Data Processing Addendum

1. Roles

Customer is the data controller (or processor, as applicable). Flare acts as a data processor when processing personal data on behalf of the customer.

2. Processing details

Flare processes personal data to provide the Service, including account management, video hosting and sharing, analytics, and support. Categories of data may include account data, end-user identifiers, usage analytics, and User Content metadata.

3. Security measures

Flare applies reasonable technical and organizational measures such as access controls, encryption in transit, logging, and monitoring to protect personal data.

4. Subprocessors

We use the following subprocessors to deliver the Service. This list may change over time.

• PostHog (EU) – product analytics.
• Cloudflare – media storage and delivery (global region).
• Modal – serverless compute for transcription.
• Scaleway – database and VPS (EU).
• UpCloud – VPS/infrastructure (EU).
• Mollie – payment processing.

5. International transfers

Media delivery and some processing may involve systems outside the EEA/UK. Where required, we rely on appropriate safeguards such as EU Standard Contractual Clauses.

6. Assistance

Flare will provide reasonable assistance to help customers respond to data subject requests and security incidents, taking into account the nature of the processing.

7. Data retention and deletion

Flare retains personal data as described in the Privacy Policy and may update retention periods with at least 30 days' notice where reasonably possible. Upon termination and at the customer's request, Flare will delete or return personal data, unless legal obligations require retention.

8. Contact

For DPA requests or questions, email [email protected].