Privacy Policy
Last updated: March 23, 2026
Introduction
Flare Warden LLC ("FlareWarden," "we," "us," or "our") operates the website monitoring service at flarewarden.com and app.flarewarden.com. This Privacy Policy describes how we collect, use, and protect your personal information when you use our services.
By using FlareWarden, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.
Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (stored as a secure hash, never in plain text)
- Region preference (for data residency)
Session and Security Data
For security and service delivery, we collect:
- IP address (when you log in)
- User agent (browser and device information)
- Session tokens (for authentication)
Team and Organization Data
If you use team features, we collect:
- Team member email addresses
- Roles and permissions
- Invitation records
Monitoring Data
When you create monitors, we collect and store:
- URLs you choose to monitor
- Check results (response times, status codes, error messages)
- SSL certificate information (expiry dates, fingerprints, chain details)
- DNS records (A, AAAA, MX, CNAME, TXT, CAA records)
- Content verification results
Status Page Subscriber Data
If you create public status pages, your visitors may subscribe for updates. We collect:
- Subscriber email addresses (with their consent)
- Notification preferences
- Timezone (for localized notifications)
Note: Status page subscribers provide their email addresses voluntarily and must verify their email through double opt-in. They can unsubscribe at any time.
Audit Logs
We maintain audit logs of account activity including user actions, IP addresses, and timestamps. These logs help us maintain security and troubleshoot issues.
How We Use Your Information
We use the information we collect to:
- Provide our services: Execute monitoring checks, detect incidents, and send notifications
- Cross-region validation: Validate failures from multiple geographic regions to prevent false positives
- Account administration: Manage your account, process payments, and provide customer support
- Security: Detect and prevent fraud, abuse, and security threats
- Service improvement: Analyze usage patterns to improve our services
- Communication: Send transactional emails about your account and service updates
Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process personal data under the following legal bases:
- Contract Performance (Article 6(1)(b)): Processing necessary to provide our monitoring services, manage your account, process payments, and deliver notifications you have configured
- Legitimate Interests (Article 6(1)(f)): Security monitoring, fraud prevention, service improvement, and analytics. We balance our interests against your rights and only process data where our interests do not override your fundamental rights
- Consent (Article 6(1)(a)): Status page subscribers provide consent when subscribing to notifications. You may withdraw consent at any time
- Legal Obligation (Article 6(1)(c)): Processing required for tax, accounting, and regulatory compliance
You may contact us at support@flarewarden.com to learn more about the specific legal basis for any particular processing activity.
Data Protection Representative (EU/EEA, UK, and Switzerland)
Flare Warden LLC is based in the United States. As required by Article 27 of the EU GDPR, the UK GDPR, and the Swiss Federal Act on Data Protection (FADP), we have appointed the following representative for data subjects and supervisory authorities in the EU/EEA, UK, and Switzerland:
Data Protection Representative Limited (trading as DataRep)
If you want to raise a question about how we handle your personal data, or exercise your rights under data protection law, you may contact our representative by:
- Email: datarequest@datarep.com (quoting "Flare Warden LLC" in the subject line)
- Online: www.datarep.com/data-request
- Mail: By writing to DataRep at the most convenient of their 31 locations across the EU/EEA, UK, and Switzerland
When mailing your inquiry, please ensure your letter is addressed to "DataRep" and not to Flare Warden LLC, otherwise it may not reach our representative. For general questions about FlareWarden's products or services (not related to data protection), please contact us directly at support@flarewarden.com.
Cookies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| session | Authentication | 30 days |
| user_region | Region preference | 30 days |
| csrf_token | Security (CSRF protection) | 24 hours |
All cookies listed above are strictly necessary for the service to function. On our marketing site, we also use Ahrefs Analytics for aggregated traffic analysis; this does not use cookies but may process your IP address. Our application uses Sentry for error monitoring, which may set its own cookies for session replay functionality. On our contact page, hCaptcha may set cookies to prevent spam.
Third-Party Services
We use the following third-party services to operate FlareWarden:
| Service | Purpose | Data Shared |
|---|---|---|
| Resend | Email delivery | Email addresses, notification content |
| Stripe | Payment processing | Billing information (we do not store card numbers) |
| Fly.io | Cloud hosting | All service data (as data processor) |
| Turso | Database hosting | All stored data (as data processor) |
| Sentry | Error monitoring and performance | Error diagnostics, anonymized usage data (IP addresses and emails are stripped before transmission) |
| Tigris (Fly Storage) | Object storage | Uploaded files (service logos) |
| hCaptcha | Spam prevention (contact form) | IP address, browser characteristics |
| Ahrefs | Marketing site analytics | Aggregated page view data, IP address |
Data Retention
We retain different types of data for different periods:
- Check results: 30-90 days depending on monitor type
- Webhook delivery logs: 7-30 days based on your plan
- Session data: 30 days (automatically cleaned up)
- Audit logs: Duration of your account (IP addresses and user agents are anonymized after 90 days)
- Account data: Until you delete your account
Your Rights
You have the following rights regarding your personal data:
- Access: Export your data anytime via Account > Privacy & Data
- Correction: Update your profile information in your account settings
- Deletion: Delete your account via Account settings. This permanently removes all your data including monitors, team members, status pages, and historical data
- Portability: Export your data in CSV format
For EU residents (GDPR) and California residents (CCPA), you have additional rights including the right to object to processing and the right to restrict processing. Contact us at support@flarewarden.com to exercise these rights.
Data Security
We implement industry-standard security measures to protect your data:
- Passwords are hashed using bcrypt with a high cost factor
- All connections are encrypted using HTTPS/TLS
- Data is isolated between accounts
- CSRF protection on all forms
- Regular security reviews
For more details, see our Security page.
Children's Privacy
FlareWarden is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
International Data Transfers
FlareWarden operates in multiple regions (US-East, EU-West, Asia-Pacific). When you select a region, your account data is primarily stored in that region. However, some data may be processed in other regions for cross-region validation and service delivery.
Some of our sub-processors are based in the United States, including Sentry (error monitoring), Resend (email delivery), and Stripe (payments). For transfers of personal data from the EEA to the US, we rely on:
- EU-US Data Privacy Framework: Where our US-based sub-processors are certified participants
- Standard Contractual Clauses (SCCs): As provided in our sub-processor data processing agreements where the Data Privacy Framework does not apply
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of FlareWarden after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Flare Warden LLC
PMB 128, 9801 Fall Creek Rd
Indianapolis, IN 46256, USA
Email: support@flarewarden.com