Privacy Policy — Flamepossible

Introduction and Scope

This Privacy Policy explains how Flamepossible(“we”, “us”) collects, uses, shares, and protects personal information when you visit flamepossible.com or use our software products, including Docopen and Foldr (the “Services”). It applies to individuals in the European Economic Area (EEA), the United Kingdom, California and other US states with comprehensive privacy laws, and elsewhere in the world.

Data Controller and Business Identity

For the purposes of the EU and UK General Data Protection Regulation (“GDPR”), the controller of your personal information is an independent developer based in the Republic of Korea. For the purposes of the California Consumer Privacy Act and California Privacy Rights Act (“CCPA/CPRA”), Flamepossibleis the “business” that determines the purposes and means of processing.

Because Flamepossible is currently operated by a single individual, we have not appointed a formal Data Protection Officer. You may contact the developer directly for any privacy-related request at flamepossible26@gmail.com.

Information We Collect

Information you provide

When you contact us by email, we receive your email address, the contents of your message, and any attachments you choose to share. The Services do not currently require a user account. If, in the future, account features are introduced, additional information you provide at that point (for example a display name) will become subject to this Policy.

Purchase information processed by Paddle

Purchases are processed by Paddle.com Market Limited as our Merchant of Record. Paddle collects your name, email address, billing address, payment method, IP address, and tax identifiers as necessary to complete the transaction and to comply with its own anti-fraud and tax obligations. Flamepossible receives only transaction metadata from Paddle (such as a Paddle order ID, product, amount, currency, country, and the email used at checkout) for the purposes of delivering the purchased entitlement, providing customer support, and maintaining accounting records. Paddle’s own privacy notice is available at paddle.com/legal/privacy.

Application data

Docopen processes documents directly on your Android device; document contents are not transmitted to Flamepossible servers. The free version uses third-party advertising SDKs that may collect device identifiers, approximate location, and limited usage data as described in their own privacy policies.

Foldr processes video files on your local computer. File contents never leave your device through Foldr. For licence validation and update checks, the application may send a minimal request to our servers containing an obfuscated installation identifier, your operating system version, and the application version. We do not associate this data with the contents of your files.

Website usage information

When you visit flamepossible.com, our hosting provider receives standard server-log information including your IP address, user-agent string, referring page, and the date and time of the request. We retain these logs for up to thirty (30) days for security, diagnostics, and abuse-prevention purposes. We do not currently operate third-party analytics on flamepossible.com; if we introduce analytics in the future, this Policy will be updated and, where required by law, your consent will be requested.

Cookies and Similar Technologies

flamepossible.com uses only strictly necessary cookies and similar storage required for the site to function (for example to remember that you have dismissed a notice). We do not use advertising or analytics cookies on flamepossible.com at this time. When you complete a purchase, Paddle may set its own cookies in connection with the checkout flow, as described in its privacy notice.

How We Use Information

to provide, maintain, and improve the Services;
to process purchases and deliver entitlements via Paddle;
to respond to your support requests and other communications;
to detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
to keep accounting and tax records as required by applicable law;
to comply with legal obligations and respond to lawful requests.

Legal Bases for Processing (GDPR)

Performance of a contract (Art. 6(1)(b)) — to deliver the Services and the entitlements you purchase.
Legitimate interests (Art. 6(1)(f)) — to keep the Services secure, to prevent fraud, to improve our products, and to communicate with you about your enquiries. You may object to processing on this basis at any time.
Consent (Art. 6(1)(a)) — where you have given consent for a specific purpose, such as future optional analytics or marketing. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)) — to retain transaction records under tax and commercial law.

We share personal information only with the following categories of recipients, and only to the extent necessary for the purposes described above:

Paddle.com Market Limited — our Merchant of Record for payment processing, billing, fraud prevention, and tax compliance;
Google LLC — for distribution of Docopen on Google Play and for the advertising SDK used in the free version;
Apple Inc. — for notarisation and distribution of macOS builds of Foldr, where applicable;
Vercel Inc. — for hosting flamepossible.com;
Legal authorities and other third parties— when we are required to do so by law, court order, or other valid legal process, or to protect rights, safety, or property.

We do not sell or share your personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. In the past twelve months, we have not sold personal information.

International Data Transfers

Flamepossibleis based in the Republic of Korea, and our service providers operate internationally. Where personal information is transferred from the EEA, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we (or our processors) rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards. Paddle and Google maintain their own transfer mechanisms documented in their respective privacy notices.

Data Retention

Transaction records are retained for five (5) years from the year of purchase, in accordance with applicable commercial and tax legislation.
Support correspondence is retained for up to twenty-four (24) months after the matter is resolved.
Server logs are retained for up to thirty (30) days.
Any future account information will be retained for as long as the account is active and for a reasonable wind-down period after closure.

After the retention period ends, we delete or irreversibly anonymise the information, unless we are required to keep it for longer by law.

Subject to the conditions set out in applicable data-protection law, you have the right to: (a) access your personal information; (b) correct inaccurate or incomplete information; (c) request erasure; (d) restrict or object to processing; (e) data portability; (f) withdraw consent where processing is based on consent; and (g) lodge a complaint with your local supervisory authority.

Your Rights — CCPA / CPRA (California Residents)

If you are a California resident, you have the right to: (a) know what categories and specific pieces of personal information we have collected, used, disclosed, and shared about you; (b) request deletion; (c) request correction; (d) opt out of the sale or sharing of personal information (we do not sell or share); (e) limit the use and disclosure of sensitive personal information (we do not use sensitive personal information for purposes that would trigger this right); and (f) not receive discriminatory treatment for exercising your rights. You may designate an authorised agent to make a request on your behalf, subject to verification.

How to Exercise Your Rights

To exercise any of the rights above, please email flamepossible26@gmail.com with sufficient information for us to verify your identity (for example, the email address used at purchase and a Paddle order ID). We will respond to verifiable requests without undue delay and in any event within thirty (30) days for GDPR requests and forty-five (45) days for CCPA/CPRA requests, with one possible extension as permitted by law.

Children’s Privacy

The Services are not directed to children under the age of sixteen (16). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact flamepossible26@gmail.com and we will delete the information.

Security

We protect personal information using reasonable technical and organisational measures, including encryption in transit (TLS 1.2+), access controls, and the use of established service providers. Paddle maintains PCI-DSS Level 1 certification for payment processing, and Flamepossible does not store full payment-card data on its own servers. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Third-Party Links

flamepossible.com and our applications may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties; please review their privacy notices before providing information.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when the latest revision took effect. Material changes will be notified through the Services, by email where we have your address, or by a prominent notice on flamepossible.com.

Contact and Complaints

For any privacy-related question or complaint, please email flamepossible26@gmail.com. You also have the right to lodge a complaint with your local data-protection authority. In the United Kingdom, this is the Information Commissioner’s Office (ICO); in California, the California Privacy Protection Agency (CPPA); and in other jurisdictions, the supervisory authority designated by your local law.