Privacy Policy

Last updated: May 2026  ·  Flex Embedded, Inc. d/b/a FlexProtect


1. Who We Are

FlexProtect is operated by Flex Embedded, Inc. ("FlexProtect", "we", "us", or "our"), a company that provides embedded warranty insurance products underwritten by AIG. Our services are available through our Shopify application and the website at flexprotect.ai.

For questions about this policy, contact us at:


2. Information We Collect

From Customers (warranty purchasers)

From Merchants (Shopify store owners)

Automatically collected


3. How We Use Your Information


4. How We Share Your Information

We share personal information only as necessary to provide our services:

We do not sell personal information. We do not share personal information with third parties for advertising purposes.


5. Data Retention

FlexProtect issues insurance contracts regulated under state insurance law. Warranty and insurance records must be retained for regulatory, legal, and contractual compliance — typically 5–7 years depending on jurisdiction. We are required by law to retain this data even if you request deletion.

Non-insurance personal data (such as portal session tokens and server logs) is retained for a shorter period consistent with operational needs, typically 90 days.


6. Your Privacy Rights

Customers (warranty purchasers)

Depending on where you live, you may have rights under applicable privacy law (including GDPR, CCPA/CPRA, and similar state laws) to access, correct, or request deletion of your personal data. To exercise these rights, contact us at .

Important limitation: The right to erasure does not apply where retention is required by law. Because warranty contracts are regulated insurance records, we are obligated to retain contract data for the period required by applicable insurance regulations, even upon a deletion request (GDPR Art. 17(3)(b)/(e); CPRA §1798.105(d)). We will acknowledge your request and flag your record accordingly.

Merchants (Shopify store owners)

Shopify provides mandatory data request and deletion webhooks. When FlexProtect receives a data request from Shopify on your behalf, we log and acknowledge it. Insurance contract records are retained as described above. Non-contract merchant data can be addressed by contacting us directly.


7. Data Security

We use industry-standard security practices including TLS encryption for all data in transit, encrypted secrets management via fly.io, and no storage of full payment credentials. Bank account information is handled exclusively by Stripe and Plaid, who are PCI-compliant.

Despite these measures, no system is completely secure. If you believe your information has been compromised, contact us immediately at .


8. Cookies and Tracking

The FlexProtect customer portal uses a session cookie solely to maintain your authenticated session. We do not use tracking cookies, advertising pixels, or third-party analytics on our portal. The main marketing website (flexprotect.ai) does not set any tracking cookies.


9. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us at and we will delete it promptly.


10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via email to active merchants.


11. Contact Us

For any privacy-related questions, requests, or concerns:
Flex Embedded, Inc. d/b/a FlexProtect