Privacy Policy
1. INTRODUCTION
This Privacy Policy describes how Flipzen and its affiliated entities (“Flipzen,” “Company,” “we,” “us,” or “our”) collect, use, disclose, store, and otherwise process Personal Data in connection with:
the website located at https://flipzen.com (the “Site”);
communications with individuals; and
the provision of Flipzen’s AI-powered compliance and workflow automation services (the “Services”).
This Policy is intended to comply with the transparency requirements under Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.
2. IDENTITY OF THE DATA CONTROLLER
For Personal Data processed in connection with the Site and general business operations, the Data Controller is:
Flipzen
16192 Coastal Highway Lewes, Delaware 19958 County of Sussex, State of Delaware, USA
Email: support@flipzen.com
Flipzen operates through affiliated entities, including Dieder SAS (Uruguay), which may participate in operational, technical, or support functions under intra-group data protection arrangements.
Flipzen has not appointed a Data Protection Officer, as it is not required to do so under Article 37 of the GDPR.
3. ROLE OF FLIPZEN
Depending on context, Flipzen acts as:
3.1 Data Controller
For:
Website visitors
Marketing and communications
Business contacts
Security monitoring
3.2 Data Processor
In the context of providing the Services, Flipzen acts as a Data Processor, processing Personal Data on behalf of customers in accordance with their documented instructions and contractual data processing terms.
4. CATEGORIES OF PERSONAL DATA
We may collect and process the following categories:
4.1 Identification Data
Full name
Email address
4.2 Professional Data
Job title
Company name
Work email
4.3 Technical and Usage Data
IP address
Browser type and version
Device information
Usage patterns
Session and interaction data
4.4 Communication Data
Support communications
Inquiry submissions
Chat logs
4.5 User-Generated Content
Comments
Reviews
Ratings
4.6 AI and Service Generated Data
Inputs
Outputs
Prompts
Metadata
Logs
Generated through use of the Services, processed strictly in accordance with customer instructions.
5. METHODS OF DATA COLLECTION
Personal data is collected through:
Website forms
Account authentication (Google SSO)
Use of our services
Communications with our support team
Cookies, local storage, and session technologies
Analytics and tracking tools
6. PURPOSES AND LEGAL BASES FOR PROCESSING
Flipzen processes Personal Data only where a lawful basis exists under Article 6 GDPR and applicable data protection laws. Processing is limited to what is necessary for the stated purposes and is conducted in a proportionate and transparent manner.
6.1 Contractual Necessity
Flipzen processes Personal Data where necessary to perform a contract with users or to take steps at the user's request prior to entering into a contract. This includes without limitation:
user authentication and access management;
account creation, administration and support;
delivery and operation of the requested Services;
communication related to service functionality or contractual obligations;
Failure to provide such data may prevent Flipzen from delivering the requested Services.
6.2 Legitimate Interests
Flipzen processes Personal Data where necessary for its legitimate interests, provided that such interests are not overridden by the rights and freedoms of data subjects. For each activity, Flipzen has considered the necessity of the processing and its potential impact on individuals.
responding to business inquiries;
maintaining system and network security;
preventing misuse or unauthorized access;
internal administrative purposes.
Where processing is based on legitimate interests, Flipzen applies safeguards to minimize impact on individuals and honors applicable rights, including the right to object.
6.3 Consent
Flipzen processes Personal Data based on consent where required by law. Processing activities relying on consent include:
use of non-essential analytics technologies;
marketing communications;
COOKIES AND SIMILAR TECHNOLOGIES
7.1 Use of Tracking Technologies
Flipzen uses cookies, local storage objects, session identifiers, and comparable technologies (collectively, “Tracking Technologies”) on the Site and, where applicable, within the Services. These technologies enable the operation, security, performance monitoring, and improvement of digital environments and support communications and marketing activities.
7.2 Categories of Tracking Technologies
Tracking Technologies deployed may include:
a. Strictly Necessary Technologies required for the functioning, security, and integrity of the Site and Services, including session management and fraud prevention mechanisms;
b. Analytics Technologies, including Google Analytics, which collect information regarding user interactions, navigation behavior, session duration, and performance metrics to evaluate and improve digital properties;
c. Advertising and Marketing Technologies, including Meta Pixel, used to measure the effectiveness of campaigns, understand engagement patterns, and support marketing optimization activities.
7.3 Legal Basis
Where Tracking Technologies are not strictly necessary, processing of Personal Data derived from such technologies is based on user consent obtained through a consent management mechanism presented upon initial interaction with the Site, in accordance with GDPR and applicable ePrivacy requirements.
Where Tracking Technologies are strictly necessary, processing is based on Flipzen's legitimate interests in operating and securing its digital environments.
7.4 User Control
Users may modify or withdraw consent at any time via the consent management interface or through browser-level controls. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.
