Privacy Policy

Effective date: 28 March 2026

Overview

RivalFlag (“we”, “us”, “our”) operates rivalflag.com. We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we handle it. No surprises, no fine print tricks.

What We Collect

We collect the minimum data needed to run the service:

  • Account information — your email address and password (hashed) when you sign up.
  • Competitor data you provide — the competitor URLs and domains you choose to track.
  • Usage data — basic analytics like pages visited, features used, and session duration. This helps us improve the product.
  • Payment information — handled entirely by Stripe. We never see or store your card details.

How We Use Your Data

  • Provide the service — monitor competitor websites, generate AI analysis, and deliver your intelligence digests.
  • Send digest emails — weekly (or daily, depending on your plan) reports on competitor changes.
  • Improve the product — understand how features are used so we can make RivalFlag better.
  • Communicate with you — respond to support requests, send essential service updates (never marketing spam).

Third-Party Services

We use the following third-party services to operate RivalFlag. Each has their own privacy policy:

  • Supabase— authentication and database. Your data is stored in Supabase's London (EU) region.
  • Stripe — payment processing. Stripe handles all card data directly; we only receive confirmation of payment status.
  • OpenAI — AI analysis of competitor website changes. We send publicly available competitor webpage content to OpenAI for analysis. We do not send your personal data to OpenAI.
  • Resend — transactional email delivery for digest emails and account notifications.
  • Vercel — application hosting and infrastructure.

Cookies

We use cookies only for authentication. Specifically, Supabase sets a session cookie to keep you logged in. That's it. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Data Retention & Deletion

We retain your data for as long as your account is active. If you delete your account (available from your settings page), we permanently delete all your data — your profile, tracked competitors, scan history, and digest records. Deletion is processed within 30 days.

You can also email us at hello@rivalflag.com to request data deletion or export.

Your Rights (GDPR)

RivalFlag is operated from the United Kingdom. Your data is stored in the EU (Supabase London region). Under GDPR and UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@rivalflag.com. We will respond within 30 days.

Data Security

We use industry-standard security measures to protect your data. All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. Database access is restricted and encrypted at rest.

Children's Privacy

RivalFlag is a business tool and is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email. The “effective date” at the top of this page always reflects the latest version.

Contact

Questions about this privacy policy? Email us at hello@rivalflag.com.