Legal

Privacy Policy

What we collect, why we collect it, and how we protect it — including the encrypted vault that holds your BYO provider credentials.

Effective 5 June 2026Updated 5 June 2026

Section 1

Who we are.

Flarewatch is a software-as-a-service product operated as a sole-trader business. The service is reachable at flarewatch.dev. For privacy enquiries, contact hello@flarewatch.dev. For security matters, use security@flarewatch.dev.

Flarewatch is a “unified operating room” for boutique agencies and solo developers managing 5–30 client sites. The product fuses tech vitals (uptime, latency, probe results), business vitals (Cloudflare traffic, Stripe revenue, Supabase signups, Resend deliverability), and distress response (incidents, escalation, client digests) into a single dashboard.

The instructions on this page apply from the effective date above. We will update it when our practices change and email active account holders of material changes.

Section 2

Data we collect and why.

We collect the minimum data necessary to provide the service.

Account identity

Your email address (used as your sign-in identity via Supabase Auth). We also store a derived workspace slug and the timestamp of your signup. We do not collect your real name, phone number, or postal address.

Authentication & session data

Supabase Auth session tokens (JWT + refresh token) stored in a secure, HttpOnly cookie. A TOTP MFA factor is enrolled on first login — Flarewatch mandates two-factor authentication for every account. The encrypted factor seed is held by Supabase; we cannot read it.

Dashboard & operating-room data

All data you register inside Flarewatch: site names and URLs, probe configurations, incident records and timeline events, metric time-series (traffic, revenue, deliverability signals), alert channels, escalation policies, digest drafts, and the tamper-evident audit log. This data is scoped to your tenant and never shared with other tenants.

BYO-key encrypted vault

Provider credentials you choose to store (Cloudflare API tokens, Supabase OAuth tokens, Stripe restricted-read keys, Resend API keys). Each secret is envelope-encrypted: the plaintext secret is encrypted with a per-tenant Data Encryption Key (DEK, AES-256-GCM); the DEK is wrapped by a Key Encryption Key (KEK) held in Cloudflare Secrets — never in our database. Supabase stores only ciphertext. We store the last 4 characters of each credential for identification; the plaintext is never logged, cached, or returned to the browser. See /security for the full vault design.

Monitored incident & status data

Probe results (latency, status codes, cert expiry), raw distress signals pushed by your CI or AI agents, and incident lifecycle events. This data relates to the sites you register — not to third parties' users.

Billing information

Billing is handled entirely by Stripe. We receive a Stripe customer ID and subscription status; we never see or store your card number or bank details.

Service logs

Cloudflare Worker and Edge Function request logs (IP, method, path, status, latency). These are retained for up to 30 days for debugging and security purposes. Logs never contain decrypted credentials.

Section 3

Legal basis for processing.

We rely on the following legal bases under GDPR and applicable privacy law:

ContractProcessing your email, session, workspace, and dashboard data to provide the service you signed up for (Art. 6(1)(b) GDPR).
Legitimate interestSecurity logging, fraud prevention, and service debugging (Art. 6(1)(f) GDPR). We only retain the minimum log data required.
Legal obligationRetaining billing records where required by tax law.

We do not process personal data for advertising, sell data to third parties, or use it for any purpose beyond operating Flarewatch.

Section 4

Sub-processors we actually use.

The following third-party sub-processors handle personal data on our behalf. We only list services actually present in the product — we don’t pad this list.

SupabasePrivacy policy →

Auth, database (PostgreSQL + RLS), and Edge Functions. Stores account credentials, dashboard data, encrypted vault ciphertext, and the audit log. Infrastructure: AWS.

CloudflarePrivacy policy →

CDN, Workers (Next.js runtime), R2 storage, and Cloudflare Secrets (holds the vault KEK). Service-request logs, caching, and DDoS protection.

StripePrivacy policy →

Payment processing and subscription management. Receives your billing details directly. We store only the customer ID and subscription status.

