Legal
Privacy Policy
Effective date: June 14, 2026 · Last updated: July 4, 2026
Who we are
Flusterduck is operated by Creayo LLC. This policy explains how we handle data for the Flusterduck website, dashboard, SDK, APIs, integrations, MCP tools, and related services.
Account and business data
When you create or use a Flusterduck account, we collect the information needed to run the product: login identity, organization and site settings, member roles, API key metadata, alert rules, integration settings, support messages, and billing status.
If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store full card numbers. We may store billing identifiers, plan, subscription status, and invoice metadata needed to operate your account.
End-user telemetry
The Flusterduck SDK measures UX friction. It may send behavioral signals such as clicks, taps, scroll patterns, timing, navigation paths, viewport size, browser information, element selectors, the signal type, and customer-provided metadata. Around a detected friction moment it may also send a short trail of cursor positions (coordinates on the page and timestamps only, sampled a few times per second) so the moment can be replayed as motion; no cursor data is sent for sessions without friction. It also sends the visible label of an element a visitor interacts with (a button's text such as “Apply coupon,” a heading, or an accessible name) so an issue reads in plain language instead of a raw selector. Before any label leaves the browser, anything in it that resembles personal data (email addresses, phone numbers, payment-card numbers, or web addresses) is redacted.
When something on the page breaks, the SDK also sends technical error evidence: the message of a JavaScript error, rejected promise, or console-logged error (scrubbed in the browser of tokens, secrets, and anything resembling personal data before it is sent, capped per session), and for failed network requests the request path and HTTP status code only. Never request or response bodies, never query strings.
To attribute friction to traffic sources, the SDK also captures standard UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) from the landing URL and the hostname of an external referrer, the site a visitor arrived from. Only the referrer's origin is kept; the referring page's path and query string never leave the browser.
The SDK does not record session replay, video, screenshots, full DOM snapshots, the values typed into form fields, passwords, or keystrokes. IP addresses are hashed before storage and are never kept in raw form.
Customer-controlled metadata
Customers can call methods such as identify(), track(), and signal(). Do not send names, email addresses, phone numbers, addresses, free-form user text, or other personal data in those fields. Use opaque internal IDs when segmentation is needed.
Cookies and consent
The SDK can use a first-party session identifier to group signals. Customers may enable cookieless mode or delay initialization until consent is granted. The SDK supports consent and opt-out controls, including setConsent() and optOut().
How we use data
We use data to provide and secure the service, authenticate users, calculate confusion scores, create issues, deliver alerts, support integrations, process billing, prevent abuse, debug reliability issues, and comply with legal obligations.
Subprocessors
Flusterduck uses infrastructure and service providers including Supabase for database and edge functions, Vercel for the web application, Cloudflare for MCP and network services, Anthropic for the AI models behind diagnosis and Autofix, context.dev for fetching public page snapshots, Resend for transactional email, and Stripe for billing. These providers process data only as needed to provide their services to us. The full list, with what each provider does and exactly what data reaches them, is maintained at flusterduck.com/subprocessors.
Retention
Raw event data is retained for up to 90 days. Aggregated scores, issue history, account records, security logs, billing records, and integration records may be retained for the life of the account or longer when required for security, billing, legal, or compliance purposes. After account cancellation, product data is deleted within 30 days unless retention is legally required.
Security
Frontend product data access goes through authenticated edge functions. API keys are hashed, secret-key comparisons use timing-safe checks, webhook signatures use HMAC verification, and browser clients do not query Supabase product tables directly.
Your choices
Account owners can request export or deletion of account data by contacting support. Customers are responsible for honoring end-user privacy requests for data they send to Flusterduck, including any opaque IDs they attach through metadata.
More detail
Implementation-level privacy details live in the privacy documentation. These terms should be read together with the Terms of Service.