1. INTRODUCTION

This Privacy Policy describes how Flipzen and its affiliated entities (“Flipzen,” “Company,” “we,” “us,” or “our”) collect, use, disclose, store, and otherwise process Personal Data in connection with:

1. the website located at https://flipzen.com (the “Site”);

2. communications with individuals; and

3. the provision of Flipzen’s AI-powered compliance and workflow automation services (the “Services”).

This Policy is intended to meet the transparency requirements under Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.

2. IDENTITY OF THE DATA CONTROLLER

For Personal Data processed in connection with the Site and general business operations, the Data Controller is:

Flipzen
16192 Coastal Highway Lewes, Delaware 19958 County of Sussex, State of Delaware, USA
Email: support@flipzen.com

Flipzen operates through affiliated entities, including Dieder SAS (Uruguay), which may participate in operational, technical, or support functions under intra-group data protection arrangements.

3. ROLE OF FLIPZEN

Depending on context, Flipzen acts as:

3.1 Data Controller

For:

• Website visitors

• Marketing and communications

• Business contacts

• Security monitoring

3.2 Data Processor

In the context of providing the Services, Flipzen acts as a Data Processor, processing Personal Data on behalf of customers in accordance with their documented instructions and contractual data processing terms.

This Privacy Policy does not govern Personal Data processed by Flipzen strictly in its role as Processor; such processing is governed by customer agreements and applicable Data Processing Addenda.

4. CATEGORIES OF PERSONAL DATA

We may collect and process the following categories:

4.1 Identification Data

• Full name

• Email address

4.2 Professional Data

• Job title

• Company name

• Work email

4.3 Technical and Usage Data

• IP address

• Browser type and version

• Device information

• Usage patterns

• Session and interaction data

4.4 Communication Data

• Support communications

• Inquiry submissions

• Chat logs

4.5 User-Generated Content

• Comments

• Reviews

• Ratings

5. METHODS OF DATA COLLECTION

Personal data is collected through:

• Website forms

• Account authentication (Google SSO)

• Use of our services

• Communications with our support team

• Cookies, local storage, and session technologies

• Analytics and tracking tools

6. PURPOSES AND LEGAL BASES FOR PROCESSING

Flipzen processes Personal Data only where a lawful basis exists under Article 6 GDPR.

6.1 Contractual Necessity

Processing required to provide requested Services, including authentication and account management.

6.2 Legitimate Interests

Processing necessary for:

• responding to business inquiries;

• maintaining system and network security;

• preventing misuse or unauthorized access;

• internal administrative purposes.

Such interests are balanced against individuals’ rights.

6.3 Consent

Processing based on consent includes:

• analytics technologies;

• marketing communications;

• advertising technologies such as Meta Pixel.

Consent may be withdrawn at any time.

7. COOKIES AND SIMILAR TECHNOLOGIES

   7.1 Use of Tracking Technologies

Flipzen uses cookies, local storage objects, session identifiers, and comparable technologies (collectively, “Tracking Technologies”) on the Site and, where applicable, within the Services. These technologies enable the operation, security, performance monitoring, and improvement of digital environments and support communications and marketing activities.

7.2 Categories of Tracking Technologies

Tracking Technologies deployed may include:

a. Strictly Necessary Technologies required for the functioning, security, and integrity of the Site and Services, including session management and fraud prevention mechanisms;

b. Analytics Technologies, including Google Analytics, which collect information regarding user interactions, navigation behavior, session duration, and performance metrics to evaluate and improve digital properties;

c. Advertising and Marketing Technologies, including Meta Pixel, used to measure the effectiveness of campaigns, understand engagement patterns, and support marketing optimization activities.

7.3 Legal Basis

Where Tracking Technologies are not strictly necessary, processing of Personal Data derived from such technologies is based on user consent obtained through a consent management mechanism presented upon initial interaction with the Site, in accordance with GDPR and applicable ePrivacy requirements.

