Privacy Policy

Effective Date: November 1, 2025
Last Updated: November 1, 2025

1. INTRODUCTION

FlareMark LLC ("Company," "we," "us," "our," or "Ignaria") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Ignaria service, including our website, applications, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use the Service. By using the Service, you consent to the data practices described in this Privacy Policy.

This Privacy Policy applies to information we collect through:

The Ignaria website (www.ignaria.com)
The Ignaria web application
Mobile applications (if applicable)
Email and customer support channels
Third-party integrations

2. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on data (collection, storage, use, analysis, sharing)
User: Any individual or organization accessing the Service
Research Query: A question or search request submitted by a User
Published Article: Research results made publicly available by a User
Sensitive Personal Data: Information revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or data concerning health
Cookie: A small file stored on your device to recognize you and remember preferences

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

A. Account Registration

When you create an Ignaria account, we collect:

Email address (required for authentication)
Full name (optional)
Username (required)
Avatar/Profile picture (optional)
Subscription tier selection
Billing information (see Section 3.2)

B. Research Results

When you conduct searches and research, we automatically save all research results to your history. We collect:

Query text: The questions or search terms you submit
Hermeneutical policy selected: Your chosen output format preference
Epistemic policy settings: Your preferred source authority standards
Applied filters: Century, region, date range, top-K results, neighbor expansion depth
Timestamp: When the query was submitted
Research results and AI-synthesized responses drawn from primary sources: Complete results from all searches

Automatic Storage: Every research result is automatically saved to your Research History. There is no separate "save" action — all research is stored permanently in your account until you delete it or delete your account.

C. Published Content

When you publish articles or share research, we collect:

Article title and content
Publication status (draft, published, archived)
URL slug for public sharing
Publication timestamp
Associated research query reference
Metadata (word count, themes, related sources)

D. User Preferences

Theme preference (dark/light mode)
Default policies (epistemic and hermeneutical preferences)
Communication preferences (email notifications, opt-in/opt-out)
Language preferences
Any custom settings stored in your account

E. Communication Data

When you contact support, provide feedback, or communicate with us:

Support emails and ticket contents
Feedback forms and responses
Survey responses
Customer support interactions
Email correspondence

3.2 Billing and Payment Information

A. Payment Data

When you purchase a subscription:

Stripe Customer ID
Stripe Subscription ID
Subscription tier (Explorer, Thinker, Compiler, Enterprise)
Billing period (monthly or annual)
Billing address (provided to Stripe)
Billing email
Payment method type (credit/debit card last four digits only)
Subscription status (active, canceled, past_due, trialing, incomplete)
Billing dates and renewal information
Trial period data (start/end dates for free tier users)

Important: The Company does not store complete credit card information. All payment processing is handled securely by Stripe, our PCI-DSS compliant payment processor. We only store information necessary for billing and subscription management.

B. Invoice and Transaction Data

Invoice number and date
Amount paid and currency
Transaction history
Refund records (if applicable)

3.3 Usage and Activity Data

A. Usage Metrics

We automatically track:

Daily search count: Number of searches performed each day
Research history count: Total number of research results in your account
Published articles count: Number of articles published
Subscription tenure: How long you've been a subscriber
Last login date and time
Feature usage: Which features you interact with (publishing, filtering, etc.)

B. Performance Data

Query processing time
Response latency
Number of chunks retrieved from the Corpus
Error rates and types (for debugging purposes)
AI model used for synthesizing responses from primary sources

C. Device and Access Information

When you use the Service, we may collect:

Device type (desktop, mobile, tablet)
Operating system and browser
Browser version
IP address (for security and fraud prevention)
Session duration and activity logs
Page views and navigation paths
Referral source (how you found the Service)

3.4 Automatically Collected Information

A. Cookies and Similar Technologies

We use the following types of cookies:

Cookie Type	Purpose	Retention
Session Cookies	Maintain your login session	Until browser closes
Preference Cookies	Remember your settings (theme, language)	1 year
Analytics Cookies	Understand how users interact with the Service	30 days
Stripe Cookies	Secure payment processing	Managed by Stripe

You can control cookies through your browser settings. Disabling cookies may affect functionality.

