Flipstack

Privacy Policy

1. Data Controller

Flipstack operates as the data controller for personal data collected through this website and its associated domains.

2. What Data We Collect

  • Email address — when you unlock a scan report or sign up for our service
  • Website URL — the URL you submit for scanning
  • Scan results — the technical analysis of the submitted website
  • Usage data — pages visited, features used, collected via server logs
  • Payment data — processed by Stripe, we do not store card details

3. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — for email collection and marketing communications
  • Contract performance (Art. 6(1)(b)) — to deliver our scanning and optimization services
  • Legitimate interest (Art. 6(1)(f)) — for service improvement and security

4. How We Use Your Data

  • To generate and deliver your AI readiness report
  • To send product updates and optimization tips (only with your consent)
  • To process payments via Stripe
  • To improve our service and fix issues
  • To detect and prevent abuse

5. Data Sharing

We do not sell your data. We share data only with:

  • Stripe — for payment processing
  • Cloudflare — for CDN and DDoS protection
  • DigitalOcean — for hosting infrastructure

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email us at [email protected].

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Scan reports are retained for 12 months. You can request deletion at any time.

8. Cookies

We use only essential cookies required for the service to function. We do not use tracking cookies or advertising cookies.

9. Data Security

All data is encrypted in transit (TLS/HTTPS) and stored on secured infrastructure. We implement access controls, rate limiting, and regular security audits.

10. Changes to This Policy

We may update this policy. Changes will be posted on this page with an updated effective date.

Last updated: March 2026