7.4 User Control

Users may modify or withdraw consent at any time via the consent management interface or through browser-level controls. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

8. DATA RETENTION AND STORAGE LIMITATION
   8.1 General Retention Principle

Flipzen retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, to enforce agreements, or to maintain security and integrity.

8.2 Standard Retention Period

Unless a longer retention period is required or justified under applicable law, Personal Data processed under this Policy is retained for a period not exceeding three hundred sixty-five (365) days from the date of collection or last interaction, whichever occurs later.

8.3 Extended Retention

Retention may be extended where reasonably necessary to:

comply with statutory or regulatory obligations;

establish, exercise, or defend legal claims;

investigate security incidents or misuse;

satisfy contractual or audit requirements.

8.4 Deletion and Anonymization

Upon expiry of the applicable retention period, Personal Data is securely deleted, de-identified, or irreversibly anonymized using industry-accepted data destruction methods.

9. DISCLOSURE OF PERSONAL DATA AND RECIPIENTS
   9.1 General Disclosure Principles

Flipzen does not sell Personal Data. Personal Data is disclosed only where necessary to operate the Site and Services, meet contractual obligations, ensure security, or comply with legal requirements.

9.2 Categories of Recipients

Personal Data may be disclosed to the following categories of recipients:

a. Cloud Infrastructure Providers, including Amazon Web Services (AWS) and Microsoft Azure, for hosting, storage, computing, and system availability;

b. Customer Relationship Management and Communications Providers, including HubSpot, for business communications and engagement management;

c. Authentication and Technology Service Providers, including Google, for identity management and Single Sign-On functionality;

d. Analytics Providers, including Google Analytics, for performance and usage analytics.

9.3 Safeguards

All third-party recipients are subject to contractual obligations requiring confidentiality, data protection compliance, and implementation of appropriate technical and organizational security measures.

10. INTERNATIONAL DATA TRANSFERS

    10.1 Transfer Context

Due to the global nature of Flipzen’s operations, Personal Data may be transferred to and processed in jurisdictions outside the European Economic Area (“EEA”), including the United States and Canada.

10.2 Transfer Mechanisms

Where required under GDPR Chapter V, such transfers are conducted pursuant to:

Standard Contractual Clauses adopted by the European Commission;

supplementary technical, contractual, and organizational safeguards designed to ensure an equivalent level of protection.

10.3 Risk Assessment

Flipzen evaluates transfer risks and applies proportionate safeguards consistent with regulatory guidance on international data transfers.

11. SECURITY OF PROCESSING
    11.1 Security Framework

Pursuant to Article 32 GDPR, Flipzen maintains technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

11.2 Categories of Measures

Security measures implemented may include, as appropriate:

a. encryption of data in transit through industry-standard secure communication protocols;

b. encryption or logical protection of data at rest;

c. role-based access controls, authentication controls, and least-privilege principles;

d. logging, monitoring, and system event management;

e. network segmentation and perimeter security mechanisms;

f. vulnerability management and periodic security assessments;

g. incident detection, response, and remediation procedures.

11.3 Personnel and Organizational Safeguards

Access to Personal Data is limited to personnel and authorized contractors with a legitimate business need, subject to confidentiality obligations and internal security policies.

11.4 Residual Risk

While security controls are designed to mitigate risks, no method of transmission or storage can be guaranteed to be entirely secure.

12. RIGHTS OF DATA SUBJECTS
    12.1 Scope of Rights

Subject to applicable law, individuals may exercise the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

• Right to withdraw consent (Art. 7(3) GDPR)

12.2 Exercise of Rights

Requests may be submitted to support@flipzen.com
. Flipzen may request information necessary to verify identity prior to responding.

12.3 Supervisory Authority

Individuals have the right to lodge a complaint with a competent data protection supervisory authority.

13. . AMENDMENTS TO THIS POLICY

Flipzen reserves the right to amend this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, technological developments, or operational practices. The revised version will be made available via the Site with an updated effective date. Continued use of the Site or Services following such publication constitutes acknowledgment of the revised Policy.