Privacy Policy

Last updated : 12 July 2025

1. Who We Are

FlagLite Inc. (“FlagLite”, “we”) is a corporation registered in Seoul, Republic of Korea. We provide an edge-based feature-flag SaaS (“Service”).

2. Personal Data We Collect

• Account Data — e-mail, OAuth ID.
• Project Data — flag keys, values, environments, audit logs.
• Usage Data — API counts, aggregated IP, user-agent.
• Cookies — session, CSRF, PostHog analytics.

3. Purpose & Legal Basis

• Contract (KR PIPA §15 ①-2): deliver the Service.
• Legitimate Interest (§15 ①-6): product analytics, abuse prevention (opt-out available).
• Legal Obligations: tax, accounting, KISA incident reports.

4. Sharing & International Transfers

We never sell or rent personal data. We share only with:

• Sub-processors: Vercel (EU), Supabase (EU), Upstash (Global), PostHog (EU), Polar (NO MoR), Resend (EU mail) — protected by SCCs / EU-US DPF.
• Legal or security requests, or business transfer (30-day notice).

5. Data Security

TLS 1.3 in transit, AES-256 at rest, FIDO2 admin keys, Supabase Row-Level-Security.

6. Retention

Active subscription + 30-day backups; audit logs 12 months then purge.

7. Your Rights

Access, erase, port, restrict or object (KR PIPA / EU GDPR). Contact : privacy@flaglite.com.

8. Children

The Service is not directed to children under 13.

9. Changes

We notify material changes 7 days in advance (e-mail / in-app). Continued use = acceptance.

10. Contact

FlagLite Inc. · 123 Example-ro, Gangnam-gu, Seoul 06200, KR