Get started

Privacy Policy

Last updated: April 22, 2026 · Effective: January 1, 2026

At Flamingo Technologies, Inc. ("Flamingo," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and safeguard information when you use our Employer of Record (EOR) platform and related services.

1. Introduction & Scope

This Privacy Policy applies to all personal data processed through the Flamingo platform, website (flamingo.com), and related services. It covers data from:

  • Employers — companies that use Flamingo to hire and manage international employees
  • Employees — individuals employed through our EOR services
  • Website visitors — anyone who visits our website or interacts with our marketing materials
  • Contractors — independent contractors managed through our platform

2. Data Controller

Flamingo Technologies, Inc. is the data controller for personal data processed through our platform. In certain situations, Flamingo acts as a data processor on behalf of our employer clients, who remain the data controller for their employees' personal data.

For questions about our data practices, contact our Data Protection Officer at dpo@flamingo.com.

3. Data We Collect

3.1 Personal identification data

Full name, date of birth, nationality, government-issued identification numbers (passport, national ID, social security number), home address, email address, phone number, and photograph.

3.2 Employment data

Job title, department, employment start and end dates, employment contracts, work permits and visa information, performance records, and disciplinary records where required by local law.

3.3 Financial data

Salary and compensation details, bank account information, tax identification numbers, payroll records, benefits enrollment data, expense reports, and billing information for employer accounts.

3.4 Technical data

IP address, browser type and version, device information, operating system, referral source, pages visited, time spent on pages, and cookies (see Section 9).

4. How We Collect Data

  • Directly from you — when you register an account, complete onboarding forms, submit payroll information, or contact our support team
  • From your employer — when a company using our platform provides your employment information as part of the EOR onboarding process
  • Automatically — through cookies, analytics tools, and server logs when you use our platform or visit our website
  • From third parties — background check providers (with your consent), government databases for tax and compliance purposes, and identity verification services

5. Legal Basis for Processing

Under GDPR Article 6, we process personal data on the following legal bases:

  • Contract performance — processing necessary to fulfill our EOR service agreements, including payroll, benefits administration, and compliance obligations
  • Legal obligation — processing required by employment law, tax regulations, social security contributions, and mandatory reporting in each jurisdiction
  • Legitimate interest — improving our platform, fraud prevention, security measures, and internal analytics (balanced against your rights)
  • Consent — marketing communications, optional background checks, and non-essential cookies. You may withdraw consent at any time

6. Cross-Border Data Transfers

As an international EOR platform operating across 50+ countries, cross-border data transfers are inherent to our services. When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where the European Commission has recognized a country as providing adequate data protection
  • Binding Corporate Rules for intra-group transfers
  • Supplementary measures including encryption in transit and at rest, pseudonymization, and access controls

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. General retention periods:

  • Employment records — duration of employment plus the period required by local labor law (typically 3–10 years post-termination, varying by country)
  • Payroll and tax records — as required by local tax authorities (typically 5–10 years)
  • Account data — duration of the business relationship plus 2 years
  • Marketing data — until you unsubscribe or withdraw consent
  • Website analytics — 26 months from collection

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data (subject to legal retention obligations)
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restriction — request that we limit processing of your data in certain circumstances
  • Right to object — object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@flamingo.com. We will respond within 30 days. If we are acting as a data processor, we will redirect your request to the relevant data controller (your employer).

9. Cookies

We use cookies and similar tracking technologies to enhance your experience on our platform. Categories of cookies we use:

  • Strictly necessary — required for platform functionality, authentication, and security. Cannot be disabled.
  • Performance & analytics — help us understand how visitors use the platform so we can improve it. Includes tools like Google Analytics.
  • Functional — remember your preferences, language settings, and login status.
  • Marketing — used to deliver relevant advertisements and measure campaign effectiveness. Only placed with your consent.

10. Third-Party Service Providers

We share personal data with third-party service providers who help us deliver our Services. These providers are bound by data processing agreements and may only use your data for the specific purposes we instruct. Categories of providers include:

  • Cloud infrastructure and hosting providers
  • Payment processors and banking partners
  • Identity verification and background check services
  • Local payroll processing partners in each country
  • Benefits and insurance providers
  • Analytics and performance monitoring tools
  • Customer support and communication platforms

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • AES-256 encryption at rest and TLS 1.3 encryption in transit
  • Multi-factor authentication for all platform accounts
  • Role-based access controls with principle of least privilege
  • Regular security audits and penetration testing
  • SOC 2 Type II certification
  • Automated threat detection and incident response procedures

While we take extensive precautions, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@flamingo.com.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.

13. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know — what personal information we collect and how it is used and shared
  • Right to delete — request deletion of your personal information (subject to exceptions)
  • Right to opt-out — opt out of the sale of your personal information. Flamingo does not sell personal information.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email privacy@flamingo.com with the subject line "CCPA Request." We will verify your identity before processing any request.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

15. Contact & Data Protection Officer

For questions, concerns, or requests related to this Privacy Policy or your personal data:

  • General privacy inquiries: privacy@flamingo.com
  • Data Protection Officer: dpo@flamingo.com
  • Postal address: Flamingo Technologies, Inc., 123 Market Street, Suite 400, San Francisco, CA 94105, United States

If you are in the EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.