← Back to Flarekit

Privacy policy

Last updated: May 26, 2026. This policy explains what data Flarekit collects, why, and how to delete it.

Who we are

Flarekit (flarekit.io) is a SaaS that lets product teams publish changelogs and notify their users. We're the data controller for your account data, and the data processor for the end-user data your customers send through our widget.

What we collect

Account data

• Your name, email, and password hash (used for sign-in).
• Project metadata: name, slug, custom domain, API keys.
• Billing data via Stripe (Stripe stores card data; we only see the customer id and subscription status).

End-user data (sent through the widget)

• An anonymous UUID stored in localStorage for session continuity.
• Optional: a user id and traits you explicitly pass via Flarekit.identify().
• Post views, reactions, and link clicks tied to that UUID or user id.

Email subscribers

• Email address, locale, IP at signup time.
• Email open / click / bounce events from Resend.

Why we collect it

• To deliver the product (Article 6(1)(b) GDPR — contract).
• To send transactional emails (confirmation, your customers' email blasts).
• To detect abuse and protect the service.

Who we share data with

• Stripe — payments.
• Resend — transactional + bulk email.
• Cloudflare — DNS, CDN, custom-domain SSL.
• Hetzner — application hosting (EU region).
• Sentry — error tracking (no end-user PII attached to traces).

How long we keep it

• Account data: until you close your account, plus 90 days for backups.
• End-user events: 13 months in the raw events partition, indefinitely as daily aggregates.
• Email subscriber data: until the subscriber unsubscribes or hits the GDPR delete endpoint.

Your rights

Subscribers can export their full data and delete it using token-protected endpoints linked from every email — see the unsubscribe footer. Account owners can email hi@flarekit.io any time to request a full export or erasure.

Cookies

The Flarekit widget uses one localStorage entry to remember an anonymous UUID — no cookies, no tracking pixels. The marketing site and admin panel use a session cookie required for authentication.

---

Questions? hi@flarekit.io