What we collect, what we do with it, what we don't do. Shorter than most privacy policies on the web, and we intend to keep it that way.
The specific data we store:
flareo pull — the image comes directly from the public registry. We don't sit in that path.The third parties that process your data to help us run Flareo:
| Provider | What it does | Region |
|---|---|---|
| Vercel | App hosting | Global edge |
| Neon | Postgres database | EU (Frankfurt) |
| Upstash | Redis (rate-limit state) | EU (Frankfurt) |
| Cloudflare R2 | SBOM + scan storage | EU |
| Cloudflare Pages | docs.flareo.dev | Global edge |
| AWS ECR Public | Container registry | Global |
| Resend | Transactional email | EU |
| GitHub | OAuth + source | US |
| Hetzner | Preview demo host | DE (Falkenstein) |
| Sigstore | Public transparency log | Global |
You can request a copy of your data, ask us to delete it, or correct something we've got wrong by emailing privacy@flareo.dev. We respond within 14 days and complete the action within 30 days.
If you're in the EU, you have specific rights under GDPR including the right to object to processing and the right to lodge a complaint with your local data protection authority. The same email works.
We use one cookie: a session cookie for keeping you signed in. No tracking cookies, no analytics cookies, no third- party cookies. Decline all cookies and the signed-in parts of the site won't work; everything else is unaffected.
Flareo is not directed at children under 16. If we learn we've collected data from a child, we delete it immediately.
Material changes to how we collect or use data get announced at /changelog and emailed to anyone with an account, 14 days before they take effect.
Privacy questions: privacy@flareo.dev.
Last updated: April 23, 2026
See also: terms of service