← Back to home

Privacy Policy

Last updated: March 5, 2026

1. Who We Are

Flagr is a product of KreaRise (“we”, “us”, “our”), a company registered in France. Our website is flagr.io. For any questions, contact us at contact@krearise.com.

2. Data We Collect

2.1 Account Data (Admin Users)

When you create an account, we collect your email address and a hashed password via Supabase Auth. We also store your organization name.

2.2 Reviewer Data (Clients)

Reviewers do not need an account. We may collect a name and email if provided by the admin when creating a session. We also capture browser user-agent, viewport dimensions, console logs, network error metadata, and DOM-level session replays during the review.

2.3 Annotation Data

Comments, screenshots, drawing coordinates, and tag metadata attached to annotations.

2.4 Billing Data

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID but never store credit card numbers.

2.5 Analytics

We use Vercel Analytics (privacy-friendly, no cookies) and Google Tag Manager. Sentry is used for error monitoring.

3. How We Use Your Data

  • Provide and operate the Flagr service
  • Process billing and manage subscriptions
  • Send transactional emails (session invitations) via your own SMTP or our default sender
  • Monitor and improve service reliability (error tracking, performance)
  • Respond to support requests

We do not sell your data to third parties.

4. Legal Basis (GDPR)

  • Contract performance — Processing necessary to provide the service you signed up for
  • Legitimate interest — Error monitoring, security, fraud prevention
  • Consent — Marketing communications (if any, opt-in only)

5. Data Storage & Security

Data is stored on Supabase (PostgreSQL) and Vercel infrastructure. Screenshots and replay data are stored in Supabase Storage buckets. All connections use TLS encryption. Row Level Security (RLS) is enforced on all database tables.

6. Data Retention

Review session data (annotations, screenshots, replays) is retained according to your plan tier:

  • Free: 30 days
  • Solo: 90 days
  • Pro: 6 months
  • Team: 1 year

Expired data is automatically deleted. Account data is retained until you delete your account.

7. Third-Party Services

  • Supabase — Database, auth, storage
  • Vercel — Hosting, serverless functions, analytics
  • Stripe — Payment processing
  • Sentry — Error monitoring
  • Google Tag Manager — Analytics (configurable)

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, email us at contact@krearise.com.

9. Cookies

Flagr uses essential cookies for authentication (Supabase session). We do not use advertising cookies. Vercel Analytics is cookie-free. Google Tag Manager may set cookies depending on your GTM configuration.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of Flagr after changes constitutes acceptance.

11. Contact

For any privacy-related questions or requests: contact@krearise.com