Privacy Policy

Effective date: 17 April 2026 · Last updated: 17 April 2026

UrgentFlow is a countdown timer plugin for Framer, operated as a small independent software service. This policy covers the plugin, the Portal at portal.urgentflow.rnui.dev, and the API at urgentflow.rnui.dev.

1. Who we are

"UrgentFlow", "we", and "us" refer to the operator, reachable via the feedback form. Freemius acts as merchant of record for purchases — they are the data controller for payment data.

2. What we collect

  • Google sign-in: openid, email, and profile scopes. We receive your display name, email, and profile picture. No Drive, Calendar, or Contacts access.
  • Account data: Firebase uid, email, plan, license key, license status, registered Framer sites, timer configurations, timestamps.
  • Evergreen deadline data (Pro): visitor fingerprint (non-identifying browser hash), cookie id, siteId, timerId, deadline timestamp. No IP collection for fingerprinting. Not joined across sites.
  • Billing data: processed by Freemius. We receive only license key, subscription status, and checkout email. We never see card details.
  • Server logs: IP and timestamps for security and debugging. Not joined with account data for profiling.

3. How we use it

  • Authentication and Portal access.
  • Rendering countdown timers.
  • Plan enforcement.
  • Transactional email via Freemius (billing receipts, account security).
  • Abuse detection.

We do not sell data. We do not use data to train AI models. We do not serve advertising.

4. Sub-processors

  • Google Firebase — auth, database, functions, hosting.
  • Freemius — billing, merchant of record for payments.
  • AlexHost VPS — Portal and admin dashboards, Docker, Let's Encrypt TLS.
  • Sentry — error monitoring. May include stack traces and a transient user id.

5. Cookies

Cookies are set only on portal.urgentflow.rnui.dev:

  • urgentflow_token — short-lived session.
  • urgentflow_refresh — renewal token.
  • urgentflow_uid — user id lookup.

No analytics, advertising, or third-party tracking cookies anywhere.

6. Data retention

  • Account data: kept while active, plus 90 days post-deletion.
  • Evergreen deadline records: auto-purged after the deadline expires.
  • Server logs: up to 30 days.
  • Billing records: Freemius retains per tax law (typically 7 years).

7. Your rights (GDPR / CCPA)

  • Access
  • Correction
  • Deletion ("right to be forgotten")
  • Portability
  • Object or restrict processing
  • Withdraw consent
  • Lodge a complaint with your supervisory authority

Submit a request via the feedback form. We respond within 30 days.

8. International transfers

Data is stored in the US (Firebase default) and the EU (VPS). We rely on Standard Contractual Clauses and Google's built-in safeguards.

9. Children

UrgentFlow is not directed at children under 13. Contact us to delete any child account.

10. Security

  • TLS everywhere.
  • Firebase Auth for identity.
  • Scoped service accounts.
  • Firestore least-privilege rules.

No system is perfectly secure — please report vulnerabilities via the feedback form.

11. Changes

The "Last updated" date is updated for material changes. Material changes are notified by email or Portal banner before taking effect.

12. Contact

feedback form