Privacy Notice — flippay.io

Effective date: 21 Aug 2025

This Privacy Notice explains how FlipPay (“FlipPay,” “we,” “us,” “our”) collects, uses, shares, and safeguards personal data when you visit flippay.io, use our merchant products, or receive shopper rewards powered by FlipPay.

Merchant” means a brand or partner using FlipPay. “Shopper” means an end-customer who receives a reward or participates in a promotion run with FlipPay.

1) Scope

  • Website & marketing at flippay.io
  • Merchant accounts (dashboard, APIs, integrations)
  • Shopper reward experiences (post-purchase reveals, collectibles, instant-win promotions)

2) Roles

  • For merchant-provided order data, FlipPay generally acts as a processor/service provider to the Merchant.
  • For FlipPay shopper accounts, wallets, the website, and our own marketing, FlipPay is the controller/business.

A Data Processing Addendum is available at flippay.io/legal/dpa (on request if not publicly posted).

3) Data we collect

A) Merchants & partners

  • Account & billing: name, email, role, company, authentication, invoices, payment status.
  • Store & technical: store/domain, platform (e.g., Shopify), API/webhook payloads, campaign settings.
  • Support & communications: tickets, call notes, feedback.

B) Shoppers (reward recipients)

  • Order metadata: order ID, items/SKUs, value/subtotal, coupon, currency, timestamp, store ID.
  • Contact: email and/or phone (to deliver rewards and service messages).
  • Device/usage: IP, browser, cookie IDs, reward opens, collection progress.
  • Wallet: custodial wallet we create; optional self-custody wallet public address if you connect it.
  • Promotion data: eligibility/age/geo confirmations, entries, odds exposure, prize fulfillment details.
We do not collect or store full payment card numbers or CVV; those are processed by the Merchant’s payment processor.

C) Website visitors

  • Usage analytics, cookies, and similar technologies (see §10 Cookies).

4) Sources

  • Information you provide (forms, account signup, support).
  • Information Merchants provide about their orders and campaigns.
  • Automated collection (cookies, logs, SDKs).
  • Service providers supporting our operations.

5) Purposes & legal bases

  • Provide and operate the Services (contract): reward delivery, entries, fraud/abuse prevention, support.
  • Analytics & product improvement (legitimate interests/consent as required).
  • Marketing & communications (consent/opt-out; you can unsubscribe at any time).
  • Compliance (legal obligation): AMOE (“no purchase necessary”), odds disclosures, record-keeping, age/geo gating.
  • Wallet/collectibles operations (contract/consent): minting to custodial or connected wallets; some records may be public/immutable on chain.

6) Disclosures

We share personal data with:

  • Service providers (hosting, storage, analytics, messaging/SMS/email, anti-fraud, prize administration, customer support).
  • Ecommerce platforms (e.g., Shopify) according to permissions you approve.
  • Legal/compliance recipients when required by law or to protect rights, safety, and security.
  • Corporate transactions (merger, acquisition, restructuring) under continued protections.

We do not sell personal information for money. Some analytics/advertising cookies may be deemed “sale” or “sharing” under certain U.S. state laws; see Do Not Sell/Share in §10.

7) International transfers

Where data moves outside your country, we use appropriate safeguards (e.g., EU Standard Contractual Clauses for EEA/UK data).

8) Retention

  • Shopper accounts & collectibles: until account deletion or 24 months of inactivity, unless a longer period is required by law.
  • Promotion/prize records: campaign end + up to 24 months (or longer if required).
  • Merchant account & billing: contract term + up to 7 years (tax/accounting).
  • Logs/analytics: typically ≤ 12 months, then aggregated.

Note: On-chain records are public and cannot be altered. If you delete your account, we remove off-chain profile data and stop displaying associated collectibles in our UI.

9) Security

We apply industry-standard safeguards (encryption in transit, access controls, least-privilege, monitoring). No system is perfectly secure; please contact us promptly if you suspect unauthorized access.

10) Cookies & similar technologies

We use:

  • Essential cookies for security and service operation
  • Analytics to understand performance and improve the product
  • Optional advertising/remarketing where enabled

Manage preferences via Cookie Settings on flippay.io.

Do Not Sell/Share: If applicable to your jurisdiction, you may opt out of “sale”/“sharing” for targeted advertising through Cookie Settings.

11) Your choices & rights

Communications

Unsubscribe links appear in marketing emails. Transactional messages (e.g., reward/receipt notices) will still be sent when necessary.

GDPR/UK data rights

If you are in the EEA/UK, you can request access, correction, deletion, restriction, portability, or objection. Where we rely on consent, you may withdraw it at any time.

U.S. state privacy rights (e.g., CA/VA/CO/CT/UT)

You may request access, deletion, correction, and to opt out of sale/sharing/targeted advertising (via Cookie Settings). Appeal instructions will be provided if we decline a request.

How to submit a request: email privacy@flippay.io.

If we process your data on behalf of a Merchant, we may direct you to that Merchant and assist them in responding.

12) Children

FlipPay is not intended for children under 13 (or under 16 where applicable). We do not knowingly collect such data. If you believe a child has used FlipPay, contact us and we will take appropriate action.

13) Automated decision-making

FlipPay does not make decisions with legal or similarly significant effects based solely on automated processing. Reward outcomes and anti-fraud checks may be automated but do not produce such effects.

14) Changes to this Notice

We may update this Notice from time to time. The “Effective date” shows the latest version. Material changes will be notified in-product or by email.

15) Contact

Email: privacy@flippay.io

Merchant addendum (summary)

When acting as a processor/service provider, FlipPay will:

  • Process personal data solely under your documented instructions;
  • Implement appropriate security measures;
  • Assist with data subject requests and incident notifications; and
  • Flow down obligations to sub-processors.
  • See the full DPA at flippay.io/legal/dpa.

Make every checkout feel like a win

Main
HomeHome
About
Services
Blog
Pages
ContactContact
Terms & ConditionsTerms & Conditions
Privacy PolicyPrivacy Policy

© 2025 FlipPay. All Rights Reserved.