PRIVACY POLICY

Who We Are

Flarestore provides iOS developer certificate signing services, including UDID registration, a Web Signer, Certificate Checker and UDID Grabber tool. We offer several membership tiers: Basic ($3), Standard ($9), Pro ($12) and Premium ($15).

What Data We Collect

2.1 Personal Identifiers

• Name
• Email address

2.2 Device Information

• Unique Device Identifier (UDID)
• Device model
• Operating system version

2.3 Payment Data

Payment transactions are processed by Stripe. We do not store your full credit or debit card details on our servers. We may receive and retain limited payment information from Stripe, such as the last four digits of your card, card type and billing address, for record-keeping purposes.

2.4 Order Data

• Receipt and order reference numbers
• Pricing tier purchased
• Purchase date and transaction history

2.5 Usage Data

• Pages visited on our website
• Features and tools used
• Timestamps and session duration
• Referring URLs and browser type

2.6 Communications

• Support tickets and email correspondence
• Interactions through our community channels (Discord, X/Twitter, Reddit)

2.7 Cookies and Similar Technologies

• Essential cookies for session management and authentication
• Optional analytics cookies (see Section 10 below)

Legal Bases for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

Where we rely on legitimate interests, we have carried out a balancing assessment to ensure that your rights and freedoms are not overridden. You may contact us to request further details of this assessment.

How We Use Your Data

• To process orders and provide our services — including registering your device UDID with Apple's developer platform, issuing certificates and managing your account and membership tier.
• To register devices with Apple — your UDID is submitted to Apple's developer platform as a necessary part of the certificate signing process.
• To provide customer support — responding to your enquiries, troubleshooting issues and managing support tickets.
• To prevent fraud and abuse — detecting and preventing unauthorised use, misuse of our services and other harmful activities.
• To improve our services — analysing usage patterns, identifying areas for improvement and developing new features.
• To communicate service updates — notifying you of changes to our services, pricing, terms or policies that may affect you.
• To comply with legal obligations — maintaining records as required by UK tax law and other applicable legislation.

Data Sharing and Third Parties

We do not sell your personal data to any third party. We may share your data with the following categories of recipients where necessary:

5.1 Stripe

Your payment data is processed by Stripe, Inc. Stripe acts as an independent data controller for the payment information it collects. You can review Stripe's privacy policy at https://stripe.com/privacy.

5.2 Apple

As part of the UDID registration and certificate signing process, your device UDID is shared with Apple's developer platform. This is essential to the service we provide. Apple processes this data in accordance with its own privacy policy.

5.3 Hosting and Infrastructure Providers

We use third-party hosting and infrastructure services to operate our website and store data. These providers process data on our behalf under data processing agreements.

5.4 Analytics Providers

We may use analytics services to understand how our website and tools are used. Where analytics involve non-essential cookies, we will obtain your consent before any data is collected.

5.5 Law Enforcement and Legal Requirements

We may disclose your personal data if required to do so by law, regulation or legal process, or if we reasonably believe that disclosure is necessary to protect our rights, your safety or the safety of others.

Data Retention

Data Category	Retention Period
Account and order data	Duration of active membership + 3 years for tax/legal purposes
UDID data	As long as the device registration remains active on Apple's platform
Payment records	6 years from transaction date (UK tax law requirement)
Communications and support tickets	Duration of membership; deleted upon request unless legally required
Usage and analytics data	Up to 2 years, aggregated or anonymised where possible

Your Rights Under UK GDPR

• Right of access — Submit a Subject Access Request (SAR) to obtain a copy of the personal data we hold about you.
• Right to rectification — Request correction of any inaccurate or incomplete data.
• Right to erasure — Request deletion of your personal data ("right to be forgotten"). Please note that UDID registrations submitted to Apple's developer platform cannot be removed by us once registered, as this falls outside our control.
• Right to restrict processing — Request that we limit how we process your data in certain circumstances.
• Right to data portability — Request a copy of your data in a structured, commonly used and machine-readable format.
• Right to object — Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to lodge a complaint — Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed (see Section 13).

To exercise any of these rights, please contact us at [email protected]. We will respond within one month, as required by law.

International Data Transfers

Some of the third-party services we use, such as Stripe, are based in the United States or other countries outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

• Adequacy decisions issued by the UK Secretary of State
• International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved under the UK GDPR
• Additional technical and organisational measures where necessary

If you have questions about the specific safeguards applied to any transfer of your data, please contact us.

Data Security

We implement reasonable technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Secure storage with access controls
• Regular review of data collection, storage and processing practices
• Access limited to personnel who require it for legitimate business purposes

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

Cookies

• Essential cookies — Required for the website to function (session management, authentication). These do not require consent.
• Analytics cookies — Used to understand how visitors interact with our website. Only placed with your consent.

You can manage cookie preferences through your browser settings or any cookie consent mechanism provided on the website.

Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13 years of age. If we become aware that we have inadvertently collected personal data from a child under 13, we will delete that data promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. Your continued use of our website and services after changes are posted constitutes your acknowledgement of those changes.

Contact Us and Complaints

If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):