B. Log Files

Our servers automatically log:

HTTP requests and responses
Access times and URLs accessed
Error messages
Browser and OS information
Approximate location (based on IP address, not GPS)

C. Analytics

We may use analytics services to understand how the Service is used:

Page views and click patterns
Time spent on pages
Navigation flows
Conversion funnels
Search terms and queries (in aggregated form)

3.5 Information from Third Parties

A. Third-Party Service Providers

We receive information from:

Stripe: Subscription status, billing information, payment confirmations
Supabase: Authentication confirmations, session data
LLM Providers: Status of API calls, token usage, error messages

B. Third-Party Integrations

If you connect your account with third-party services, we may receive information from those services as permitted by their authorization scopes.

4. HOW WE USE YOUR INFORMATION

4.1 Providing and Improving the Service

We use your information to:

Deliver the Service: Process your research queries and provide results
Maintain accounts: Authenticate users and manage account data
Personalization: Remember your preferences, settings, and historical queries
Service improvement: Analyze usage patterns to identify improvements
Corpus enhancement: Improve search algorithms and content quality
Feature development: Create new features based on user behavior
Performance optimization: Monitor and optimize system performance

4.2 Billing and Payments

We use information for:

Subscription management: Maintain your subscription and billing records
Payment processing: Charge your payment method for subscriptions
Invoicing: Generate and send invoices
Refunds: Process refunds when applicable
Fraud detection: Prevent unauthorized charges and fraudulent activity
Tax compliance: Calculate and remit applicable taxes
Dispute resolution: Address billing inquiries and disputes

4.3 Communication

We use your email address to:

Account notifications: Confirm registrations, password resets, account changes
Billing notifications: Send invoices and payment reminders
Service updates: Notify you of important changes to the Service
Support responses: Respond to your support inquiries and feedback
Marketing communications (opt-in): Share updates, new features, and promotional offers
Legal notices: Provide Terms of Service updates and other legal notices
Compliance: Respond to legal requests and regulatory inquiries

4.4 Security and Fraud Prevention

We use information to:

Prevent abuse: Detect and prevent violations of our Terms of Service
Detect fraud: Identify fraudulent transactions or unauthorized access
Security monitoring: Monitor for security threats and vulnerabilities
Access control: Enforce usage quotas and subscription limitations
Account protection: Implement security measures to protect your account
Compliance: Respond to legal requests and law enforcement inquiries

4.5 Legal and Regulatory Compliance

We use information to:

Comply with laws: Meet regulatory requirements (GDPR, CCPA, VCDPA, etc.)
Enforce agreements: Enforce our Terms of Service and other policies
Protect rights: Protect the Company's legal rights and intellectual property
Respond to legal process: Respond to subpoenas, court orders, and government requests
Audit and record-keeping: Maintain records required by law

4.6 Aggregate and Anonymous Data

We use anonymized and aggregated data for:

Analytics and statistics: Understanding overall usage patterns
Academic research: Contributing to research about AI and search
Public reporting: Sharing anonymized insights about the Service
Benchmarking: Comparing our performance to industry standards

We ensure that such data cannot be used to identify you.

4.7 Data We Do NOT Use

Marketed advertisement targeting: We do not use your research queries or content to target you with advertisements
Third-party advertising: We do not share personal data with third-party advertisers
Data broker sales: We do not sell your personal data to data brokers or third parties
Behavioral profiling: We do not create behavioral or psychological profiles for discrimination or manipulation

5. HOW WE SHARE YOUR INFORMATION

5.1 Service Providers and Processors

We share information with third-party service providers who process data on our behalf:

Service Provider	Purpose	Data Shared	Legal Basis
Stripe	Payment processing	Email, billing address, subscription data	Contract (payment processing)
Supabase	Authentication, database	Email, user ID, profile data	Contract (infrastructure)
Grok (xAI)	LLM responses	Query text, user ID	Contract (content generation)
OpenAI	Embeddings and analysis	Query text, user ID	Contract (vectorization)
Qdrant	Vector search	Query embeddings	Contract (search infrastructure)

Each service provider is bound by Data Processing Agreements (DPAs) that require them to:

Process data only as instructed
Maintain appropriate security measures
Not use data for their own purposes
Comply with applicable data protection laws

5.2 Published Content

Content you explicitly publish through the Service is made publicly available:

Published articles are visible to any user
Public profiles (if enabled) show basic information and published articles
Search engines may index published articles
URL sharing allows anyone with the link to view published content

Your control: You can:

Archive articles to make them private
Delete articles to remove them entirely
Keep research queries private (they are never shared)
Control profile visibility in account settings

5.3 Legal Obligations

We may disclose your information when required by law:

Subpoenas and court orders: In response to legal process
Government requests: To government agencies as required by law
Law enforcement: To investigate or prevent suspected illegal activity
Safety and harm prevention: To protect the safety of individuals or the public
Violation of Terms: To enforce our Terms of Service and other policies

We will:

Comply with applicable laws (GDPR Article 6(3), CCPA, etc.)
Provide notice to you when legally permissible
Seek to minimize disclosures to the extent possible
Maintain confidentiality of legal requests to the extent permitted

5.4 Business Transfers

If the Company is involved in a merger, acquisition, bankruptcy, or asset sale:

Your information may be transferred as part of that transaction
We will provide notice of any such transfer
Substantially the same privacy practices will continue
You may have the right to opt out of such transfers

5.5 With Your Consent

We will only share your information beyond what is described above with your explicit consent:

Marketing partnerships: We will not share data with partners without your consent
Research collaborations: Any research use requires your opt-in consent
Third-party integrations: Connecting to third-party services requires your authorization
Data exports: You can authorize export of your data to third parties

5.6 Information NOT Shared

We do NOT share:

Research query details (except with LLM providers to generate responses)
Payment card information (stored only by Stripe)
Research history and results (kept private unless you publish them as articles)
Account passwords or credentials
Data with advertisers for targeting purposes
Data with data brokers
Behavioral profiles with third parties for discrimination

6. DATA RETENTION

6.1 Retention Periods

Data Type	Retention Period	Reason
Account profile	Until account deletion	Account management
Published articles	Indefinite (unless deleted)	User content ownership
Research results and history	Until account deletion	User research archive and quotas
Subscription/billing data	7 years	Tax and legal compliance
Log files	90 days	Security and debugging
Payment information	Per Stripe retention	PCI compliance
Usage metrics	24 months	Service optimization
Cookies	1 year (or session)	User preferences
Support communications	3 years	Customer service
IP logs	30 days	Security purposes

6.2 Deletion Upon Account Termination

When you delete your account:

Account profile and registration data deleted within 30 days
Research history and all research results deleted within 30 days
Published articles remain publicly available (unless you request deletion)
Subscription/billing data retained for 7 years for tax compliance
Usage logs deleted per retention schedules above

6.3 Backup Data

Information may be retained in backup systems for up to 90 days after deletion for disaster recovery purposes.

6.4 Legal Requirements

We may retain information longer if required by:

Applicable laws or regulations
Court orders or legal proceedings
Tax and financial requirements
Fraud prevention or investigation

7. YOUR PRIVACY RIGHTS AND CHOICES

7.1 Access to Your Information

You have the right to:

Access your data: Request a copy of personal information we hold about you
Portable format: Receive data in a commonly used, portable format (CSV, JSON)
Review frequency: Access your information as often as needed
No charge: Access requests are generally free

How to request: Email privacy@ignaria.com with "Data Access Request" in the subject line. We will provide data within 30 days.

7.2 Correction and Update

You have the right to:

Correct inaccurate information: Update outdated or incorrect data
Complete incomplete information: Add missing data
Straight-forward process: Make corrections directly in your account settings
Verification: We may verify changes to prevent fraud

How to correct: Log into your account and update your profile, or contact support for assistance.

