Legal
Last updated: April 24, 2026 · Applies to flamevault.app
FlameVault (“we,” “us,” or “our”) operates the FlameVault web application. This policy explains what information we collect, how we use it, and what rights you have over it. We have written it in plain English on purpose.
When you create an account we collect your email address and a hashed password. We never store your password in plain text. Authentication is handled by Supabase.
When you scan a lighter you upload photos (JPEG, PNG, or WebP, up to 5 MB each). These photos are:
If you delete a lighter from your vault, its photos are deleted from storage. If you delete your account, all photos are deleted.
The AI identification results — brand, model, estimated value, condition, flags, and related fields — are stored in our database (Supabase, hosted on AWS in the United States) and associated with your account.
If you upgrade to Pro, payments are processed by Stripe. We never see or store your full card number, CVV, or bank details — Stripe handles all of that. We store your Stripe customer ID and subscription status so we know whether your account is Free or Pro.
We track how many scans you have used in the current month so we can enforce plan limits. We do not use third-party analytics or advertising trackers.
When you view market comps, we query the eBay Browse API and cache results in our database for up to 6 hours. This data is not linked to your identity — the cache is shared across all users.
We do not sell your data. We do not use your data for advertising. We do not share your lighter photos with any third party other than Anthropic (for AI processing) and Cloudflare (for storage).
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database | Email, vault data, scan history |
| Anthropic (Claude) | AI lighter identification | Photos you upload for scanning |
| Cloudflare R2 | Photo storage | Photos you upload |
| Stripe | Payment processing | Email, billing address, subscription status |
| eBay Browse API | Market price data | Search queries (not linked to your account) |
Each of these services has its own privacy policy. We choose services that operate under standard data protection frameworks and do not use your data for their own advertising purposes.
We keep your account data for as long as your account exists. If you delete your account via Settings → Danger Zone, we immediately delete your lighter records, photos, and profile from our systems. Your Stripe subscription is cancelled automatically. Some data (e.g., payment records) may be retained by Stripe for their legal obligations.
We use only essential cookies — specifically, Supabase authentication tokens stored in your browser so you stay signed in. We do not use advertising cookies, tracking pixels, or analytics cookies.
If you have questions or requests about your data, email us at support@flamevault.app.
We use industry-standard security practices: HTTPS everywhere, hashed passwords, row-level security on the database (users can only access their own data), and access-controlled photo storage. No system is perfectly secure, but we take it seriously.
FlameVault is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we will delete it.
If we make material changes, we will update the date at the top of this page and notify you by email if the changes significantly affect how we handle your data.
Questions about this policy: support@flamevault.app
FlameVault is operated from Virginia, United States.