Privacy Policy

Last updated on April 7, 2026.

Floral ApS (“Floral,” “we,” “us,” or “our”) is a company registered in Denmark (CVR 44598574) with its registered address at Vesterbrogade 29, 1620 Copenhagen V, Denmark. We are committed to protecting your privacy and processing your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website at floral.so, our web application, our mobile applications for iOS and Android (collectively, the “Services”).

1. Data controller

Floral ApS is the data controller for the personal data processed through the Services. If you have questions about our data processing, you can contact us at:

Floral ApS
Vesterbrogade 29
1620 Copenhagen V, Denmark
Email: [email protected]

2. Information we collect

2.1 Information you provide

  • Account information: When you create an account, we collect your name, email address, and other details you choose to provide.
  • Payment information: If you purchase a subscription, payment is processed by our third-party payment provider. We do not store your full payment card details.
  • Audio recordings and transcriptions: Our mobile applications may record and transcribe audio from meetings and conversations with your consent. The audio data is processed to generate transcriptions and insights. Audio recordings are processed in accordance with section 5 below.
  • Communications: When you contact us, we collect the content of your messages and any information you choose to provide.

2.2 Information collected automatically

  • Device and usage data: We collect information about the device and browser you use, including IP address, operating system, browser type, language preferences, and general usage data such as pages viewed and features used.
  • Cookies and similar technologies: We use cookies and similar technologies as described in our Cookie Policy.

2.3 Information from third parties

We may receive information from third-party integrations you connect to your account, such as CRM systems or calendar services, in order to provide the Services.

3. Legal basis for processing

We process your personal data on the following legal bases under GDPR Article 6(1):

  • Contract (Art. 6(1)(b)): Processing necessary to provide the Services and fulfill our contractual obligations to you.
  • Legitimate interest (Art. 6(1)(f)): Processing for purposes such as improving the Services, preventing fraud, and ensuring security, where our interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Where you have given consent, such as for audio recording and transcription, or for marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, such as tax and accounting requirements.

4. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Process audio recordings and generate transcriptions and meeting insights
  • Process payments and manage subscriptions
  • Send you service-related communications
  • Send marketing communications (with your consent)
  • Analyze usage to improve user experience
  • Detect, prevent, and address security issues and abuse
  • Comply with legal obligations

5. Audio recording and transcription

Our iOS and Android applications include functionality to record and transcribe audio from meetings and conversations. This feature requires your explicit consent before activation.

  • Consent: Audio recording is only initiated with your active consent. You must inform all participants that the meeting is being recorded, and it is your responsibility to comply with applicable local laws regarding recording consent.
  • Processing: Audio data is transmitted securely to our servers (or third-party processing providers) for transcription. Transcriptions are associated with your account.
  • Storage: Audio recordings are retained only as long as necessary to complete transcription and are deleted automatically thereafter, unless you choose to retain them.
  • Deletion: You may delete transcriptions from your account at any time. You may also request deletion of all associated data by contacting us at [email protected].

6. Sharing of information

We do not sell your personal data. We may share information with:

  • Service providers: Third-party providers who process data on our behalf (e.g., hosting, analytics, payment processing, audio transcription), bound by data processing agreements.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

7. International data transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

8. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. When data is no longer needed, it is securely deleted or anonymized. Specific retention periods vary based on the type of data and the purpose of processing.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Rectification: You may request correction of inaccurate or incomplete data.
  • Erasure: You may request deletion of your personal data. To request deletion of your account and all associated data, contact us at [email protected].
  • Restriction: You may request that we restrict processing of your data in certain circumstances.
  • Portability: You may request to receive your data in a structured, commonly used, machine-readable format.
  • Objection: You may object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk or with your local supervisory authority.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children's privacy

The Services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the Services after changes constitutes acceptance of the updated policy. For material changes, we will notify you via email or through the Services.

13. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at:

Floral ApS
Vesterbrogade 29
1620 Copenhagen V, Denmark
Email: [email protected]