Privacy Policy

Flag It is a Chrome extension and web dashboard that allows product teams to collect visual feedback on web pages. Users can drop pin markers on any page, attach a screenshot and a comment, and have those submissions reviewed by a product manager in a central dashboard.

When you use Flag It, we collect the following:

• Account information — your name and email address, obtained via Google Sign-In (OAuth 2.0).
• Feedback content — the text you type when submitting feedback, the URL and path of the page you are on, and the coordinates of the pin you placed.
• Screenshots — a screenshot of the visible browser viewport at the moment feedback is submitted. The screenshot is captured locally in your browser and uploaded to secure cloud storage.
• Usage metadata — timestamps, browser-assigned session identifiers, and feedback status changes (open, in progress, resolved).

We do not collect passwords, payment information, browsing history outside of the active feedback session, or any data from pages where the extension is not explicitly activated.

The data collected is used solely to operate the Flag It service:

• Displaying submitted feedback in the PM dashboard.
• AI-assisted analysis of feedback text to suggest a priority bucket, effort estimate, and recommended action. This analysis is performed using Anthropic's Claude API; only the feedback text (not screenshots or personal identifiers) is sent for analysis.
• Allowing product managers to triage, reply to, and resolve feedback items.

We do not sell, rent, or share your data with any third party for advertising or marketing purposes.

Flag It relies on the following third-party infrastructure providers:

• Supabase (supabase.com) — database, authentication, and file storage. Data is stored on Supabase-managed infrastructure. See Supabase Privacy Policy.
• Anthropic (anthropic.com) — AI analysis of feedback text. Feedback text is sent to Anthropic's API solely for generating a summary and priority recommendation. See Anthropic Privacy Policy.
• Google — used for Sign-In (OAuth). We receive your name and email from Google upon authentication. See Google Privacy Policy.
• Vercel — hosts the Flag It web dashboard. See Vercel Privacy Policy.

Your feedback items and account information are retained for as long as your account is active or as needed to provide the service. You may request deletion of your data at any time by contacting us at the address below. Deleted data is removed from our active database and storage within 30 days.

Flag It requests the following Chrome permissions and uses them as described:

• activeTab — to read the URL and inject the pin overlay on the current tab when activated.
• storage — to store your authentication token and active website locally in Chrome, so you remain signed in.
• tabs — to detect page navigation and update the extension badge count.
• scripting — to inject the feedback overlay into the active page.
• host_permissions (<all_urls>) — required so the extension can operate on any domain you choose to activate it on. The extension only activates when you explicitly turn it on via the popup.

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent at any time by uninstalling the extension and deleting your account.

Flag It is not directed at children under 13. We do not knowingly collect personal information from children under 13.

We may update this privacy policy from time to time. We will update the "Last updated" date at the top of this page when we do. Continued use of Flag It after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or wish to exercise your data rights, contact us at:

Flag It
mukeshdes14@gmail.com