7.3 Data Deletion ("Right to Be Forgotten")

You have the right to:

Delete your account: Permanently delete all account data
Remove published articles: Delete publicly shared articles (optional)
Data erasure: Request deletion of specific data types

Limitations: We cannot delete:

Information required by law (tax records, 7 years)
Backup copies for disaster recovery (up to 90 days)
Anonymized data that cannot identify you
Information needed to prevent fraud or abuse

How to delete:

Log into account settings and select "Delete Account"
Or email privacy@ignaria.com with "Account Deletion Request"
Deletion is permanent and cannot be reversed

7.4 Restrict Processing

You have the right to:

Limit data use: Restrict how we use your information (where applicable)
Suspend processing: Request suspension of data processing while you verify accuracy
Temporary restrictions: Keep data but limit our use of it

How to request: Email privacy@ignaria.com with "Restrict Processing Request."

7.5 Object to Processing

You have the right to:

Opt out of marketing: Unsubscribe from promotional emails anytime
Opt out of analytics: Disable analytics cookies in browser settings
Legitimate interests: Object to processing based on our legitimate interests (with limitations)

How to opt out:

Click "Unsubscribe" in any marketing email
Manage communication preferences in account settings
Disable cookies in your browser

7.6 Data Portability

You have the right to:

Receive data export: Get your data in a portable, machine-readable format
Transfer to another service: Use your data with competing services
Commonly used formats: Data provided in CSV, JSON, or other standard formats

How to request: Email privacy@ignaria.com with "Data Portability Request."

7.7 Right to Information and Explanation

You have the right to:

Understand processing: Know how we collect, use, and share your data
Transparent policies: Clear explanation of our data practices
AI decisions: Understand if decisions about you are made by automated systems
Human review: Request human review of automated decisions

This Privacy Policy explains our practices. Contact us for additional explanation.

7.8 Exercising Your Rights

To exercise any privacy right:

Email: privacy@ignaria.com
In writing: Send a letter to FlareMark LLC, 7210 Manatee Ave PMB 1153, Bradenton, FL 34209
Response time: We will respond within 30 days (or as required by law)
Verification: We may verify your identity before fulfilling requests
No discrimination: We will not penalize you for exercising privacy rights

8. GEOGRAPHIC-SPECIFIC RIGHTS

8.1 European Union (GDPR)

If you are in the EU or EEA, you have additional rights under the GDPR:

A. Legal Basis for Processing

We process your data based on:

Consent: You consent by agreeing to these policies
Contract: Processing is necessary to provide the Service
Legal obligation: We must comply with laws and regulations
Legitimate interests: We have a legitimate business interest (with appropriate safeguards)
Vital interests: Protecting safety and health

B. Data Transfers

Personal data may be transferred outside the EU/EEA only where:

We have implemented appropriate safeguards (Standard Contractual Clauses)
You have consented
Transfer is necessary for contract performance
Recipient country has adequacy decisions

C. Right to Lodge a Complaint

You have the right to lodge a complaint with your local Data Protection Authority:

You do not need to contact us first
Find your DPA: https://edpb.europa.eu/about-edpb/board/members_en

D. Specific GDPR Rights

Right to access (Article 15)
Right to rectification (Article 16)
Right to erasure (Article 17)
Right to restrict processing (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)
Automated decision-making rights (Article 22)
Right to withdraw consent (Article 7)

8.2 California (CCPA and CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

A. Right to Know

You may request:

Categories of personal information collected
Sources of personal information
Business purpose for collection
Categories of third parties with whom information is shared

B. Right to Delete

You may request deletion of personal information collected, subject to exceptions for:

Completing transactions you initiated
Fraud detection and prevention
Legal obligations
Internal uses reasonably aligned with expectations

C. Right to Correct

You may request correction of inaccurate personal information.

D. Right to Opt-Out

You may opt out of:

"Sale" of personal information (we do not sell data)
"Sharing" of personal information for cross-context behavioral advertising (we do not do this)
Automated decision-making that produces legal effects (N/A - we don't do this)

E. Right to Non-Discrimination

We will not discriminate against you for exercising CCPA/CPRA rights:

No denial of service
No different pricing or terms
No reduced service quality
No discouragement through penalties

F. How to Exercise Rights

Submit requests to:

Email: privacy@ignaria.com
Subject line: "CCPA Request - [Right Type]"
Response time: 45 days (may extend 45 days for complex requests)

G. Verification

We may request:

Email address associated with account
Proof of residency
Other information to verify identity

H. Authorized Agents

You may authorize an agent to submit requests on your behalf. The agent must provide:

