Flipo5

GDPR Compliance

Our commitment to protecting your privacy and data rights under the General Data Protection Regulation

Last updated: February 10, 2026

GDPR Compliance Statement

FLIPO5 is fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring the highest standards of data protection for all our users within the European Union and European Economic Area.

We have implemented technical and organizational measures to ensure and demonstrate that our processing activities are performed in accordance with the GDPR.

Data Controller

GSP International EOOD

North Industrial Zone

Vidin, BG 3700

Bulgaria

Email: info@flipo5.com

Contact Person: Sebastian

Your Rights Under GDPR

Right to Access

You have the right to request access to your personal data. We will provide you with a copy of your personal data in a commonly used electronic format.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when there is no compelling reason for its continued processing.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or where we are relying on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been violated.

How We Process Your Data

Legal Basis for Processing

We process personal data only when we have a legal basis:

  • Contract: Processing necessary for providing our services
  • Consent: You have given clear consent for specific purposes
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required by law

Data We Collect

  • Account information (name, email, authentication credentials)
  • Usage data (prompts, generated content, interaction history)
  • Technical data (IP address, browser type, device information)
  • Payment information (processed securely via Stripe)
  • Communication records (support tickets, emails)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. Account data is retained while your account is active. Generated content can be deleted by you at any time.

Security Measures

Technical Measures

  • End-to-end encryption (SSL/TLS)
  • Encrypted data storage
  • Regular security audits
  • Access controls and authentication
  • Automated backups

Organizational Measures

  • Staff training on data protection
  • Data processing agreements with vendors
  • Incident response procedures
  • Regular policy reviews
  • Limited access on need-to-know basis

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all third-party processors
  • Adequacy decisions where applicable

Our Data Processors

  • Vercel (US): Hosting infrastructure
  • Supabase (US): Database and authentication
  • Cloudflare (US): CDN and security
  • Stripe (US): Payment processing
  • Replicate (US): AI model processing

All processors have committed to GDPR compliance through data processing agreements.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Describe the nature of the breach and the likely consequences
  • Communicate the measures taken to address the breach

Exercise Your GDPR Rights

To exercise any of your GDPR rights, please contact us at:

Email: info@flipo5.com

We will respond to your request within 30 days

Contact UsPrivacy Policy