diff --git a/backend/src/app/config.clj b/backend/src/app/config.clj
index 6e9f31b313..1d3dac9a50 100644
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@@ -228,19 +228,9 @@
     [:objects-storage-s3-endpoint {:optional true} ::sm/uri]
     [:objects-storage-s3-io-threads {:optional true} ::sm/int]]))
 
-(def default-flags
-  [:enable-backend-api-doc
-   :enable-backend-openapi-doc
-   :enable-backend-worker
-   :enable-secure-session-cookies
-   :enable-email-verification
-   :enable-v2-migration])
-
 (defn- parse-flags
   [config]
-  (flags/parse flags/default
-               default-flags
-               (:flags config)))
+  (flags/parse flags/default (:flags config)))
 
 (defn read-env
   [prefix]
diff --git a/common/src/app/common/features.cljc b/common/src/app/common/features.cljc
index 0ced5b1d8f..8389f8be66 100644
--- a/common/src/app/common/features.cljc
+++ b/common/src/app/common/features.cljc
@@ -141,7 +141,7 @@
   (keep flag->feature))
 
 (defn get-enabled-features
-  "Get the globally enabled fratures set."
+  "Get the globally enabled features set."
   [flags]
   (into default-features xf-flag-to-feature flags))
 
diff --git a/common/src/app/common/flags.cljc b/common/src/app/common/flags.cljc
index 791be1f529..cba12a9cde 100644
--- a/common/src/app/common/flags.cljc
+++ b/common/src/app/common/flags.cljc
@@ -7,13 +7,145 @@
 (ns app.common.flags
   "Flags parsing algorithm."
   (:require
+   [clojure.set :as set]
    [cuerdas.core :as str]))
 
