Privacy Policy

1. Data Controller

The data controller for personal data processed through this website and our services is:

PGFlare Ltd
Registered in England & Wales
Email: [email protected]
Website: pgflare.com

2. What Data We Collect

Website visitors

When you visit pgflare.com we may collect:

• IP address and approximate geographic location (country/region)
• Browser type, version, and operating system
• Pages visited, referral source, and time on site
• Device type (desktop, mobile, tablet)

This data is collected in aggregate and is used solely for understanding site usage. We do not use advertising tracking or cross-site tracking cookies.

Waitlist sign-ups

When you join our waitlist, we collect:

• Email address
• Sign-up timestamp and referral source

Service enquiries and sessions

When you contact us or book a session, we may collect:

• Name and email address
• Company name and job title
• Technical details about your AWS RDS environment relevant to the service (instance type, region, PostgreSQL version)
• Session correspondence and reports

What we never collect

PGFlare connects to your database via read-only IAM access scoped exclusively to PostgreSQL performance statistics views (pg_stat_statements, pg_stat_bgwriter, pg_locks, pg_stat_user_tables). We do not access, store, or process application data, user records, or any business-sensitive content from your database.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Providing our services: Delivering Diagnostic, Remediation+, and Emergency sessions, including technical reports and follow-up communications.
• Waitlist management: Notifying you when early access is available and sending product updates (you can unsubscribe at any time).
• Service improvement: Understanding how our website is used to improve usability and performance.
• Compliance: Maintaining records required under UK GDPR, including records of processing activities and, where applicable, Data Processing Agreements.
• Legal obligations: Responding to lawful requests from regulatory authorities.

We do not use your data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under UK GDPR, we process personal data on the following legal bases:

• Contract performance (Article 6(1)(b)): Processing necessary to deliver the sessions you have engaged us for.
• Legitimate interests (Article 6(1)(f)): Website analytics and improving our service, where these interests do not override your fundamental rights.
• Consent (Article 6(1)(a)): Waitlist sign-ups and marketing communications. You may withdraw consent at any time by emailing [email protected].
• Legal obligation (Article 6(1)(c)): Retention of records required by law.

5. Data Sharing

We do not sell or rent your personal data. We may share data with the following sub-processors:

• Supabase Inc. — waitlist email storage (data stored in AWS eu-west-2, London)
• Resend Inc. — transactional email delivery (confirmation emails)
• Amazon Web Services Inc. — infrastructure hosting

All sub-processors are bound by data processing agreements and operate under appropriate transfer mechanisms where data is processed outside the UK.

We may disclose personal data to regulatory authorities, law enforcement, or courts where required by law or to protect our legal rights.

6. Retention Periods

• Waitlist email addresses: Retained until early access is offered and you have responded, or until you unsubscribe, whichever is earlier.
• Session correspondence and reports: Retained for 7 years from session completion for legal and compliance purposes.
• Website analytics: Retained in aggregate for up to 25 months before deletion.
• Enquiry emails: Retained for 2 years from last correspondence or until a service relationship is established.

7. Your Rights

Under UK GDPR you have the right to:

• Access: Request a copy of personal data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your data where there is no lawful reason for us to continue processing it.
• Restriction: Ask us to restrict processing of your data in certain circumstances.
• Portability: Receive a machine-readable copy of data you provided to us.
• Object: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any right, email [email protected] with the subject “Data Rights Request”. We will respond within 30 days (the statutory limit).

8. Cookies

This website uses minimal cookies:

• localStorage (functional): We store your waitlist join status locally in your browser using localStorage (key: pgflare_wl) to prevent duplicate sign-up prompts. This data never leaves your device.
• No advertising or third-party tracking cookies are set by pgflare.com.

Because we do not set non-essential cookies, a cookie consent banner is not required under UK PECR.

9. Security

We implement technical and organisational measures to protect your personal data, including:

• TLS 1.2+ for all data in transit
• UK data residency (AWS eu-west-2, London) by default
• Access controls limiting personal data access to authorised personnel
• Periodic review of sub-processor security practices

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33.

10. Contact & Complaints

For any privacy-related query or to exercise your rights:

Email: [email protected]
Subject line: “Privacy” or “Data Rights Request”

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Web: ico.org.uk