Flarewatch
Your data

Data & Export

Everything Flarewatch stores, how to get a copy, and how to permanently delete it — including the encrypted vault.

Go to account settingsPrivacy policy
Section 1

What data we store about you.

Flarewatch stores the following data associated with your account:

Account identity

Email address, workspace name, workspace slug, signup timestamp, plan tier, and onboarding completion timestamp.

Authentication data

Supabase Auth user record (managed by Supabase). This includes your hashed password, session tokens, and enrolled TOTP factors (the factor seed is encrypted by Supabase — we cannot read it). Deleting your account removes this record.

Workspace & team data

Your tenant (workspace) record, memberships (user → tenant → role), pending team invitations, and notification preferences.

Sites & monitoring configuration

Every site you registered (name, URL, slug, status), probe definitions (HTTP/TLS/keyword/ping), and signal source configuration. All data is scoped to your tenant.

Operating-room data

Probe results (latency, status, detail), inbound distress signals (severity, title, payload), incident records and timeline events, metric time-series (traffic / revenue / signups / deliverability), metric baselines, escalation policies, alert mutes, alert dispatch records, and digest drafts.

Encrypted vault / BYO keys

Provider credentials you chose to store — Cloudflare API tokens, Supabase OAuth tokens, Stripe restricted-read keys, Resend API keys. Stored as AES-256-GCM ciphertext in Supabase; the Key Encryption Key (KEK) lives in Cloudflare Secrets. The database never contains plaintext. We display the last 4 characters and the scope label only.

Audit log

An immutable, tamper-evident record of every sensitive action: credential connect/reveal/rotate/use, incident state transitions, settings changes, and SQL console executions. Retained 1 year. Payload columns never contain plaintext credentials.

Push notification subscriptions

If you opted in to web push alerts, we store your browser's VAPID endpoint, p256dh key, and auth secret. These are deleted when you revoke the subscription or delete your account.

Billing

A Stripe customer ID and subscription status. Card details are held entirely by Stripe — we never see them.

Section 2

How to export your data.

You can export your data in the following ways:

Audit log export (CSV)

Agency-tier accounts can export the full audit log from Dashboard → Audit. The export is a CSV of every audit row in the selected date range.

Full data export (email request)

For a complete machine-readable export of all data Flarewatch holds about you (account, workspace, sites, incidents, metrics, vault metadata), email hello@flarewatch.dev with the subject line “Data export request”. We will respond within 30 days.

Note: vault exports contain metadata only (provider, scope, last4, timestamps) — not the encrypted ciphertext, which is not portable without the KEK.

Section 3

How to delete your account and data.

You have the right to have all your data deleted. You can do this self-serve from the account settings page.

Delete account — what happens

  1. Your tenant (workspace) is immediately soft-deleted. You are signed out and lose access.
  2. All encrypted vault credentials (ciphertext rows) are immediately deleted. There is no recovery.
  3. All site data, incidents, probe configurations, metrics, channels, and audit rows are scheduled for hard-deletion 30 days later.
  4. Your Supabase Auth user record (email, hashed password, MFA factors, sessions) is deleted immediately via the admin API.
  5. If you have an active Stripe subscription, it is cancelled at the end of the current billing period. Contact hello@flarewatch.dev for an immediate cancellation.
Go to account settings →

Delete individual vault credentials

From Dashboard → Connections, open any credential and click Delete. This immediately removes the ciphertext and wrapped DEK from the database — the secret is unrecoverable from that point.

Assisted deletion

If you cannot access the dashboard, or need us to delete data on your behalf, email hello@flarewatch.dev with the subject line “Account deletion request” from the email address registered on the account. We will process the request within 30 days.

Questions? hello@flarewatch.dev. For the full privacy policy see /privacy.