Privacy Policy

Effective Date: March 9, 2026 · Last Updated: March 9, 2026

1. Information We Collect

Information You Provide

• Account information: Email address, display name, username, password, and profile bio
• Profile content: Links, link titles, thumbnails, group names, and theme settings you add to your Flarely page
• Payment information: Subscription and payout details processed through our third-party payment providers (we do not store credit card numbers)
• Communications: Messages you send to our support team

Information Collected Automatically

• Click data: When visitors click links on creator profiles, we record the timestamp, referring URL, device type, and approximate geographic location (country-level)
• IP addresses: We collect visitor IP addresses for click tracking and fraud prevention. IPs are anonymized using one-way hashing (SHA-256) and are never stored in plain text
• Device information: Browser type, operating system, and device category (mobile, tablet, desktop) derived from the user agent string
• Browser fingerprinting: We use anonymized browser fingerprinting to detect returning visitors and prevent click fraud. This data cannot be used to identify individual users

Information We Do Not Collect

• We do not use third-party tracking cookies on creator profile pages
• We do not sell or share personal data with advertisers for targeting
• We do not store plaintext IP addresses of profile visitors

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Flarely platform
• Process subscriptions, payouts, and transactions
• Provide click analytics and audience insights to creators
• Detect and prevent click fraud, bot traffic, and abuse
• Send important service updates, security alerts, and billing notifications
• Enforce our Terms of Service
• Respond to support requests

3. How We Share Your Information

We do not sell your personal data. We may share information in these limited circumstances:

• Service providers: We work with third-party services for hosting (Railway), payment processing (NewebPay/ECPay), and email delivery. These providers only access data necessary to perform their services
• Ad networks: When Action-Based Links are enabled, our ad mediation partners may receive anonymized impression and completion data. They do not receive personally identifiable information
• Legal compliance: We may disclose information if required by law, court order, or government request
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction

4. Creator Analytics Data

Creators receive aggregated analytics about visitors to their profile pages, including:

• Total click counts and trends over time
• Referring sources (e.g., Instagram, Twitter, direct)
• Geographic distribution by country
• Device type breakdown (mobile, tablet, desktop)
• Returning visitor counts (anonymized)

This data is aggregated and does not contain personally identifiable information about individual visitors.

5. Data Retention

• Account data: Retained for as long as your account is active. Upon deletion, personal data is removed within 30 days. Some data may be retained longer for legal or audit purposes
• Click analytics: Aggregated click data is retained indefinitely. Anonymized raw click events are retained for 24 months, then automatically purged
• Payment records: Retained for 7 years as required by tax regulations in Taiwan

6. Data Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using bcrypt and never stored in plaintext
• IP addresses are anonymized using SHA-256 hashing
• Access to production systems is restricted and logged
• Rate limiting is applied to all public API endpoints

No system is 100% secure. If we discover a data breach that affects your personal information, we will notify you within 72 hours.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data
• Export: Download your data in a portable format (available in account settings)
• Restriction: Request that we limit processing of your data
• Objection: Object to certain types of data processing

To exercise these rights, contact us at privacy@flarely.net. We will respond within 30 days.

8. International Data Transfers

Flarely is operated from Taiwan. If you access the Service from outside Taiwan, your data may be transferred to and processed in Taiwan. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

9. Children's Privacy

Flarely is not intended for children under the age of 18. We do not knowingly collect personal data from minors. If we discover that a child under 18 has created an account, we will promptly delete it. If you believe a minor is using Flarely, please contact us at privacy@flarely.net.

10. Cookies

Flarely uses minimal cookies:

• Authentication cookies: To keep you logged in to your account
• Security cookies: CSRF protection tokens required for form submissions

We do not use advertising cookies or third-party tracking cookies on creator profile pages. Creator profile pages are designed to be as clean as possible for visitor privacy.

11. Third-Party Links

Creator profile pages contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage visitors to review the privacy policies of any site they visit through Flarely.

12. Taiwan Personal Data Protection Act (PDPA)

In compliance with Taiwan's Personal Data Protection Act, we:

• Collect personal data only for specific, lawful purposes
• Provide clear notice of data collection practices
• Allow users to access, correct, and delete their data
• Implement appropriate security measures
• Do not use personal data beyond the scope of the original collection purpose without consent

13. GDPR Compliance

For users in the European Economic Area (EEA), we process data under the following legal bases:

• Contract: Processing necessary to provide the Service (account management, link hosting, analytics)
• Legitimate interest: Fraud prevention, service improvement, security
• Consent: Marketing communications (you can opt out at any time)

EEA users have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

15. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

• Email: privacy@flarely.net
• Company: Scarlet International
• Location: Taiwan