Last updated: 20 June 2026
This Privacy Policy explains how FlipTip AI (“FlipTip”, “we”, “us”) collects, uses, shares and protects personal data when you use our website and app at fliptip.ai (the “Service”). We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws.
The Service is operated by the FlipTip AI team, which acts as the data controller. For any data-protection matter — including questions, requests, or to obtain our full controller and contact details — reach us at [email protected].
When you sign in with Google, we receive and store your name, email address, profile picture URL and Google account identifier. We use this to create and secure your account, identify you across sessions and contact you about the Service.
We store your selected country/market, your plan, daily scan counts, onboarding status and similar settings so the Service works correctly and applies your plan limits.
When you scan an item, the image is sent to our AI providers for identification and price estimation. We do not retain the original photos on our servers after processing. On paid plans, a text summary of the result (and, in some cases, a small thumbnail) may be saved to your history for your convenience.
Subscriptions are processed by PayPal. We store your PayPal subscription identifier and plan status. We never see, receive or store your card or bank details — these are handled entirely by PayPal.
To show local marketplaces and nearby flea markets, we may (i) derive your approximate location (such as country and city) from network-level information provided by our content delivery network, Cloudflare, based on your IP address, and/or (ii) use your device’s precise location if you grant browser permission. Precise location is only used when you explicitly allow it and is not stored on our servers beyond what your browser caches locally.
Our servers and security tooling automatically process technical data such as IP address, browser type, and request timestamps for security, abuse prevention, rate-limiting and diagnostics. Error logs may temporarily contain such data.
| Purpose | Legal basis |
|---|---|
| Creating and running your account; delivering scans you request; billing | Performance of a contract (Art. 6(1)(b)) |
| Security, fraud/abuse prevention, rate-limiting, IP-based country detection | Legitimate interests (Art. 6(1)(f)) |
| Precise device location; non-essential cookies/third-party embeds | Consent (Art. 6(1)(a)) |
| Keeping records, responding to legal requests, tax/accounting | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal.
We share personal data only with service providers that help us run the Service. Each processes data on our behalf or as an independent controller for the limited purpose described below.
| Provider | Purpose | Region |
|---|---|---|
| Google (Sign-In / OAuth, Fonts, Maps) | Login, web fonts, embedded maps | USA / global |
| AI service provider(s) | Image identification and price analysis for scans | Outside the EEA / global |
| PayPal | Subscription payments | USA / EU |
| Cloudflare | Network delivery, security, approximate location from IP | Global |
| Hosting & infrastructure provider | Website & data hosting | EU / global |
We do not sell your personal data, and we do not share it with advertisers.
Some of our providers are located outside the European Economic Area, including in the United States and other countries. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, adequacy decisions where available, and the providers’ own compliance frameworks. Note on AI processing: when you scan an item, related data may be processed by AI service providers located outside the EEA. If you do not wish your data to be processed in this way, please do not use the scan feature.
Subject to applicable law, you have the right to: access your data; rectify inaccurate data; erase your data; restrict or object to processing; data portability; and withdraw consent. You also have the right not to be subject to solely automated decisions with legal or similarly significant effects — our scan results are estimates and informational only, and do not make such decisions about you.
To exercise any right, contact [email protected]. We respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.
We use a strictly necessary session cookie to keep you signed in, and (with your consent) functional storage and third-party content. For full details and to change your choices, see our Cookie Policy or use the “Cookie settings” link in the footer.
The Service is not directed to children. You must be at least 16 years old (or the minimum age of digital consent in your country) to use it. We do not knowingly collect data from children below that age; if you believe we have, contact us and we will delete it.
We use measures such as HTTPS, hardened HTTP-only secure session cookies, CSRF protection and rate-limiting to protect your data. No method of transmission or storage is completely secure, but we work to protect your information.
We may update this policy from time to time. We will update the “Last updated” date above and, for material changes, provide a more prominent notice.
For any privacy question or request, contact [email protected].