ResendPrivacy policy →

Transactional email (account confirmation, incident alerts, digest delivery). Receives the recipient email address and the email body.

We do not use OpenAI, Anthropic, or any other large-language-model API in the current production build. If we add an AI narrative feature, this section will be updated before the feature ships.

Section 5

The BYO-key encrypted vault — specific protections.

The vault is the most sensitive part of Flarewatch. Here is exactly what we do:

Keys encrypted at rest.Every credential is encrypted with AES-256-GCM before it is written to the database. Supabase (and any database backup) only ever contains ciphertext.
KEK outside the database.The Data Encryption Key (DEK) is itself wrapped by a Key Encryption Key (KEK) stored in Cloudflare Secrets — a separate system from the database. A database dump is useless without the KEK.
No plaintext in logs or browser.Decryption happens exclusively inside a short-lived Worker or Edge Function invocation. The plaintext credential is never logged, cached, queued, returned to the browser, or written anywhere.
UI shows last 4 only.The dashboard displays the last 4 characters of each credential and its scope label — nothing more. Revealing the full key requires a fresh MFA step-up (AAL2).
Deletion wipes ciphertext.Deleting a credential row removes the ciphertext and wrapped DEK from the database. The KEK rotation schedule (quarterly) then makes the deleted key unrecoverable even from backups.

Full technical detail is in the security architecture.

Section 6

Data retention.

Account & workspace dataUntil you delete your account + 30-day grace period.

Dashboard / operating-room dataUntil you delete the workspace or the specific site. Hard-delete runs 30 days after soft-delete.

Encrypted vault credentialsUntil you delete the credential. Wiped immediately on deletion.

Audit log1 year. Agency-tier accounts can export before expiry.

Probe results & metric time-series90 days by default. Agency-tier configurable.

Service (request) logsUp to 30 days on Cloudflare infrastructure.

Billing recordsAs required by applicable tax law (typically 7 years), held by Stripe.

Section 7

Security measures.

Flarewatch is built security-first. Key measures:

Mandatory two-factor authentication (TOTP / 2FA) on every account. There is no way to use Flarewatch without enrolling MFA.
AAL2 step-up required to reveal or rotate a credential, use the SQL console, or perform any provider write action.
Row-Level Security (RLS) on every Supabase table. The default policy is DENY; access is granted per-tenant only.
Tamper-evident audit log with a chained prev-row hash, FORCE RLS, and nightly Worker verification.
Short-lived EdDSA-signed JWTs for MCP API access, with per-request tenant rebinding.
Envelope encryption for all vault secrets (AES-256-GCM + KEK outside the database).
All traffic is served over TLS. Cookies use HttpOnly, Secure, and SameSite=Lax.

Full detail is on the security architecture page.

Section 8

Your rights.

Under GDPR and applicable law you have the right to:

Access — see what personal data we hold about you.
Rectification — correct inaccurate data.
Erasure — request deletion of your personal data.
Portability — receive your data in a machine-readable format.
Restriction — ask us to stop certain processing while a dispute is live.
Objection — object to processing based on legitimate interests.

You can exercise most of these rights self-serve from the dashboard. See /data for export and deletion instructions. For anything else, email hello@flarewatch.dev. We will respond within 30 days.

Section 9

How to delete your data.

Self-serve account and data deletion is available from the account settings page. Deleting your account:

Immediately soft-deletes your tenant, all sites, and all associated data.
Immediately wipes all encrypted vault credentials (ciphertext deleted).
Hard-deletes all remaining data 30 days later.
Removes your Supabase auth user record.

For full instructions see Data & export. If you need assisted deletion, email hello@flarewatch.dev.

Section 10

Contact & complaints.

General enquiries: hello@flarewatch.dev

Security matters (vulnerability disclosure, suspected breach): security@flarewatch.dev

You also have the right to lodge a complaint with your national data protection authority if you believe your data has been processed unlawfully.

This policy was last updated on 5 June 2026. If you have a question not answered here, please email hello@flarewatch.dev.