Privacy Policy

Last updated: March 9, 2026

Unflagged ("we," "us," or "our") operates the website located at unflagged.store (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using Unflagged, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following personal information:

  • Email address
  • Display name (if provided)
  • Authentication credentials (managed securely via Clerk)
  • Etsy shop name and OAuth connection tokens (if you connect your shop)

1.2 Listing Data

When you scan listings through Unflagged, we collect and process the text content of those listings, including titles, descriptions, and tags. This data is used solely for the purpose of performing compliance analysis and generating risk scores.

1.3 Scan Results

We store the results of compliance scans, including risk scores, identified issues, suggested fixes, and generated appeal letters. This data is associated with your account so you can access your scan history.

1.4 Usage and Analytics Data

We automatically collect certain information about your interaction with the Service, including pages visited, features used, browser type, device information, IP address, and referring URLs. This data is collected via PostHog analytics and is used to improve the Service.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other financial payment instruments on our servers. We receive and store only a Stripe customer ID, subscription status, and transaction history metadata (amounts, dates, plan type).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service, including performing compliance scans, generating risk scores, and creating appeal letters
  • To process your subscription and manage billing
  • To send transactional emails, including scan results, account notifications, and policy change alerts
  • To improve and optimize the Service based on usage patterns
  • To detect and prevent fraud, abuse, or violations of our Terms of Service
  • To respond to your support inquiries
  • To comply with legal obligations

3. How Listing Data Is Processed

When you submit a listing for scanning, the text content of that listing is transmitted to OpenAI's API for AI-powered compliance analysis. This transmission is necessary to perform trademark risk detection, policy violation identification, and natural language analysis of your listing content.

Listing text sent to OpenAI is processed in real time and is not permanently stored by Unflagged beyond the retention period described in Section 4. OpenAI's use of data transmitted through their API is governed by OpenAI's API data usage policies, which state that data submitted via the API is not used to train their models.

4. Data Retention

  • Scan results: Retained for 90 days from the date of the scan, after which they are automatically deleted. You may manually delete individual scan results at any time.
  • Account data: Retained for as long as your account is active. Upon account deletion, all personal data and associated scan results are permanently deleted within 30 days.
  • Payment records: Transaction metadata is retained for the duration required by applicable tax and financial reporting laws (typically 7 years).
  • Analytics data: Aggregated, anonymized analytics data may be retained indefinitely for product improvement purposes.

5. Third-Party Services

We use the following third-party services to operate Unflagged. Each service processes data in accordance with its own privacy policy:

  • OpenAI — Powers our AI compliance analysis engine. Listing text is sent to OpenAI's API for processing. OpenAI does not use API data to train its models.
  • Stripe — Handles all payment processing and subscription management. Stripe is PCI DSS Level 1 certified.
  • Convex — Provides our real-time database infrastructure. Data is stored in secure, encrypted databases with automatic backups.
  • Resend — Sends transactional emails on our behalf, including scan results and account notifications.
  • PostHog — Collects product analytics to help us understand how users interact with the Service and identify areas for improvement.
  • Sentry — Monitors application errors and performance to ensure service reliability. Error reports may contain limited technical context but do not include listing content.

6. Your Rights Under GDPR and Applicable Privacy Laws

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You may request the deletion of your personal data. We will comply within 30 days, subject to any legal retention obligations.
  • Right to Data Portability: You may request an export of your data in a structured, machine-readable format (JSON or CSV).
  • Right to Object: You may object to the processing of your personal data for analytics purposes at any time.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.

To exercise any of these rights, contact us at hey@unflagged.store. We will respond to your request within 30 days.

7. Cookies

Unflagged uses a minimal number of cookies, strictly limited to what is necessary for the Service to function:

  • Essential authentication cookies: Required to maintain your login session and authenticate requests. These cannot be disabled without losing access to your account.
  • PostHog analytics cookies: Used to collect anonymous usage data to improve the Service. You may opt out of analytics tracking at any time through your account settings or by contacting us.

We do not use advertising cookies, social media tracking cookies, or any third-party cookies beyond those listed above.

8. Data Security

We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest, secure authentication via Clerk, strict access controls on all database tables, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

Unflagged is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal data, please contact us at hey@unflagged.store.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by sending an email to the address associated with your account at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: hey@unflagged.store

Website: unflagged.store

This Privacy Policy is effective as of March 9, 2026.