Privacy Policy

1) Overview

This Privacy Policy explains how RedFlagged (“we”, “us”, or “our”) collects, uses, and protects personal data when you use our website and services (the “Service”).

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2) What Data We Collect

We collect only the data necessary to operate and improve the Service.

• Account data: email address, name, and profile information provided via authentication providers (e.g. Google).
• Uploaded documents: contracts or other documents you upload for analysis.
• Usage data: scans performed, plan type, and feature usage.
• Payment metadata: subscription status, billing events, and invoices (processed by Stripe).
• Technical data: IP address, browser type, device information, and logs used for security and reliability.

We do not intentionally collect sensitive personal data such as government-issued IDs, health information, or full payment card numbers.

3) How We Use Your Data

Your data is used for the following purposes:

• To provide and operate the Service
• To analyze uploaded documents and generate results
• To manage subscriptions and payments
• To enforce usage limits and prevent abuse
• To improve accuracy, performance, and reliability
• To comply with legal obligations

4) Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Contract performance: providing the Service you request.
• Legitimate interests: improving security, preventing fraud, and enhancing the Service.
• Legal obligations: accounting, tax, and compliance requirements.
• Consent: where required, such as optional communications.

5) AI Processing & Uploaded Documents

Uploaded documents are processed automatically to generate analysis results. You retain ownership of your documents.

Documents may be temporarily processed by third-party AI providers (such as OpenAI) strictly to deliver the analysis. We do not use uploaded content to train public AI models.

You are responsible for ensuring you have the legal right to upload and process any document.

6) Payments & Stripe

Payments are processed by Stripe. We do not store full payment card details on our servers.

Stripe may process personal data in accordance with its own privacy policy.

7) Authentication Providers

We use third-party authentication providers (such as Google). These providers may process personal data according to their own privacy policies.

8) Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, and resolve disputes.

You may request deletion of your account and associated data, subject to legal retention requirements.

9) Data Sharing

We do not sell your personal data.

Data may be shared only with trusted service providers (such as hosting, authentication, analytics, and payment processing) and only to the extent necessary to operate the Service.

10) International Transfers

Some service providers may process data outside the European Union. Where this occurs, appropriate safeguards (such as standard contractual clauses) are used.

11) Security

We implement reasonable technical and organizational measures to protect personal data. However, no system is completely secure.

12) Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Data portability
• Withdraw consent where applicable
• Lodge a complaint with a supervisory authority

13) Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

14) Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by the “Last Updated” date.

15) Contact

For privacy-related questions or requests, contact us at support@redflagged.app.