Privacy Policy
Last Updated: January 1, 2026
1) Overview
This Privacy Policy explains how RedFlagged (“we”, “us”, or “our”) collects, uses, and protects personal data when you use our website and services (the “Service”).
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2) What Data We Collect
We collect only the data necessary to operate and improve the Service.
- Account data: email address, name, and profile information provided via authentication providers (e.g. Google).
- Uploaded documents: contracts or other documents you upload for analysis.
- Usage data: scans performed, plan type, and feature usage.
- Payment metadata: subscription status, billing events, and invoices (processed by Stripe).
- Technical data: IP address, browser type, device information, and logs used for security and reliability.
We do not intentionally collect sensitive personal data such as government-issued IDs, health information, or full payment card numbers.
3) How We Use Your Data
Your data is used for the following purposes:
- To provide and operate the Service
- To analyze uploaded documents and generate results
- To manage subscriptions and payments
- To enforce usage limits and prevent abuse
- To improve accuracy, performance, and reliability
- To comply with legal obligations
4) Legal Basis for Processing (GDPR)
We process personal data under the following legal bases:
- Contract performance: providing the Service you request.
- Legitimate interests: improving security, preventing fraud, and enhancing the Service.
- Legal obligations: accounting, tax, and compliance requirements.
- Consent: where required, such as optional communications.
5) AI Processing & Uploaded Documents
Uploaded documents are processed automatically to generate analysis results. You retain ownership of your documents.
Documents may be temporarily processed by third-party AI providers (such as OpenAI) strictly to deliver the analysis. We do not use uploaded content to train public AI models.
You are responsible for ensuring you have the legal right to upload and process any document.
6) Payments & Stripe
Payments are processed by Stripe. We do not store full payment card details on our servers.
Stripe may process personal data in accordance with its own privacy policy.
7) Authentication Providers
We use third-party authentication providers (such as Google). These providers may process personal data according to their own privacy policies.
8) Data Retention
We retain personal data only as long as necessary to provide the Service, comply with legal obligations, and resolve disputes.
You may request deletion of your account and associated data, subject to legal retention requirements.
9) Data Sharing
We do not sell your personal data.
Data may be shared only with trusted service providers (such as hosting, authentication, analytics, and payment processing) and only to the extent necessary to operate the Service.
10) International Transfers
Some service providers may process data outside the European Union. Where this occurs, appropriate safeguards (such as standard contractual clauses) are used.
11) Security
We implement reasonable technical and organizational measures to protect personal data. However, no system is completely secure.
12) Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Request correction or deletion
- Restrict or object to processing
- Data portability
- Withdraw consent where applicable
- Lodge a complaint with a supervisory authority
13) Children’s Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.
14) Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by the “Last Updated” date.
15) Contact
For privacy-related questions or requests, contact us at support@redflagged.app.