Legal

Privacy Policy

Last updated: 29 June 2026

1. Who We Are

Red Flag AI Pro ("we", "us", "our") operates the website at www.redflagaipro.com. We are committed to protecting your personal data and complying with the UK GDPR, EU GDPR, and applicable data protection laws.

For data protection queries, contact us at: support@redflagaipro.com

2. What Data We Collect

DataWhy we collect it
Name & email addressTo create and manage your account
Payment informationProcessed securely by Stripe, we never store card details
Copy you submit for checkingTo generate your compliance check results only
Check results and historyTo display your dashboard and check history
AI governance quiz answers and scoresTo generate your governance maturity score, gap report and roadmap. Stored against your email address in our database.
Usage data (pages visited, features used)To improve our service
IP addressFor security and fraud prevention

3. Your Submitted Copy: Data Handling and Confidentiality

The marketing copy you paste into Red Flag AI Pro is used solely to generate your check results. This is your data. It remains your data. We do not:

  • Store your submitted copy beyond processing (removed after check delivery unless you retain history)
  • Allow any human to view, access, or read your submitted copy
  • Use your copy to train AI models or improve our service
  • Share your copy with third parties for any reason
  • Retain your copy for longer than necessary to display your check history

You can delete your check history at any time from your dashboard. Deletion is permanent.

No human review, no training: Red Flag operates under contractual terms that prohibit human review, training, or onward disclosure of your data. This is equivalent to closed enterprise AI tools.

4. Legal Basis for Processing (UK & EU GDPR)

  • Contract: Processing your account data and checks to deliver the service you signed up for
  • Legitimate interests: Improving our service, preventing fraud, ensuring security
  • Legal obligation: Retaining billing records as required by law
  • Consent: Marketing emails, you can unsubscribe at any time
  • Consent: Sharing conversion data with Google Ads for advertising measurement and Customer Match, you can opt out via Google's Ads Settings

5. Third Parties We Use

  • Supabase: Database and authentication (data stored in EU region)
  • Stripe: Payment processing (PCI DSS compliant)
  • Vercel: Website hosting
  • OpenAI / Anthropic: AI processing of check requests
  • Loops: Email marketing and transactional emails (your email address and plan tier are shared to send relevant communications). You can unsubscribe at any time.
  • Google Ads: Conversion data (e.g. signups) may be shared with Google to measure ad performance and show our ads to similar audiences (Customer Match). You can opt out via Google's Ads Settings.

All third parties are bound by appropriate data processing agreements.

6. How Long We Keep Your Data

  • Account data: retained while your account is active and for 30 days after deletion
  • Billing records: 7 years as required by UK law
  • Check history: retained until you delete it or close your account

7. Your Rights

Under UK and EU GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (right to be forgotten)
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Restrict: Request we limit how we process your data

To exercise any of these rights, email support@redflagaipro.com. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. No consent banner is required for these under UK GDPR, since the service cannot function without them.

We also use non-essential cookies for Google Ads conversion tracking and our affiliate referral programme. These are not loaded until you accept cookies via the banner shown on your first visit. You can withdraw consent at any time by clearing your browser's site data, which will show the banner again. Google Ads conversion data is used to measure advertising performance and for Customer Match (showing ads to existing and similar potential customers). You can opt out of personalised advertising at any time via Google's Ads Settings.

9. Data Security

We implement industry standard security measures including encrypted data storage, HTTPS, and access controls. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email. Continued use of Red Flag AI Pro after changes constitutes acceptance.

11. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it:

Email: support@redflagaipro.com
Response time: We will acknowledge your complaint within 5 working days and aim to resolve it within 30 days.

If you remain dissatisfied after our internal process, you have the right to escalate to the UK Information Commissioner's Office (ICO) at ico.org.uk. This internal complaints process is provided in accordance with the Data Use and Access Act 2025.

12. Contact

For any privacy questions: support@redflagaipro.com

Terms of ServiceBack to home