▌FLIPLINE

Privacy Policy

Last updated: 2026-05-13

This policy explains what data Flipline ("we") collects and what we do with it. Plain language; no legalese fluff.

What we collect

  • Account data — your email address and a bcrypt hash of your password. We never store passwords in clear text.
  • Session data — a server-side session token (hashed before storage), the IP address and User-Agent that established the session, and timestamps. Used to keep you logged in for 30 days.
  • Billing data — your PayPal subscription ID and PayPal payer ID. We do not see your credit card number or PayPal password — PayPal handles those. Card statements show "FLIPLINE" or, depending on PayPal display settings, our PayPal Business name.
  • Usage data — IMEI lookups you run (cached for 24h to avoid double-billing the Sickw API), competitor price entries you log, offers you accept or decline. This is your shop's business data.
  • Server logs — request timestamps, paths, status codes, and IP addresses. Retained for 14 days for debugging and security incident response.

What we don't do

  • We don't use third-party analytics (no Google Analytics, no Facebook Pixel).
  • We don't sell your data to anyone.
  • We don't run advertising.
  • We don't share your business data (offers, customer IMEIs) with other Flipline customers.

Third parties we send data to

  • PayPal — to bill your subscription. They get your email and payment method. Their privacy policy: paypal.com/legalhub/privacy-full.
  • Sickw — when you run an IMEI lookup, we send the IMEI to Sickw and cache the response. Their privacy policy: sickw.com/privacy.
  • Google Sheets API — read-only, to pull Atlas Mobile's wholesale pricing sheet. No customer data flows the other way.

How long we keep data

  • Account & usage data — until you ask us to delete it, or for 90 days after you cancel your subscription, whichever comes first.
  • Server logs — 14 days.
  • Billing records — 7 years (US tax retention requirement).

Your rights

Email support@flipline.app at any time to:

  • Get a copy of your data.
  • Correct anything that's wrong.
  • Delete your account and all associated data (subject to billing-record retention).

Security

Data is hosted on our infrastructure with TLS in transit, bcrypt-hashed passwords, hashed session tokens, and rotated backups. We're a small team — if you find a vulnerability, please email us privately first.

Children

Flipline is a B2B tool for licensed resale shops. We don't knowingly collect data from anyone under 18.

Changes

We'll email you about material changes to this policy at least 14 days before they take effect.