Valid power of attorney
Signed authorization letter
Copy of your ID (to the extent permitted by law)

I. Special Categories (CPRA)

Sensitive personal information (health, race, religion, etc.) receives enhanced protection:

Limited use and disclosure
Explicit consent required
Right to limit use and disclosure

8.3 Virginia (VCDPA)

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act:

A. Rights

Right to access: Request access to personal data
Right to correct: Request correction of inaccurate data
Right to delete: Request deletion of personal data (with limited exceptions)
Right to data portability: Request data in portable format
Right to opt-out: Opt out of targeted advertising and automated decision-making

B. How to Exercise Rights

Submit requests to:

Email: privacy@ignaria.com
Response time: 45 days

C. No Discrimination

We will not discriminate against you for exercising your rights.

8.4 Other US States

For residents of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with similar privacy laws, you may have similar rights:

Access and portability
Deletion (with exceptions)
Correction
Opt-out of targeted advertising
Opt-out of automated decision-making

9. SECURITY AND DATA PROTECTION

9.1 Security Measures

We implement reasonable technical and organizational measures to protect your information:

A. Technical Controls

Encryption in transit: HTTPS/TLS for all communications
Encryption at rest: AES-256 encryption for sensitive data
Database security: Row-level security (RLS) for data isolation
Access controls: Authentication and authorization for system access
Secure APIs: OAuth 2.0 for API authentication

B. Organizational Controls

Employee access limits: Only authorized staff access personal data
Data processing agreements: Vendors bound by DPAs
Security training: Staff receive data protection training
Incident procedures: Formal protocols for security incidents
Access logging: Audit logs of data access

C. Network Security

Firewalls: Network-level protection against unauthorized access
DDoS protection: Mitigation of distributed denial-of-service attacks
Intrusion detection: Monitoring for suspicious activity
Secure infrastructure: Regular security updates and patching

9.2 Limitations

No security system is completely impenetrable. While we implement robust measures, we cannot guarantee:

Absolute prevention of unauthorized access
Protection from sophisticated cyberattacks
Zero data breaches
Invulnerability to all threats

You are responsible for:

Maintaining confidentiality of passwords and credentials
Not sharing account access with others
Using strong, unique passwords
Reporting suspicious activity

9.3 Data Breach Notification

In the event of a confirmed data breach:

Notification timeline: We will notify affected individuals promptly (as required by law)
Methods: Email notification to address on file (and/or postal mail if required)
Content: Notice will describe:
- Nature of the breach
- Data categories affected
- Likely consequences
- Measures we've taken to respond
- Mitigation steps you can take
- Contact information
Regulatory notification: We will notify regulators as required by law (e.g., EU DPA within 72 hours for GDPR)

9.4 International Transfers

Your information may be transferred to, stored in, and processed in countries outside your country of residence, which may have data protection laws that differ from your home country. By using the Service, you consent to such transfers, subject to:

Appropriate safeguards (Standard Contractual Clauses, adequacy decisions)
Compliance with applicable law
Your right to object

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small files stored on your device that websites and applications use to:

Remember you and your preferences
Track your activity
Improve user experience
Measure effectiveness

10.2 Types of Cookies We Use

Type	Purpose	Duration	Provider
Session	Maintain login and security	Browser session	Ignaria
Preference	Remember your settings (theme, language)	1 year	Ignaria
Functional	Enable features (e.g., published articles, bookmarks)	Persistent	Ignaria
Analytics	Understand usage patterns (anonymized)	30 days	Third-party analytics
Payment	Secure Stripe checkout	Session	Stripe
Third-party	Services used by Ignaria	Varies	Third parties

10.3 Cookie Control

You can control cookies through:

Browser settings: Most browsers allow you to refuse cookies or alert you before accepting
Do Not Track (DNT): Some browsers support DNT; we honor DNT requests
Cookie preferences: Some sites offer preference centers; we may implement one
Opt-out: You can opt out of analytics tracking

10.4 Third-Party Cookies

Third-party services may set cookies:

Stripe: For secure payment processing
Analytics providers: To measure Service effectiveness
CDNs: To deliver content efficiently

You can review third-party privacy policies for their cookie practices.

