Privacy Policy

• Account data — email address, name, optional credential number (e.g. CWI-12345), hashed password, role, company name, facility assignments, and plan tier.
• Inspection content — photos and video frames you upload, text notes, GPS coordinates (only when your device grants permission), job and part numbers, findings, NCRs, CAPAs, certificates, and generated reports.
• Usage data — page views, feature interactions, error traces, IP address, browser and device identifiers, and timestamps, used to secure the service and improve the product.
• Billing data — if you purchase a paid plan, Stripe processes your card on our behalf. We store the Stripe customer and payment-intent IDs, plan, and invoice status. We never see or store full card numbers.
• Support data — messages you send us through the contact form, support email, or in-app chat, plus any attachments you include.

When you click "Analyze", Flaggity forwards the relevant photos to Flaggity AI, our inspection analysis engine. Flaggity AI returns the defect list, severities, and cited standards that we then store alongside your inspection.

Photos sent to Flaggity AI are processed solely to produce the requested analysis. Inputs are not used to train general-purpose models and are discarded by the underlying processor after the request completes.

All account and inspection data lives in our managed MongoDB cluster with encryption at rest and TLS in transit. Large files (images, PDFs) are stored in Emergent Object Storage; each object is scoped to the uploader's account.

Backups are encrypted and retained for up to 30 days. Audit logs covering superadmin actions are retained indefinitely for forensic purposes.

• To provide the Service you subscribed to — running inspections, analyses, reports, and certificates.
• To secure the Service — rate-limiting, brute-force protection, suspending abusive accounts.
• To improve the product — aggregate analytics on feature adoption and error rates (never identifying individuals in our internal dashboards).
• To communicate with you about product updates, incidents, and billing. You can opt out of non-essential emails at any time.

We do not sell your data. We share it only with the sub-processors strictly required to operate the Service:

• Flaggity AI — AI analysis of inspection photos.
• MongoDB Atlas / Emergent Object Storage — data persistence.
• Stripe — payment processing (for paid plans only).

We may disclose data to comply with a lawful subpoena or court order, or when necessary to protect the safety or rights of our users.

Regardless of where you live, you have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, email support@flaggity.com from the email address on your account. We respond within 30 days.

If you ask us to delete your account, we remove your user profile, inspections, findings, certificates, NCRs, CAPAs, schedules, API keys, notifications, and support notes. Aggregated and de-identified analytics may be retained indefinitely.

Flaggity is not directed at children under 16 and we do not knowingly collect data from them.

If we make a material change to this policy we will notify you by email or in-app notice at least 14 days before the change takes effect.

Questions, complaints, or deletion requests: support@flaggity.com.