DATA RETENTION AND STORAGE LIMITATION
8.1 General Retention Principle
Flipzen retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, to enforce agreements, or to maintain security and integrity.
8.2 Purpose-Based Retention
Personal Data is retained for varying periods depending on the relevant processing purpose, including for example:
Website and marketing data, such as inquiry submissions and marketing communications, retained for the duration of the engagement or until consent is withdrawn or the data is no longer required for the relevant purpose;
Account and service-related data, retained for the duration of the customer relationship and for a limited period thereafter as necessary to comply with contractual, legal, or audit obligations;
Technical, security, and log data, retained for limited periods necessary to ensure system security, detect and investigate incidents, and maintain service reliability;
Business and transactional records, retained as required under applicable accounting, tax, and corporate record-keeping laws.
8.3 Extended Retention
Retention may be extended where reasonably necessary to:
comply with statutory or regulatory obligations;
establish, exercise, or defend legal claims;
investigate security incidents or misuse;
satisfy contractual or audit requirements.
8.4 Deletion and Anonymization
Upon expiry of the applicable retention period, Personal Data is securely deleted, de-identified, or irreversibly anonymized using industry-accepted data destruction methods.
DISCLOSURE OF PERSONAL DATA AND RECIPIENTS
9.1 General Disclosure Principles
Flipzen does not sell Personal Data. Personal Data is disclosed only where necessary to operate the Site and Services, fulfill contractual obligations, ensure security, or comply with applicable legal requirements.
9.2 Categories of Recipients
Personal Data may be disclosed to the following categories of recipients:
a. Cloud Infrastructure Providers, including Amazon Web Services (AWS) and Microsoft Azure, for hosting, storage, computing, and system availability;
b. Customer Relationship Management and Communications Providers, including HubSpot, for business communications and engagement management;
c. Authentication and Technology Service Providers, including Google, for identity management and Single Sign-On functionality;
d. Analytics Providers, including Google Analytics, for performance and usage analytics.
9.3 Sub-Processor Safeguards
Where Flipzen engages sub-processors in its role as a Data Processor, such sub-processors are subject to appropriate contractual obligations, including data protection and confidentiality requirements, consistent with Article 28 of the GDPR. Customers are informed of sub-processors and any material changes in accordance with the applicable Data Processing Addenda.
INTERNATIONAL DATA TRANSFERS
10.1 Transfer Context
Due to the global nature of Flipzen’s operations, Personal Data may be transferred to and processed in jurisdictions outside the European Economic Area (“EEA”), including the United States and Canada.
10.2 Transfer Mechanisms
Where Personal Data is transferred to jurisdictions that are not subject to an adequacy decision by the European Commission, Flipzen relies on appropriate safeguards in accordance with Chapter V of the GDPR, including Standard Contractual Clauses adopted by the European Commission.
For transfers to jurisdictions recognized by the European Commission as providing an adequate level of data protection, including Canada, transfers are conducted in reliance on such adequacy decisions.
10.3 Risk Assessment
Flipzen evaluates transfer risks and applies proportionate safeguards consistent with regulatory guidance on international data transfers.
SECURITY OF PROCESSING
11.1 Security Framework
Pursuant to Article 32 GDPR, Flipzen maintains technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
11.2 Categories of Measures
Security measures implemented may include, as appropriate:
a. encryption of data in transit through industry-standard secure communication protocols;
b. encryption or logical protection of data at rest;
c. role-based access controls, authentication controls, and least-privilege principles;
d. logging, monitoring, and system event management;
e. network segmentation and perimeter security mechanisms;
f. vulnerability management and periodic security assessments;
g. incident detection, response, and remediation procedures.
11.3 Personnel and Organizational Safeguards
Access to Personal Data is limited to personnel and authorized contractors with a legitimate business need, subject to confidentiality obligations and internal security policies.
11.4 Residual Risk
While security controls are designed to mitigate risks, no method of transmission or storage can be guaranteed to be entirely secure.
RIGHTS OF DATA SUBJECTS
12.1 Scope of Rights
Subject to applicable law, individuals may exercise the following rights:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
12.2 Exercise of Rights
Requests may be submitted to support@flipzen.com
Flipzen will respond to requests in accordance with the requirements of applicable data protection law. Where the GDPR applies, Flipzen will respond without undue delay and in any event within one month of receipt of the request, subject to lawful extensions.
12.3 Supervisory Authority
If you feel that Flipzen has not been able to assist with your complaint or concern, and you are located in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority.
. AMENDMENTS TO THIS POLICY
Flipzen reserves the right to amend this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, technological developments, or operational practices. The revised version will be made available via the Site with an updated effective date. Continued use of the Site or Services following such publication constitutes acknowledgment of the revised Policy.