Privacy Policy

Last updated: May 2026

1. Introduction

JSON Flash ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

Account data

When you create an account we collect your name, email address, and (if you sign in via OAuth) your profile picture from the identity provider.

Billing data

Payment details are handled entirely by Paddle. We store only your Paddle customer ID and subscription status — never your card number or bank details.

Usage data

We collect anonymized usage metrics (tool type, conversion format, feature interactions) to improve the Service. We do not store the content of your JSON documents beyond the current session.

Log data

Our servers automatically record IP address, browser type, pages visited, and timestamps for security and performance monitoring.

3. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To process payments and manage your subscription.
  • To send transactional emails (receipts, account notices).
  • To detect and prevent fraud or abuse.
  • To analyze aggregated usage trends and improve features.
  • To respond to support requests sent to support@jsonflash.com.

We do not sell your personal information to third parties.

4. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We may use analytics cookies (aggregated, non-personal) to understand how the Service is used. You can disable cookies in your browser settings, but some features may not function correctly.

5. Third-Party Services

  • Paddle — payment processing. Subject to Paddle's Privacy Policy.
  • OAuth providers (Google, GitHub) — used only for authentication; we do not access your provider data beyond your name and email.
  • OpenAI — AI-powered features send your JSON content to OpenAI for processing. Do not submit sensitive personal data through AI features.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, typically 7 years).

7. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability — receive your data in a structured format.

To exercise any of these rights, email support@jsonflash.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the updated policy with a revised date. Your continued use of the Service after changes constitutes acceptance.

11. Contact

Questions or concerns about this policy? Contact us at support@jsonflash.com.