1. Who we are
AuditFlare is operated by Prototype Technologies LLP. In this policy, “AuditFlare”, “we”, “us” and “our” refer to Prototype Technologies LLP. This policy explains how we handle personal data when you visit our website, contact us or purchase and receive an audit service.
2. Information we collect
We may collect the following information:
- Contact and account details such as your name, email address, company name and role.
- Purchase information such as the selected plan, billing status, transaction reference and invoice details. Payment card details are processed by our payment provider and are not stored by us.
- Audit intake information such as your application URL, technology stack, test credentials, repository details and instructions.
- Application materials you authorize us to access such as source code, configuration, test data, logs and screenshots.
- Communications such as support emails, meeting notes and feedback.
- Basic technical information such as IP address, browser type, device type and website request logs.
3. How we use information
We use information to provide the purchased audit, communicate with you, process payments, prepare findings, verify fixes, protect our systems, prevent fraud, maintain business records and comply with law. We may also use de-identified information to improve our audit process. We do not use your source code, credentials or confidential application materials to train public or third-party AI models.
4. Legal basis and consent
We process personal data where necessary to provide a service you requested, meet our contractual and legal obligations, protect legitimate business interests or act on your consent. Where consent is the basis for processing, you may withdraw it by contacting us. Withdrawal does not affect processing already completed lawfully.
5. Confidential application access
We use application access only for the agreed audit. Access is limited to team members and contractors who need it for delivery and who are subject to confidentiality obligations. We recommend time-limited test accounts, least-privilege repository access and non-production data where practical. We will sign a mutual NDA before access is shared when requested.
6. How we share information
We may share the minimum necessary information with service providers that support payment processing, hosting, communications, document delivery and business operations. We may also disclose information when required by law, to protect legal rights or in connection with a business restructuring. We do not sell personal data.
7. International processing
Some service providers may process information outside your country. Where required, we use reasonable contractual and technical safeguards for these transfers.
8. Retention and deletion
We retain contact, transaction and contractual records for as long as needed for legal, tax and business purposes. Audit working copies, credentials and downloaded source materials are deleted or access is removed after delivery and any agreed retest period unless a different period is agreed in writing. Final reports may be retained to support you and document the service provided.
9. Security
We use reasonable administrative, technical and organizational safeguards designed to protect information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Please do not send production passwords or secrets by ordinary email.
10. Your rights
Subject to applicable law, you may request access to your personal data, correction of inaccurate data, deletion, information about processing or withdrawal of consent. You may also raise a grievance about how we handle your data. We may need to verify your identity before responding.
11. Cookies and analytics
We may use essential cookies required for website operation and security. If we add non-essential analytics or advertising cookies, we will update this policy and provide any consent controls required by law.
12. Children
AuditFlare is a business service and is not intended for children. We do not knowingly collect personal data from children.
13. Changes and contact
We may update this policy as our services or legal obligations change. The current version will be posted here with its updated date. For privacy questions, rights requests or grievances, email hello@auditflare.com.