11. MARKETING COMMUNICATIONS

11.1 Email Communications

We may send you:

Transactional emails: Account confirmations, password resets, billing notices
Service updates: Important changes to the Service or account
Support responses: Replies to your inquiries
Marketing emails (opt-in): New features, promotions, educational content

11.2 Opt-In and Opt-Out

A. Marketing Communication Preferences

Opt-in: By default, we send only transactional and service emails
Marketing emails: We send marketing only if you opt-in
Opt-out: Click "Unsubscribe" in any marketing email to opt out
Account settings: Manage preferences in your account dashboard

B. Transactional Emails

You cannot unsubscribe from transactional and service emails, as these are necessary for account management and contractual obligations.

C. Frequency

We will not send excessive marketing emails; frequency typically ranges from:

Weekly: For active feature announcements
Monthly: For educational content and tips
As-needed: For account-specific notifications

11.3 Preference Center

You may have access to a preference center where you can:

Select communication frequency
Choose email categories to receive
Update contact information
View communication history

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

12.2 Parental Consent

If you believe a child under 18 has created an account:

We will delete such accounts upon discovery
Parents may contact us to request deletion: privacy@ignaria.com
Provide child's email and username for identification

12.3 COPPA

The Children's Online Privacy Protection Act (COPPA) is not applicable, as our Service is not directed to children under 13, and we do not knowingly collect data from children under 13.

12.4 Teen Privacy

For teens 13-17 using the Service:

Parental consent may be required in some jurisdictions
Parents may request account deletion
All privacy protections apply equally to teen users

13. THIRD-PARTY WEBSITES AND LINKS

13.1 External Links

The Service may contain links to external websites and services not operated by us:

Not responsible: We are not responsible for external sites' privacy practices
Review policies: Review third-party privacy policies before sharing data
Separate policies: External sites have separate terms and privacy policies
Cookies and tracking: Third parties may use cookies and tracking independently

13.2 Embedded Content

The Service may contain embedded content from third parties (videos, maps, etc.):

Provider tracking: Third parties may track you through embedded content
Data sharing: Loading embedded content may trigger data sharing with third parties
Disable scripts: You can disable scripts or use privacy-focused browser extensions

14. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING

14.1 AI in Our Service

The Service uses artificial intelligence and machine learning:

LLM responses: Grok and OpenAI models synthesize answers from Corpus primary sources
Semantic search: Algorithms find relevant Corpus sections
Content ranking: ML models rank search results by relevance
Personalization: Algorithms personalize your experience

14.2 Decision-Making by AI

We do NOT use AI for automated decisions that:

Significantly affect your rights (legal, financial, health, etc.)
Deny you access to the Service
Determine your subscription tier or pricing
Control your data sharing

14.3 Human Oversight

Decisions affecting your account are made by humans
AI is used to support human decision-making only
You can request human review of any decision
We maintain human accountability for AI systems

14.4 Bias and Fairness

We are committed to reducing bias in our AI:

Testing for fairness and bias
Transparency about AI limitations
Regular audits and improvement
User feedback on AI responses

14.5 Your Interaction with AI

AI responses are advisory and not guaranteed accurate
You should verify AI-synthesized responses against the cited primary sources
You can report biased or inaccurate responses
We use feedback to improve our models

15. POLICY UPDATES AND NOTIFICATIONS

15.1 Changes to Privacy Policy

We may update this Privacy Policy to:

Reflect changes to our data practices
Comply with new laws or regulations
Improve clarity and transparency
Address user feedback

15.2 Notification of Changes

When we make material changes:

Email notice: We'll email you at the address on file
In-app notice: We'll display a notice in the Service
Website notice: We'll post updated policy on the website with a new "Last Updated" date
Significant changes: For significant changes, we'll provide a 30-day notice period before they take effect

15.3 Your Consent

Your continued use of the Service after changes become effective constitutes your acceptance of the modified Privacy Policy. If you do not agree with changes, you have the right to:

Stop using the Service
Delete your account
Contact us to discuss concerns

16. CONTACT INFORMATION FOR PRIVACY MATTERS

16.1 Privacy Inquiries

For privacy-related questions, requests, or complaints:

