Privacy Policy
Effective Date: May 23, 2026
1. Introduction
LastFlare is a personal messaging and check-in application operated by Nimbus Foundry, LLC. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.
If you have questions about this policy, contact us at [email protected].
2. Information We Collect
- Account info: Email address, phone number (via Supabase Auth)
- Profile info: Display name, preferences, check-in schedule settings
- Messages and media: Text messages, photos, videos, audio recordings you create (stored encrypted)
- Recipient and guardian contacts: Names, email addresses, phone numbers of people you designate
- Device info: Push notification tokens (Firebase Cloud Messaging for Android, Apple Push Notification Service for iOS), device type, OS version
- Usage data: Check-in timestamps, app interaction logs, feature usage
- Waitlist data: Email address, referrer, UTM parameters (if you join before launch)
3. How We Use Your Information
- Provide and operate the service (store messages, manage check-ins, deliver messages per your settings)
- Send notifications via multiple channels (push notifications, SMS, email)
- Authenticate your identity and secure your account
- Process subscription payments (via Apple App Store / Google Play in-app purchases)
- Improve the service and fix bugs
- Respond to support requests
- Comply with legal obligations
4. How We Store and Protect Your Data
- Messages encrypted with AES-256-GCM at rest on our servers
- Encryption keys managed server-side — we are transparent that this is not end-to-end encryption
- Media files stored on DigitalOcean Spaces (encrypted at rest, TLS in transit)
- Database hosted on managed PostgreSQL (row-level security enabled)
- All data transmitted over TLS 1.2+
- Access controls and audit logging for internal operations
- In the event of a data breach that compromises personal information, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the incident, as required by applicable law
5. Third-Party Service Providers
We share data with the following providers only as necessary to operate the service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database | Email, hashed password, user data |
| DigitalOcean | Media storage, hosting | Encrypted media files |
| Twilio | SMS delivery | Phone numbers, message content |
| Plivo | SMS delivery (backup) | Phone numbers, message content |
| Postmark | Transactional email | Email addresses, email content |
| Firebase (Google) | Android push notifications | Device tokens, notification payload |
| Apple (APNs) | iOS push notifications | Device tokens, notification payload |
| RevenueCat | Subscription management | User ID, purchase data |
Each provider processes data under their own privacy policy.
6. SMS/Text Messaging
What we send: LastFlare sends SMS/text messages for check-in reminders, account verification, and service notifications related to your messaging and check-in schedule.
Opt-in: You opt in to receive SMS messages when you provide your phone number in the app and enable SMS-based check-in reminders. Consent is not a condition of purchase. You may use the app with push notifications only.
Message frequency: Message frequency varies based on your check-in schedule and account activity. You control the frequency by setting your own check-in intervals.
Message and data rates: Message and data rates may apply. Check with your mobile carrier for details.
Opt-out: You can opt out of SMS messages at any time by replying STOP to any message from LastFlare, or by disabling SMS notifications in your account settings. After opting out, you will receive a one-time confirmation message and no further SMS messages.
Help: Reply HELP to any message from LastFlare for assistance, or contact [email protected].
Carriers: Supported carriers include but are not limited to AT&T, Verizon, T-Mobile, and other major US carriers. Carrier participation may change without notice.
No SMS data sharing: We do not sell, rent, or share your phone number or SMS opt-in data with third parties for their marketing purposes. SMS consent and phone numbers are used solely for delivering the LastFlare service.
7. Message Delivery
- Messages are delivered to your designated recipients based on your check-in schedule and settings
- Delivered messages may be accessed by recipients via secure web links
- Once delivered, messages cannot be recalled
- We do not read or review message content except as required by law
8. Data Retention
- Account data: retained for the duration of your active account, plus 30 days following deletion
- Messages (undelivered): retained for the duration of your active subscription; deleted within 30 days of account deletion
- Messages (delivered): retained for 12 months after delivery to allow recipients to access them, then permanently deleted
- Waitlist data: deleted within 90 days of product launch unless converted to an account
9. Your Rights
- Access: Request a copy of your data
- Deletion: Delete your account and data via our data deletion page
- Correction: Update inaccurate personal information
- Portability: Export your data in a standard format
- EU residents (GDPR): Rights under Articles 15-22, including right to object and restrict processing. Contact us to exercise these rights. We will respond to verified requests within 30 days. Our legal basis for processing: consent (account creation), contract performance (service delivery), legitimate interest (service improvement).
- California residents (CCPA): Right to know, delete, and opt-out of sale. We do not sell personal information.
- Contact for rights requests: [email protected]
10. Children's Privacy
LastFlare is not intended for users under 13 years of age (or under 16 years of age in the European Economic Area). We do not knowingly collect personal data from children below these age thresholds. If we learn we have collected such data, we will delete it promptly.
11. Cookies and Local Storage
- Authentication session cookies (httpOnly, secure)
- Preview access cookie (lastflare_preview_auth — httpOnly, secure, 7-day expiration)
- We do not use third-party tracking cookies or advertising pixels
12. International Data Transfers
Data is processed and stored in the United States. By using LastFlare, you consent to data transfer to the US. For EU users: transfers are made under Standard Contractual Clauses where applicable.
13. Changes to This Policy
We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.
Last updated: May 23, 2026
14. Contact Us
Email: [email protected]
Nimbus Foundry, LLC
7345 W Sand Lake Rd, Ste 210, Office 3903, Orlando, FL 32819, United States