+(def login
+  "Flags related to login features"
+  #{;; Allows registration with login / password
+    ;; if disabled, it's still possible to register/login with providers
+    :registration
+    ;; Redundant flag. TODO: remove it
+    :login
+    ;; enables the section of Access Tokens on profile.
+    :access-tokens
+    ;; Uses email and password as credentials.
+    :login-with-password
+    ;; Uses Github authentication as credentials.
+    :login-with-github
+    ;; Uses GitLab authentication as credentials.
+    :login-with-gitlab
+    ;; Uses Google/Gmail authentication as credentials.
+    :login-with-google
+    ;; Uses LDAP authentication as credentials.
+    :login-with-ldap
+    ;; Uses any generic authentication provider that implements OIDC protocol as credentials.
+    :login-with-oidc
+    ;; Allows registration with Open ID
+    :oidc-registration
+    ;; This logs to console the invitation tokens. It's useful in case the SMTP is not configured.
+    :log-invitation-tokens})
+
+(def email
+  "Flags related to email features"
+  #{;; Uses the domains in whitelist as the only allowed domains to register in the application.
+    ;; Used with PENPOT_REGISTRATION_DOMAIN_WHITELIST
+    :email-whitelist
+    ;; Prevents the domains in blacklist to register in the application.
+    ;; Used with PENPOT_REGISTRATION_DOMAIN_BLACKLIST
+    :email-blacklist
+    ;; Skips the email verification process. Not recommended for production environments.
+    :email-verification
+    ;; Only used if SMTP is disabled. Logs the emails into the console.
+    :log-emails
+    ;; Enable it to configure email settings.
+    :smtp
+    ;; Enables the debug mode of the SMTP library.
+    :smtp-debug})
+
+(def varia
+  "Rest of the flags"
+  #{:audit-log
+    :audit-log-archive
+    :audit-log-gc
+    :auto-file-snapshot
+    ;; enables the `/api/doc` endpoint that lists all the rpc methods available.
+    :backend-api-doc
+    ;; TODO: remove it and use only `backend-api-doc` flag
+    :backend-openapi-doc
+    ;; Disable it to start the RPC without the worker.
+    :backend-worker
+    ;; Only for development
+    :component-thumbnails
+    ;; enables the default cors configuration that allows all domains (currently this configuration is only used for development).
+    :cors
+    ;; Enables the templates dialog on Penpot dashboard.
+    :dashboard-templates-section
+    ;; disabled by default. When enabled, Penpot create demo users with a 7 days expiration.
+    :demo-users
+    ;; disabled by default. When enabled, it displays a warning that this is a test instance and data will be deleted periodically.
+    :demo-warning
+    ;; Activates the schema validation during update file.
+    :file-schema-validation
+    ;; Reports the schema validation errors internally.
+    :soft-file-schema-validation
+    ;; Activates the referential integrity validation during update file; related to components-v2.
+    :file-validation
+    ;; Reports the referential integrity validation errors internally.
+    :soft-file-validation
+    ;; TODO: deprecate this flag and consolidate the code
+    :frontend-svgo
+    ;; TODO: deprecate this flag and consolidate the code
+    :exporter-svgo
+    ;; TODO: deprecate this flag and consolidate the code
+    :backend-svgo
+    ;; If enabled, it makes the Google Fonts available.
+    :google-fonts-provider
+    ;; Only for development.
+    :nrepl-server
+    ;; Interactive repl. Only for development.
+    :urepl-server
+    ;; Programatic access to the runtime, used in administrative tasks.
+    ;; It's mandatory to enable it to use the `manage.py` script.
+    :prepl-server
+    ;; Shows the onboarding modals right after registration.
+    :onboarding
+    :quotes
+    :soft-quotes
+    ;; Concurrency limit.
+    :rpc-climit
+    ;; Rate limit.
+    :rpc-rlimit
+    ;; Soft rate limit.
+    :soft-rpc-rlimit
+    ;; Disable it if you want to serve Penpot under a different domain than `http://localhost` without HTTPS.
+    :secure-session-cookies
+    ;; If `cors` enabled, this is ignored.
+    :strict-session-cookies
+    :telemetry
+    :terms-and-privacy-checkbox
+    ;; Only for developtment.
+    :tiered-file-data-storage
+    :transit-readable-response
+    :user-feedback
+    ;; TODO: remove this flag.
+    :v2-migration
+    :webhooks
+    ;; TODO: deprecate this flag and consolidate the code
+    :export-file-v3
+    :render-wasm-dpr
+    :hide-release-modal})
+
+(def all-flags
+  (set/union email login varia))
+
 (def default
-  "A common flags that affects both: backend and frontend."
+  "Flags with default configuration"
   [:enable-registration
+   :enable-login-with-password
    :enable-export-file-v3
-   :enable-login-with-password])
+   :enable-frontend-svgo
+   :enable-exporter-svgo
+   :enable-backend-svgo
+   :enable-backend-api-doc
+   :enable-backend-openapi-doc
+   :enable-backend-worker
+   :enable-secure-session-cookies
+   :enable-email-verification
+   :enable-onboarding
+   :enable-dashboard-templates-section
+   :enable-google-fonts-provider
+   :enable-component-thumbnails])
 
 (defn parse
   [& flags]
diff --git a/frontend/src/app/config.cljs b/frontend/src/app/config.cljs
index 3a268027ed..11ff04b2d9 100644
--- a/frontend/src/app/config.cljs
+++ b/frontend/src/app/config.cljs
@@ -63,17 +63,11 @@
     :browser
     :webworker))
 
-(def default-flags
-  [:enable-onboarding
-   :enable-dashboard-templates-section
-   :enable-google-fonts-provider
-   :enable-component-thumbnails])
-
 (defn- parse-flags
   [global]
   (let [flags (obj/get global "penpotFlags" "")
         flags (sequence (map keyword) (str/words flags))]
-    (flags/parse flags/default default-flags flags)))
+    (flags/parse flags/default flags)))
 
 (defn- parse-version
   [global]