Privacy Policy

Welcome to RedFlag - Detector ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using RedFlag - Detector, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2.1 Account Information
When you create an account, we collect:

• Email address (required for account creation and communication)
• Display name or username (optional)
• Password (encrypted and hashed - we never store plain text passwords)
• Account preferences and settings
• Subscription status (Free or Premium)

2.2 Conversation Data
IMPORTANT - Zero-Storage Policy:

• Conversations you submit for analysis are processed in real-time and immediately deleted after analysis
• We do NOT store conversation content on our servers
• Conversations are encrypted during transmission (TLS/SSL)
• Conversations are temporarily sent to AI providers (OpenAI, Anthropic) for processing, then deleted from their systems as per their data retention policies
• Only anonymized metadata is retained (e.g., analysis count, timestamp, risk score - without conversation content)

2.3 Usage Information
We collect limited usage data to improve the Service:

• Number of analyses performed
• Feature usage patterns (which features you use)
• App version and device type (iOS/Android)
• Language preference
• Analysis results metadata (risk scores, flag types detected - without conversation content)

2.4 Technical Information
For security and service improvement, we collect:

• IP address (for security and fraud prevention)
• Device information (operating system, app version)
• Error logs and crash reports (via Sentry)
• Performance metrics (app load times, API response times)

2.5 Payment Information
We use RevenueCat for subscription management:

• Payment information is processed by Apple App Store or Google Play Store
• We receive only subscription status, not credit card details
• RevenueCat may collect purchase data as per their privacy policy
• Billing history is accessible through your Apple/Google account

2.6 Communications
If you contact us or subscribe to updates:

• Email correspondence (via Brevo)
• Support ticket information
• Newsletter subscription preferences
• Feedback and survey responses

We use the collected information for the following purposes:

3.1 Provide and Improve the Service

• Process conversation analyses using AI models
• Manage your account and subscription
• Track usage limits (3 analyses/week for free tier)
• Improve AI accuracy and detection capabilities
• Develop new features and enhancements
• Optimize app performance and user experience

3.2 Communication

• Send account-related notifications (password resets, subscription updates)
• Respond to support requests and inquiries
• Send product updates and feature announcements (with your consent)
• Share educational content about relationship health (if subscribed)

3.3 Security and Fraud Prevention

• Detect and prevent fraudulent activities
• Monitor for abuse and Terms of Service violations
• Secure user accounts and prevent unauthorized access
• Identify and fix technical issues and bugs

3.4 Analytics and Research

• Analyze usage patterns to improve the Service
• Conduct anonymized research on red flag patterns (conversation content is never used - only aggregated metadata)
• Generate anonymized statistics for public reporting

3.5 Legal Compliance

• Comply with legal obligations and valid legal requests
• Enforce our Terms of Service
• Protect our rights, property, and safety

We work with trusted third-party service providers to operate our Service. We share only the minimum data necessary with each provider.

We do NOT share your data with:

• Advertisers or marketing companies
• Data brokers
• Social media platforms for tracking purposes
• Any entity for purposes unrelated to the Service

Legal Disclosures:
We may disclose your information if required by law, legal process, or government request, or to protect our rights, property, or safety.

Essential Session Data Only:

• We may use minimal session storage to keep you logged in
• This data is stored locally on your device, not on our servers
• No third-party tracking pixels or cookies are used
• We do not use Google Analytics or similar tracking services

Mobile App Identifiers:

• The mobile app uses device identifiers for authentication and subscription management
• These are provided by Apple/Google and are standard for mobile apps
• You can reset these identifiers through your device settings

We implement industry-standard security measures to protect your data:

Data Breach Protocol:
In the unlikely event of a data breach, we will notify affected users within 72 hours as required by GDPR and provide detailed information about the incident and remediation steps.

Under the General Data Protection Regulation (GDPR) and other privacy laws, you have the following rights:

How to Exercise Your Rights:

• Email us at privacy@redflag-detector.app
• Use in-app account deletion feature
• Update account settings directly in the app

We will respond to all requests within 30 days as required by GDPR. If we cannot fulfill your request, we will explain why.

We retain different types of data for different periods:

After the retention period, data is either permanently deleted or anonymized so it cannot be associated with you.

RedFlag - Detector is NOT intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@redflag-detector.app and we will delete such information from our systems.

Your data may be transferred to and processed in countries outside your country of residence, including the United States (OpenAI, Anthropic servers).

We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all third-party processors
• Ensuring third parties comply with GDPR and equivalent privacy standards

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Last Updated" date at the top of this page
• For material changes, we will notify you via email and/or in-app notification
• Changes take effect immediately upon posting
• Continued use of the Service after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Right to Lodge a Complaint:
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.