Privacy Policy

Account Information

• Email address (required for account creation)
• Name (if provided)
• Authentication data (hashed passwords, OAuth tokens for Google sign-in)

Subscription & Payment Data

• Subscription tier and billing cycle
• Payment information is processed securely by Square — we never store your full credit card number, CVV, or other sensitive payment details on our servers.
• Square customer ID and subscription ID for managing your account

Usage Data

• Scan history and scan logs (barcodes scanned, timestamps)
• Product lookup results and saved records
• Trigger configurations and batch data
• App settings and preferences

Amazon Seller Data (SP-API)

• If you connect your Amazon Seller Central account, we access inventory, pricing, and gating data through Amazon's SP-API. This data is used solely to provide Service functionality and is not shared with third parties.

Device & Technical Data

• Browser type and version
• Device type (mobile, desktop)
• IP address (for security and abuse prevention)

• Provide, maintain, and improve the Service
• Process subscriptions and payments
• Sync your data across devices (scan history, triggers, batches, settings)
• Enforce scan limits and subscription tier restrictions
• Send transactional emails (account verification, password resets, billing receipts)
• Respond to support requests
• Detect and prevent fraud or abuse

Your data is stored securely using industry-standard practices:

• Database: All user data is stored in Supabase (hosted on AWS) with row-level security (RLS) policies ensuring users can only access their own data.
• Authentication: Passwords are hashed using bcrypt. We support OAuth (Google) and magic link authentication through Supabase Auth.
• Payments: All payment processing is handled by Square. Card data is tokenized client-side using Square's Web Payments SDK — sensitive payment information never touches our servers.
• Encryption: All data in transit is encrypted via TLS/HTTPS. Data at rest is encrypted by our infrastructure providers.
• Access Control: API endpoints are protected by authentication middleware. Database access is restricted by row-level security policies.

We do not sell, rent, or trade your personal information. We share data only with:

• Supabase: Database hosting and authentication (data processor)
• Square: Payment processing
• Keepa: Product data lookups (only barcode/ASIN data is sent — no personal information)
• Amazon SP-API: Only when you explicitly connect your Seller Central account
• Vercel: Application hosting

We may disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.

• Account data is retained for as long as your account is active.
• Scan logs and usage data are retained for up to 12 months after your last activity.
• Upon account deletion, all personal data is permanently removed within 30 days.
• Payment records may be retained as required by financial regulations.

You have the right to:

• Access your personal data stored by the Service
• Correct inaccurate or incomplete data
• Delete your account and all associated data
• Export your data in a portable format
• Disconnect third-party integrations (Amazon SP-API) at any time

To exercise any of these rights, contact us at info@flipenginex.com.