
Some processors are based outside Australia (Stripe and Twilio in the United States; Resend, Vercel, and others in the US/EU). By using FlexGuru you consent to your information being processed in those jurisdictions, subject to the safeguards in each processor’s privacy policy linked above.
Data retention
- Blocks and earnings: kept indefinitely while your account is active — these are your own driving records and we don’t want to take them away.
- Amazon session tokens: rotated continuously; the most recent valid pair is stored encrypted, all older ones are deleted within 24 hours of rotation.
- Audit log: 12 months, then permanently deleted.
- Server request logs: 30 days, then anonymised (IP truncated, identifiers removed).
- Soft-deleted accounts: If you request account deletion, we soft-delete immediately (the bot stops, the dashboard is locked, no further commissions can be charged) and fully anonymise the account 90 days later — replacing your name, email, phone, and tokens with null, and stripping personal identifiers from earnings rows that we retain for our own financial records. The 90-day window exists so you can change your mind and so we can complete any outstanding Stripe refunds.
- Tax and financial records: Where Australian tax law requires it (currently 7 years), we retain anonymised transaction records after account anonymisation. These records cannot be used to re-identify you.
Your rights
Under the Australian Privacy Act and similar laws in other regions, you have the right to:
- Access the personal information we hold about you. Most of it is already visible in the dashboard at /profile and /earnings. For anything else, email privacy@flexguru.app.
- Correct inaccurate information. Most fields are editable in the dashboard.
- Delete your account and personal data, self-service from the danger zone on the profile page. See Section 6 for what happens during the 90-day anonymisation window.
- Export your data in a portable format. The dashboard ships with a CSV export for blocks and earnings. A full data-export endpoint covering every category in Section 2 is on the engineering roadmap; in the meantime, email privacy@flexguru.app and we’ll send you a ZIP within 14 days.
- Withdraw consent for optional channels (SMS, Telegram, marketing email) at any time from /profile.
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. We’d prefer you tell us first so we can put it right.
Cookies and similar technologies
FlexGuru uses a small number of strictly-necessary cookies for sign-in session management and CSRF protection. We do not use third-party advertising cookies, cross-site tracking pixels, or session-replay scripts. Anonymous analytics, where enabled, run on first-party domains and do not set persistent identifiers.
Children
FlexGuru is not directed to people under 18. You must be old enough to hold a valid Amazon Flex driver account in your jurisdiction, and we do not knowingly collect data from minors. If you believe a minor has registered, please contact us so we can remove the account.
Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change we will email the address on your account and update the “Last updated” date. Continued use of FlexGuru after the effective date constitutes acceptance.