Privacy
Policy

This Privacy Policy applies to all users of the MerchButler.AI website and conversational AI service operated by Flywheel Brands, Inc. ("Flywheel," "we," "us," or "our"). By using MerchButler.AI, you agree to the practices described in this Privacy Policy.

MerchButler.AI is an AI-powered merch concierge that helps users discover promotional products and apparel. This policy covers all data collected through the chat interface, product search, order submission, and administrative features.

Information you provide directly:

• Name, email address, phone number, and business name (when submitting an order request)
• Mailing address (if provided for shipping purposes)
• Chat messages and conversation content
• Brand assets and logos you upload for mockup generation
• Product preferences, budget, timeline, and event details shared during conversations

Information collected automatically:

• Device and browser information (user agent, screen resolution)
• Approximate geolocation (city, region, country) derived from IP address
• Pages visited and interaction patterns
• Cookies and similar tracking technologies (see Section 5)

Information from third-party services:

• AI model responses from Anthropic (Claude) used to power conversations
• Product data from our supplier partners (HIT Promotional Products, PCNA, SanMar)
• Analytics data from Vercel and Google Analytics

We use the information we collect to:

• Provide and improve the MerchButler.AI service, including AI-powered product recommendations
• Process and fulfill your merchandise order requests
• Generate product mockups using your uploaded brand assets
• Communicate with you about your orders and account
• Send order confirmations and internal notifications to our sales team
• Analyze usage patterns to improve the service
• Prevent fraud and ensure security
• Comply with legal obligations

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: When you voluntarily submit your contact information or upload brand assets
• Legitimate interest: To improve our service, analyze usage patterns, and prevent fraud
• Contractual necessity: To process and fulfill your merchandise order requests
• Legal obligation: To comply with applicable laws and regulations

MerchButler.AI uses cookies and similar technologies to:

• Essential cookies: Maintain your session, remember conversation state, and authenticate admin users
• Analytics cookies: Understand how visitors use our service (via Vercel Analytics and Google Analytics)
• Functional cookies: Remember your preferences, such as visitor ID for conversation continuity

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the chat interface.

We do not sell your personal information. We may share your data with:

• Flywheel Brands sales team: Your order requests, contact information, and conversation summaries are shared with our internal team to fulfill your merchandise order
• AI service providers: Conversation content is processed by Anthropic (Claude) to generate responses. Anthropic's data handling is governed by their privacy policy
• Infrastructure providers: We use Vercel (hosting), Supabase (database), OpenAI (search embeddings), and Resend (email delivery)
• Product suppliers: We may share order details with our supplier partners to fulfill your merchandise requests
• Legal requirements: We may disclose information if required by law, subpoena, or legal process

We retain your data as follows:

• Conversation data: Retained for up to 12 months for service improvement and order reference
• Contact information: Retained as long as needed to fulfill your order and for follow-up communications
• Brand assets and mockups: Stored in Supabase Storage for up to 90 days after the last conversation activity
• Analytics data: Aggregated usage statistics are retained indefinitely; individual session data is retained for 12 months
• Debug logs: Conversation debug logs are automatically deleted after 60 days

You may request deletion of your data at any time by contacting us (see Section 12).

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted to and from our servers
• Encryption at rest for database storage (Supabase managed PostgreSQL)
• Access controls and authentication for administrative functions
• Regular security assessments and dependency updates
• Secure credential management via environment variables (never hardcoded)

No method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

MerchButler.AI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

Your data may be transferred to and processed in the United States, where our servers and service providers are located. If you are accessing MerchButler.AI from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

For users in the EEA, we rely on Standard Contractual Clauses and other legally approved mechanisms to ensure adequate protection for international data transfers.

Our service may contain links to third-party websites, including product supplier sites and social media platforms. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request a machine-readable copy of your data
• Objection: Object to processing based on legitimate interests
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw previously given consent at any time

California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, please contact us at privacy@flywheelbrands.com.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page with a revised "Effective date." Your continued use of MerchButler.AI after the posting of changes constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Flywheel Brands, Inc.
2111 Hamill Rd
Hixson, TN 37343
Email: privacy@flywheelbrands.com
Phone: (706) 515-5248