Privacy Policy

Green Flagged is operated by Holylabs Ltd. This policy explains what data we collect, why, and how long we keep it.

What we collect. Email address and any contract you upload. Optionally: name, company, billing details (processed by Paddle, our merchant of record).

How we use it. Contracts are processed to generate your verdict. Email is used to deliver your report and product updates (you can unsubscribe). Billing data is shared with Paddle solely to process payment.

Where we store it. Data is stored in the EU. Contracts are encrypted in transit (TLS) and at rest. We do not train any AI model on your contract content.

Retention. Free scans are auto-deleted within 30 days. Paid plans let you choose 30, 60, or 90 days. Account and billing records are kept while your account is active and for as long as required by law afterward.

Your rights (GDPR). Access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority. Email hello@greenflagged.xyz to exercise any right.

Sub-processors. Hosting: Vercel (EU). Email: Resend. Payments: Paddle. AI inference: Anthropic (EU/US). DPAs are in place with each provider.