Privacy Policy
Last Updated: January 14, 2025
At FlareSparkly, we take your privacy seriously. This isn't one of those policies written by lawyers for lawyers. We're going to explain, in plain terms, what data we collect, why we collect it, and what we do with it.
Operating from Bulgaria and serving clients across Europe and beyond, we comply with GDPR (General Data Protection Regulation) and Bulgarian Personal Data Protection Act. But more than that, we believe transparency builds trust.
1. Information We Collect
Look, SEO tools need data to work. That's just how it is. But we only collect what's necessary to provide you with actual value.
Account Information
When you sign up for FlareSparkly, we collect:
- Your name and email address (obviously needed for account creation)
- Company name and website URL (so we know which sites you're analyzing)
- Payment details (processed securely through third-party providers, we never see your full card numbers)
- Password (encrypted with industry-standard methods)
Usage Data
To make our tools better and understand how people actually use them, we track:
- Which features you use most often
- Search queries and keyword research you perform
- Reports you generate and download
- Technical information like browser type, IP address, and device specs
- Session duration and interaction patterns
Website Analysis Data
When you analyze websites through our platform, we collect publicly available data including metadata, page structure, backlink profiles, and ranking information. This data helps us provide accurate SEO insights.
2. How We Use Your Information
We're not in the business of selling your data. Period. Here's what we actually do with it:
| Purpose | Details |
|---|---|
| Service Delivery | Running the SEO tools you signed up for, generating reports, tracking your campaigns |
| Platform Improvement | Understanding which features work well and which need refinement based on actual usage |
| Customer Support | Helping you when things go wrong or when you have questions about functionality |
| Security | Detecting suspicious activity, preventing unauthorized access, maintaining system integrity |
| Communication | Sending service updates, feature announcements, and occasional marketing (you can opt out) |
| Legal Compliance | Meeting obligations under Bulgarian and EU law, responding to valid legal requests |
Marketing Emails: We'll occasionally send you tips about SEO and updates about new features. But we're not going to spam you daily. And there's always an unsubscribe link at the bottom.
3. Data Sharing and Third Parties
We work with some third-party services to run our platform effectively. Here's who might see your data and why:
Service Providers
- Cloud Hosting: AWS (Frankfurt region) hosts our infrastructure. They handle servers and data storage with enterprise-level security.
- Payment Processing: Stripe and PayPal process transactions. They're PCI-DSS compliant and handle payment data separately from our main systems.
- Email Services: We use SendGrid for transactional emails and newsletters. They only access email addresses and message content.
- Analytics: Matomo (self-hosted) for privacy-respecting analytics. Data stays on our servers.
Legal Requirements
If Bulgarian authorities or EU regulators issue a valid legal request, we'll comply. We'll notify you unless legally prohibited from doing so.
We might also share aggregated, anonymized data in case studies or research. This data won't identify you or your specific websites.
4. Your Rights Under GDPR
GDPR gives you substantial control over your personal data. And we actually respect these rights rather than making them difficult to exercise.
Access
You can request a copy of all personal data we hold about you. We'll provide it in a readable format within 30 days.
Rectification
Found incorrect information in your account? You can update most details directly in your dashboard or contact us for help.
Erasure
Want to delete your account? We'll remove your personal data within 30 days, keeping only what's legally required for financial records.
Data Portability
You can export your data (reports, keywords, analytics) in CSV or JSON format anytime from your account settings.
Restriction
Ask us to limit how we process your data while you challenge its accuracy or our legal basis for processing.
Objection
Object to processing based on legitimate interests or for marketing purposes. We'll stop unless we have compelling reasons.
How to Exercise Your Rights: Send an email to our support team with your request. We'll verify your identity and respond within the legal timeframe. No hoops to jump through.
5. Data Security Measures
Security isn't just a checkbox for us. Here's what we do to protect your information:
- Encryption: All data transmitted to and from our servers uses TLS 1.3. Stored passwords are hashed with bcrypt.
- Access Controls: Only essential team members can access user data, and all access is logged and monitored.
- Infrastructure Security: Our servers run behind firewalls with regular security patches and automated vulnerability scanning.
- Regular Backups: Daily encrypted backups stored in separate geographic locations for disaster recovery.
- Penetration Testing: Annual third-party security audits to identify and fix vulnerabilities before they become problems.
- Employee Training: Our team receives regular security awareness training and signs confidentiality agreements.
That said, no system is 100% secure. If we detect a data breach affecting your information, we'll notify you within 72 hours as required by GDPR.
6. Data Retention
We don't keep data forever. Here's our retention approach:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of active account + 30 days | Service delivery and account recovery window |
| Usage Analytics | 24 months | Platform improvement and trend analysis |
| Payment Records | 7 years | Bulgarian tax and accounting law requirements |
| Support Correspondence | 3 years | Quality improvement and dispute resolution |
| Marketing Preferences | Until opt-out or account deletion | Respecting communication choices |
When data reaches the end of its retention period, we securely delete it from our active systems and backups.
7. Cookies and Tracking
Yes, we use cookies. But we're transparent about it and give you control.
Essential Cookies
These keep you logged in and remember your preferences. You can't really use the platform without them, but they don't track you across the web.
Analytics Cookies
We use self-hosted Matomo analytics to understand how people use our tools. This helps us make the platform better. You can opt out in your account settings.
No Advertising Cookies
We don't use third-party advertising networks or tracking pixels that follow you around the internet. That's not our business model.
8. International Data Transfers
FlareSparkly operates primarily within the EU (Bulgaria), and most of our infrastructure is in the Frankfurt AWS region. If we transfer data outside the EU, we use Standard Contractual Clauses approved by the European Commission.
Some third-party services (like payment processors) may process data in their own regions, but they maintain GDPR compliance through appropriate safeguards.
9. Children's Privacy
FlareSparkly is a professional SEO tool, not intended for children under 16. We don't knowingly collect data from children. If we discover we've inadvertently collected such information, we'll delete it promptly.
10. Changes to This Policy
We'll update this policy occasionally as our practices evolve or regulations change. When we make significant changes, we'll notify active users by email at least 30 days before the changes take effect.
You can always find the current version here with the "Last Updated" date at the top. If you disagree with changes, you can close your account before they take effect.
Questions About Privacy?
We're happy to discuss how we handle your data. Reach us at:
Address: bul. "6-ti septemvri" 107, 4003 Marasha, Plovdiv, Bulgaria
Website: flare-sparkly.com
For data protection concerns, you can also contact the Bulgarian Commission for Personal Data Protection.
Policy Version: This privacy policy was last reviewed and updated on January 14, 2025. We recommend checking back periodically for any updates.