Privacy Policy

Effective date: 6 June 2026

Overview

RivalFlag (“we”, “us”, “our”) is operated by RivalFlag Limited, a company registered in England and Wales, and runs rivalflag.com. We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we handle it. No surprises, no fine print tricks.

What We Collect

We collect the minimum data needed to run the service:

  • Account information — your email address and password (hashed) when you sign up.
  • Competitor data you provide — the competitor URLs and domains you choose to track.
  • Usage data — basic analytics like pages visited, features used, and session duration. This helps us improve the product.
  • Payment information — handled entirely by Stripe. We never see or store your card details.

How We Use Your Data

  • Provide the service — monitor competitor websites, generate AI analysis, and deliver your digests.
  • Send digest emails — weekly (or daily, depending on your plan) reports on competitor changes.
  • Improve the product — understand how features are used so we can make RivalFlag better.
  • Communicate with you — respond to support requests, send essential service updates (never marketing spam).

Third-Party Services

We use the following third-party sub-processors to operate RivalFlag. Each has their own privacy policy:

  • Supabase— authentication and database. Your data is stored in Supabase's London (EU) region.
  • Stripe — payment processing. Stripe handles all card data directly; we only receive confirmation of payment status.
  • OpenAI — AI analysis of competitor website changes. We send publicly available competitor webpage content to OpenAI for analysis. We do not send your personal data to OpenAI, and OpenAI does not use data submitted through its API to train its models.
  • Resend — transactional email delivery for digest emails and account notifications.
  • Vercel — application hosting and infrastructure, plus Vercel Analytics and Speed Insights for privacy-friendly, cookieless product and performance measurement (no cross-site tracking).
  • Sentry — error and performance monitoring so we can detect and fix issues quickly.

Cookies

We use cookies only for authentication — Supabase sets a session cookie to keep you logged in. Our product and performance analytics (Vercel) are cookieless and do not track you across other sites. We do not use advertising cookies.

Data Retention & Deletion

We retain your data for as long as your account is active. If you delete your account (available from your settings page), we permanently delete all your data — your profile, tracked competitors, scan history, and digest records. Deletion is processed within 30 days.

You can also email us at hello@rivalflag.com to request data deletion or export.

Your Rights (GDPR)

RivalFlag Limited (registered in England and Wales) is the data controller and operates from the United Kingdom. Your data is stored in the EU (Supabase London region). Under UK GDPR and GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@rivalflag.com. We will respond within 30 days.

Data Security

We use industry-standard security measures to protect your data. All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. Database access is restricted and encrypted at rest.

Children's Privacy

RivalFlag is a business tool and is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email. The “effective date” at the top of this page always reflects the latest version.

Contact

Questions about this privacy policy? Email us at hello@rivalflag.com.