FlareMark LLC - Privacy Contact

Email: privacy@ignaria.com
Mailing Address: FlareMark LLC, 7210 Manatee Ave PMB 1153, Bradenton, FL 34209
Response time: We aim to respond within 30 days

16.2 General Support

Support Email: support@ignaria.com
Mailing Address: FlareMark LLC, 7210 Manatee Ave PMB 1153, Bradenton, FL 34209
Feedback Form: Available in the Service under "Contact Us"

17. DISPUTE RESOLUTION FOR PRIVACY MATTERS

17.1 Informal Resolution

Before filing a formal complaint:

Contact our Privacy Team at privacy@ignaria.com (Section 16.1)
Describe your concern clearly
Allow 30 days for our response
We will attempt to resolve the issue cooperatively

17.2 Regulatory Complaints

If we cannot resolve your concern:

EU/EEA: File a complaint with your local Data Protection Authority
California: File a complaint with the California Attorney General
Virginia: File a complaint with the Virginia Attorney General
Federal (US): File a complaint with the FTC (https://reportfraud.ftc.gov)

17.3 Legal Action

You may pursue legal remedies through:

Small claims court
State or federal court (subject to jurisdiction)
See Terms of Service for dispute resolution procedures

18. SUPPLEMENTARY INFORMATION

18.1 Glossary of Terms

GDPR: General Data Protection Regulation (EU)
CCPA/CPRA: California Consumer Privacy Act / California Privacy Rights Act
DPA: Data Processing Agreement
Encryption: Converting data to unreadable code; typically AES-256
Hashing: One-way conversion of data; used for passwords
IP address: Unique identifier for your internet connection
Opt-in: Permission-based consent before processing
Opt-out: Right to decline processing after initial collection
PII: Personally Identifiable Information
RLS: Row-Level Security (database-level access control)
TLS/HTTPS: Encryption protocol for web communications

18.2 Additional Resources

19. ACKNOWLEDGMENT AND CONSENT

By using the Ignaria Service, you acknowledge:

✓ You have read and understood this Privacy Policy
✓ You consent to our data practices as described
✓ You understand your privacy rights
✓ You have had the opportunity to ask questions
✓ You can revoke consent by deleting your account

Thank you for trusting Ignaria with your data. Your privacy is important to us.

Effective Date: November 1, 2025
Last Updated: November 1, 2025

SCHEDULE A - DATA PROCESSING DETAILS (For EU/EEA Users)

Processing Activities

Activity	Category	Retention	Purpose	Legal Basis
Account creation	Email, username	Duration of use	Service provision	Contract, Consent
Authentication	Email, session tokens	Active session	Security	Contract, Legitimate Interest
Query processing	Query text, results	Until deletion	Service provision	Contract
Billing	Email, subscription data	7 years	Tax/legal compliance	Legal obligation, Contract
Analytics	Aggregated usage data	24 months	Service improvement	Legitimate Interest
Fraud prevention	IP address, behavior patterns	90 days	Security	Legitimate Interest

International Transfers

All transfers outside the EEA are covered by:

Standard Contractual Clauses (SCCs) approved by the European Commission
Your consent (where required)
Adequate safeguards as required by GDPR Article 46

Rights Under GDPR

See Section 8.1 for complete GDPR rights.

SCHEDULE B - COOKIE CONSENT DETAILS

Essential Cookies (No Consent Required)

Session cookies for authentication
Security cookies for CSRF protection
Preference cookies for basic functionality

Analytics Cookies (Consent Required)

Google Analytics or similar
Usage tracking and behavior analysis
Can be disabled without affecting functionality

Marketing Cookies (Consent Required)

Remarketing and pixel tracking (if used)
Only loaded with explicit consent

Users in the EU will see a cookie consent banner at first visit. Consent is:

Granular (accept all, reject all, or customize)
Persistent (remembered for 1 year)
Freely revocable (can change settings anytime)
Documented (we maintain consent records)

For questions about this Privacy Policy or to exercise your privacy rights, contact:

FlareMark LLC - Privacy Team
📧 privacy@ignaria.com
🏢 7210 Manatee Ave PMB 1153, Bradenton, FL 34209