Back to home

Cookie & Privacy Policy

Last updated: 2026-04-15

1. Why this policy exists

This policy explains what data we collect, why we collect it, how long we keep it, and how we use it to improve product decisions and future advertising spend. We aim to be explicit so users can make informed choices.

2. Data controller and contact

Controller: Flipo5. For privacy requests (access, deletion, objection, export), contact us through the support channel listed in the app/site.

3. What we collect

  • Account data: email, authentication identifiers, profile fields you submit.
  • Usage data: pages/screens visited, feature interactions, session timing, errors.
  • Generation data: prompts, uploaded files, generated outputs, job metadata.
  • Device/network data: IP-derived security signals, browser type, OS, language, region.
  • Commercial data: subscription/payment status and billing events (if applicable).
  • Marketing data: campaign source/medium, ad click identifiers, consent status.

4. Cookie categories and legal basis

  • Strictly necessary: auth, security, fraud prevention, load balancing. Legal basis: legitimate interest / contract necessity.
  • Analytics: traffic and behavior measurement to improve UX and conversion. Legal basis: consent where required.
  • Advertising / personalization: audience building, campaign optimization, attribution. Legal basis: consent where required.

We start from denied by default for analytics/ads consent and only enable after user acceptance.

5. Consent mode and storage duration

  • Default consent state: denied for analytics, ads, personalization.
  • User can accept or reject via the consent banner.
  • Consent choice is stored for up to 12 months, then asked again.
  • Users can change consent later from site controls (when provided) or by clearing cookies/storage.

6. Why we collect analytics and ad data

We collect measurement data to understand product-market fit, identify valuable audiences, and spend ad budget more effectively. This includes conversion funnels, retention cohorts, campaign performance, channel attribution, and high-level audience insights. We do not sell personal data as a standalone product.

7. Data sharing and processors

We use infrastructure and service providers (hosting, authentication, storage, payments, analytics, email, error monitoring). These providers process data under contract and only for the defined purposes.

8. Retention policy (high level)

  • Account and billing records: kept while account is active and as required by law.
  • Operational/security logs: retained for a limited period based on security needs.
  • Analytics and campaign data: retained as needed for trend comparison and budget optimization.
  • Consent records: up to 12 months from last choice, then refreshed.

9. International transfers

Some providers may process data outside your country. Where required, we rely on appropriate transfer safeguards (such as contractual clauses) to protect personal data.

10. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing, object, withdraw consent, and request portability. You can contact us to exercise these rights.

11. Security

We apply technical and organizational controls (access control, transport security, least privilege, monitoring). No system is 100% risk-free, but we continuously improve protections.

12. Policy changes

We may update this policy as the product and legal requirements evolve. Material updates are reflected by the date at the top of this page.