Privacy Policy

1. Introduction

Flare Global LLC (“Flare,” “we,” “us,” or “our”) operates the Flare Data Explorer platform (the “Platform”). This Privacy Policy explains how we collect, use, store, and protect information when you use the Platform.

By accessing or using the Platform, you agree to the terms of this Privacy Policy. If you do not agree, you should not access or use the Platform.

2. Important Note About Platform Data

While the data does not constitute PHI, it remains sensitive, proprietary, and confidential. All users are required to sign a Data Protection Agreement before accessing any data on the Platform. This agreement governs the handling, use, and protection of all data accessed through the Platform.

3. Information We Collect

3.1 Account Information

When your account is created by an authorized administrator, we collect and store:

• Full name
• Email address
• Organization affiliation
• Role and access permissions

3.2 Authentication Data

User authentication is managed through an enterprise-grade, SOC 2 compliant identity management platform that supports single sign-on (SSO) and multi-factor authentication. Your login credentials are processed and stored exclusively by this dedicated authentication provider — we never store passwords directly. All authentication flows use industry-standard protocols and encryption.

3.3 Agreement Records

When you sign the Data Protection Agreement, we record:

• Your typed legal name (as your electronic signature)
• The date and time of signing
• The version of the agreement signed
• Your IP address and browser user agent at the time of signing

3.4 Usage and Access Logs

We log Platform access and usage activity for security and audit purposes. This includes:

• Pages and features accessed
• Data queries and exports performed
• Timestamps of access
• IP addresses and device information

3.5 Cookies

The Platform uses essential cookies for authentication and session management. We use a cookie to record your Data Protection Agreement status so that it can be verified efficiently on each request. We do not use advertising or tracking cookies.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Authentication and access control: To verify your identity and ensure you have appropriate permissions
• Agreement compliance: To maintain records of Data Protection Agreement execution as required for legal and regulatory purposes
• Security and auditing: To monitor for unauthorized access, investigate security incidents, and maintain audit trails
• Platform administration: To manage user accounts, permissions, and access levels
• Service improvement: To understand usage patterns and improve the Platform

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect the information we collect:

• All data in transit is encrypted using TLS/HTTPS
• Data at rest is encrypted in our database systems
• Access to production systems is restricted to authorized personnel
• All Platform access is logged and auditable
• User accounts are protected by enterprise-grade authentication with support for SSO and multi-factor authentication

6. Third-Party Services

The Platform relies on the following third-party service providers:

• Identity and authentication provider — Enterprise-grade, SOC 2 compliant user authentication and identity management
• Cloud database provider — Encrypted, managed database hosting and data storage
• Application hosting provider — Secure, globally distributed application hosting and delivery
• AI processing provider — AI-powered data processing and analysis (data is processed via API and not retained by the provider)

Each of these providers maintains their own privacy and security practices. We select providers that maintain appropriate security standards and data protection measures.

7. Data Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service providers: With the third-party providers listed above, solely for the purpose of operating the Platform
• Legal requirements: When required by law, regulation, legal process, or governmental request
• Security incidents: When necessary to investigate or respond to a security breach or suspected violation of our agreements
• With your organization: Your account activity and agreement status may be shared with the administrator who invited you to the Platform

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account information: Retained for the duration of your account and deleted upon account removal
• Agreement records: Retained indefinitely as legal records of agreement execution
• Access logs: Retained for a minimum of one year for security and audit purposes

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of your personal information (subject to legal retention requirements)
• Request a copy of your signed Data Protection Agreement
• Request termination of your access to the Platform

To exercise any of these rights, please contact us at the address below.

10. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via the Platform. The “Last updated” date at the top of this policy indicates when it was last revised.

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Kenya.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact: