For Flipit Inc. (hereinafter “Flipit” or “we”), security and data privacy are of paramount importance. Our mission is to make privacy and security available to people and businesses. That’s why we use proven industry standard solutions to protect your data store in our systems, such as Secure Sockets Layer Encryption (SSL). Data we collect under the SSL protocol, is uniquely encrypted, so that the client and the server have a private communication link channel over the public Internet.
We encrypt all and every transmission containing personal data using Secure SSL and apply additional, client-side methods on the data stored in protected storages (The Secured Content)
According to the best of Flipit’s knowledge, we cannot use Your Secured Content to identify any individual. However, when using the service, creating and using your user account, you also submit some non-encrypted data, which may include personal data as well.
Your data is processed by Flipit. However, if you are a part of a business subscription, certain data is processed upon the instructions of your organization by an Administrator.
Flipit services are provided by Flipit Inc., a company registered under the laws of Nevada, USA. If you have a subscription with us as an individual user from the European Economic Area (EEA), Flipit Inc. will be the controller of your personal data under EU law.
If your account is part of a Business Subscription, or you receive a Flipit link from a user who is part of a Business Subscription, the ultimate decisions regarding your personal data will be made by the relevant organisation and/or its assigned Administrator. In such a case, your company will be considered as a controller and Flipit Inc. will act as a processor, acting upon the instructions of such organisation.
In order to send and deliver invitations upon your instructions, Flipit stores and accesses certain personal data (such as the email address, name, username and its unique URL, storage account and username of the inviter and the invited person). Please note that your email address, first
and last name are visible to others when you send them an invitation to, or if you accept an invitation.
We store access data without direct personal references, namely the visitor’s browser types, the name of your internet service provider, the website from which you have visited us, the name of the requested file, the Flipit client version you download, and internet protocol addresses.
Unless you choose to identify yourself, either by responding to a promotional offer, opening an account or filling out a web form, this data does not allow us to draw any conclusions regarding your identity. By storing and analysing such information, we are able to create in-depth analysis about our service, which is essential for improvement, security and debugging purposes.
with information about your engagement with our website and online advertisements. If you want to learn more, please read our Cookie Policy.
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only where:
It is necessary in order to provide you Flipit services, including to set up and maintain a Flipit account for you, to provide customer support and to protect the safety and security of our services
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests,
You give us consent to do so for a specific purpose or
It is needed to comply with a legal obligation.
We may process your personal data for several purposes. How we use your personal data depends on your subscription plan, on how you use the Flipit services, and your preferences you have communicated to us.
We will use your personal data, such as Registration and Account Information, for the provision and maintenance of your user account, for authentication purposes, and for providing the Flipit service to you.
We will process your Registration and Billing Information for billing purposes, i.e. to complete transactions, and send you related information, including purchase confirmations and invoices. COMMUNICATIONS
We will send you technical notices, updates, security alerts, support and administrative messages. Please be aware that you cannot opt out of receiving certain service messages from us, including necessary security alerts and legal notices.
We also send messages about how to use the services. You may change your preferences for communications at any time.
Push notifications (in-app) may be sent to your device to notify you of new folders being shared or certain events or user actions regarding the user account or the user’s data. To opt out of push notifications, please edit settings at the device level.
Our service also enables communications between you and others. In particular, sending and delivering invitations, between you and the person who invites you or whom you invited.
We are always looking for ways to make Flipit better, faster, smarter, and more secure. We use aggregated web statistics and logs about how people use our services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and improvement of our services. We also test and analyse certain new features with some users before rolling the feature out to all users.
If you are an existing customer of Flipit, based on your consent provided we may use your email address and phone number provided to us to send you marketing communications, such as providing you with information about similar Flipit products and services, unless you have opted-out.
We may also use information about you, including web statistics and logs, to personalize the content and experience you receive on our websites or in our marketing communications, as
well as by displaying Flipit ads on other companies' websites and applications, such as on platforms like Facebook and Google.
We use information about you to secure your profile, verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of our Terms of Service or Acceptable Use Policy.
Occasionally, we connect personal information to information gathered in our log files as necessary to provide better customer experience and to improve our services. In such a case, we would treat the combined information in accordance with this policy.
You may opt-out of these statistics or logs at any time by editing settings, but please note that in this case, it might be more difficult to our support team to find the problem when something goes wrong.
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
We may also process your data for any other purposes for which we obtain your consent where necessary or otherwise in accordance with the applicable law and this policy.
We will share your personal data with third parties only in accordance with this policy. We will never sell your personal data to third parties. However, we may need to share some information, including personal data, we obtain from your use of our service in the following circumstances.
Flipit Inc. may transmit personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, including to meet national security or law enforcement requirements. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud, in accordance with the applicable laws.
In certain cases, we need to share information, including personal data with our third-party service providers. We use third-party service providers for a number of services, including application development, backup, storage, payment processing, analytics and other services. We require our third-party service providers to use the personal data that we share with them solely in connection with the services they provide to us.
Information, including personal data, will be shared with a third-party when you share content using our service with a third party (e.g. through share links and collaborating). You acknowledge that once you shared all or a part of your Encrypted Content by using our service with any person who accepted your invitation, such content goes out of your control and remains accessible to the extent you granted access. Accordingly, we ask you to pay special attention with whom you share your Encrypted Content.
When content is shared with you – either by accepting, downloading, or invitation –, certain information regarding your activity, might also be disclosed to the shared party.
If your account is part of a Business Subscription, or you are an employee of the user with a Business Subscription, the relevant Administrator may be able to view certain information about your interactions with the relevant Business Subscription. Such information may include your email and activity. If you have any questions about this, please refer to the policies of the relevant Business Subscription you are member of.
We may assign or transfer this policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
From time to time, we may post testimonials on our website that may contain personal data. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected]
If you choose to use our referral service to tell a friend about our products and services, we will ask you for your friend’s name and email address. We will automatically send your friend an email inviting him or her to visit our website and will store this information for the purpose of sending this initial email, tracking the success of our referral program and other marketing activities. We will not contact him or her more than once. Your referral may contact us at [email protected] to request that we remove their information from our database.
Flipit Inc. is a company organized and existing under the laws of Nevada, USA, having certain affiliates within the territory of the USA, Europe and Asia. Therefore, Your personal data stored with us may also be transferred to countries outside of the EU. All such transfers of personal data are and will be made in accordance with applicable laws.
We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing.
We NEVER collect or store your files, encryption keys and passwords in an unencrypted or invertible form. The Encrypted Content and corresponding encryption keys can only be decrypted by you and persons with whom you explicitly share them. If you have an account that is part of a Business Subscription with recovery master key, Your Encrypted Content also may be accessed by your Recovery Administrator.
We will retain your personal data as long as it is needed to fulfil the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.
If your personal data is held by us on behalf of your company, we will retain such personal data in accordance with the terms and conditions of our data processing agreement with them, subject to applicable law.
As a registered user, you can access, edit or delete Your Secured Content. Once you delete your content on the Flipit platform for any reason, Your Secured Content will also be automatically deleted within 90 days. For technical and support reasons, we may keep your data for 60 days from the date when you deleted. Please note that after this date, Your Secured Content will be destroyed in a way that those cannot be restored and will not be available again to anyone, including you.
You may ask us to:
provide information to you about the personal data that we or our processors maintain about you,
correct inaccuracies or amend your personal data,
delete your personal data.
You can request this by send an email to [email protected]. We will respond to your request within thirty days. Please note that, we may ask you to verify your identity before complying with the request. Please bear in mind that in case of a business subscription, you might have an internal agreement with your employer that entitles the Administrator to handle your data, and in such cases you might not practice your privacy rights without the Administrator’s consent.
If you are from a country where the EU GDPR applies, you may have additional rights such as:
In certain circumstances, you may have a broader right to erasure of your personal data. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
You may have the right to request us to stop processing your personal data and/or to stop sending you marketing communications.
You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is inaccurate or unlawfully held).
In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.
If you would like to exercise such rights, please contact us at [email protected]. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may ask you to verify your identity before complying with the request.
Please note that if your account is part of a Business Subscription, we will not independently respond to your request without your organisation’s prior written consent, except where required by applicable law.
You also have the right to complain to a data protection authority or claim damages before the court. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available at www..
If you want to exercise your data privacy rights, please email us. We may ask for proof of identity.
In cases where the processing of your personal data is based on your consent, you can withdraw your consent any time by contacting us at [email protected]. If you withdraw your consent, we will no longer process your personal data for the relevant purpose. However, please note that such withdrawal of your consent does not affect the lawfulness of our processing activities based on consent before its withdrawal.
Please note that if your account is part of a Business Subscription, we will not independently respond to your request without your organisation’s prior written consent, except where required by applicable law.
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
These additional disclosures and rights for California residents apply only to individuals who reside in California beginning January 1, 2020. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
For more information on information we collect, including the sources we receive information from, review Section 2/A. We collect and use these categories of personal information for the business purposes described in sections 4 and 5. to provide and manage our Sites.
Flipit does not generally sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology
activities, we will comply with applicable law as to such activity. Flipit discloses the following categories of personal information for commercial purposes: identifiers, demographic information, commercial information, internet activity, geolocation data and inferences. We use and partner with different types of entities to assist with our daily operations and manage our Sites.
If you are a California resident, you have the right to delete the personal information we have collected from you and the right know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
The categories of personal information we have collected about you;
The categories of sources from which the personal information was collected;
The categories of personal information about you we disclosed for a business purpose or sold;
The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
The business or commercial purpose for collecting or selling the personal information; and;
The specific pieces of personal information we have collected about you.
To exercise any of these rights, please submit a request, please email us at [email protected]. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
To the extent Flipit sells your personal information as the term “sell” is defined under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by submitting a request to opt-out by emailing us at [email protected].
Please bear in mind that in case you are part of a business subscription and you have a separate agreement with your organisation, the above data might be deleted upon the approval of your organisation, by the Administrator user.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email to [email protected] and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
ADDITIONAL DISCLOSURES FOR IN THE EU and EEA
This Section 15 only applies to individuals within the European Economic Area (“EEA”). Under Europe’s General Data Protection Regulation (“GDPR”), in certain circumstances, you have the right to (a) request access to any personal data we hold about you and related information, (b) obtain without undue delay the rectification of any inaccurate personal data,
(c) request that your personal data is deleted provided the personal data is not required by us for compliance with a legal obligation under European or Member State law or for the establishment, exercise or defence of a legal claim, (d) prevent or restrict processing of your personal data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and (e) request transfer of your personal data directly to a third party where this is technically feasible.
In addition, where you believe that we have not complied with its obligation under this privacy policy or European law, you have the right to make a complaint to an EU Data Protection Authority.
If you would like to exercise any of these rights, please email us at [email protected].
We collect and use your information for business and commercial purposes in accordance with the terms of our privacy policy in effect at the time of your use. Our business and commercial purposes for collecting and using information, including in the last 12 months, include where: (a) you have provided your consent which can be withdrawn at any time; (b) the processing is necessary to facilitate your request such as for the performance of a contract to which you are a party or to perform services you have requested; (c) we are required by law,
(d) where processing is required, to protect your vital interests or those of another person; or
(e) the processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your rights and interests.
For personal data from the European Union or the EAA:
We will only transfer your personal data to trusted third-parties who provide sufficient security guarantees and who demonstrate a commitment to compliance with applicable law and this privacy policy.
We will not transfer personal data originating from the EEA to third parties located outside of the EU without ensuring adequate protection under European law.
Where transfer is to a third party is located in a country not recognized by the EU Commission as ensuring an adequate level of protection, we will take appropriate steps to refrain from such transfer unless such transfer meets any exceptions set forth in the GDPR (such as EU/US Privacy Shield).
As every high-quality service, our service is constantly improved in effort to keep users satisfied, but these improvements necessarily mean changes. Due to the ongoing changes in the law and the changing nature of technology, data practices are changing from time to time. Thus, we reserve the right to alter or modify this policy when it is necessary.
We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our website or our services constitutes your agreement to be
bound by such changes to this policy. Your only remedy, if you do not accept the terms of this policy, is to discontinue use of our website and services.
Our webpage or services may, from time to time, contain links to and from the websites or services of third parties. This policy does not extend to these external sites or companies, so please refer directly to their privacy policies.
If you have any questions, please contact us at [email protected].
We have also appointed a data protection officer, whom you can reach at [email protected]. We speak English.