Sign inTry for Free

Privacy Policy

Last updated: March 17, 2026

1. Introduction

Flagpool ("we", "us", "our") operates the flagpool.io website and the Flagpool dashboard application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect the following categories of information:

Account Information

When you create a Flagpool account, we collect your name, email address, and authentication credentials. If you sign up via a third-party provider (e.g. GitHub, Google), we receive the profile information you authorize.

Billing Information

Payment processing is handled by a third-party payment processor. We do not store credit card numbers. Our payment processor may collect billing details such as your name, address, and payment method in accordance with their own privacy policy.

Usage & Analytics Data

When analytics is enabled in your project, our SDKs send aggregated flag evaluation counts to our servers. These counts record how many times each feature flag was evaluated, not the identity or behavior of individual end users. Analytics data is associated with your project and environment, not with end-user identifiers.

Flag Configuration Data

We store your feature flag definitions, targeting rules, rollout percentages, and environment configurations. Target lists (e.g. lists of user IDs or emails used for targeting) are encrypted at rest using AES-256-GCM before being stored or delivered via our CDN.

Log & Technical Data

We automatically collect standard server logs including IP addresses, browser type, referring URLs, pages visited, and timestamps when you interact with our website and dashboard.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process transactions and manage your subscription
  • To deliver feature flag configurations to your applications via our CDN
  • To provide aggregated analytics on flag evaluations within your dashboard
  • To send transactional emails (account verification, password resets, billing receipts)
  • To respond to support requests and communicate product updates
  • To detect, prevent, and address security issues or abuse

4. Data Storage & Security

Your data is stored on secure cloud infrastructure and served via our global CDN. All data is transmitted over HTTPS/TLS.

Sensitive targeting data (target lists containing user identifiers) is encrypted client-side using AES-256-GCM before storage. The decryption key is held only by you and is never transmitted to our servers in plaintext.

We implement industry-standard security measures, but no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. SDKs & End-User Data

Our SDKs (TypeScript, React, Go, Python, Java, C#) are designed to evaluate feature flags locally on your infrastructure. Flag configurations are fetched from our CDN as static JSON files. The SDKs do not send end-user personal data to Flagpool servers.

When analytics is enabled, the SDKs send only aggregated evaluation counts (e.g. "flag X was evaluated 42 times"). No end-user identifiers, IP addresses, or personal data is included in analytics payloads.

6. Data Sharing

We do not sell your personal information. We may share data with the following categories of third parties:

  • Payment processors — for secure transaction handling
  • Infrastructure & hosting providers — for database hosting, authentication, and service delivery
  • CDN providers — for global delivery of flag configurations
  • Analytics providers — for understanding how our Service is used and improving the user experience

A current list of our sub-processors is available upon request at privacy@flagpool.io.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Aggregated analytics data that cannot identify individuals may be retained indefinitely.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request portability of your data

To exercise any of these rights, contact us at privacy@flagpool.io.

9. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers of personal data in compliance with applicable data protection laws.

10. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@flagpool.io or visit our Contact page.

Privacy Policy | Flagpool | Simple Feature Flag Management for Teams