Privacy Policy
Last Updated: March 10, 2026
1. Introduction
This Privacy Policy explains how siteflip.co ("we," "us," "our," or "Company") collects, uses, and protects your personal information. This policy applies to all users of our Platform and services. Effective Date: March 10, 2026 Data Controller: siteflip.co Contact: info@siteflip.co
2. Data We Collect
We collect the following types of information: Account Information: - Name, email address, password (hashed) - Avatar/profile picture - Payment information (processed through Stripe, not stored by us) - Stripe Connect account details (for sellers) Content You Create: - Listings (title, description, price, metrics, images) - Chat messages with other users - Offers and transaction details Technical Information: - IP address - Device type and operating system - Browser information - Cookies and usage data - Page views and interactions (via Google Analytics 4) We collect this data directly from you, through your device, and through third-party services (Stripe, Firebase, Google Analytics).
3. Analytics & Product Improvement
We use Google Analytics 4 to understand how you use the Platform and to improve our services. Events tracked: - Page views - User signups and logins - Listing creation and updates - Transaction initiations and completions - Search and filter interactions - Button clicks and user flows This data is aggregated and anonymized. Google Analytics respects your privacy by using cookies and other tracking technologies in compliance with applicable laws. You can opt out of Google Analytics by: 1. Installing the Google Analytics Opt-out Browser Add-on 2. Modifying your browser privacy settings We do not sell your analytics data to third parties.
4. Cookies
We use the following types of cookies: Session Cookies (Functional): - Required for login and authentication - Maintain your session across pages - Automatically deleted when you log out Analytics Cookies: - Used by Google Analytics to track usage - Require your consent (separate cookie banner) - Persistent (remain after logout) You can control cookies through your browser settings. Disabling functional cookies will prevent login. Disabling analytics cookies will not affect core functionality.
5. Data Processing & Storage
Data is processed and stored as follows: Database: Firebase Firestore (Google Cloud) - Location: United States (specifically, multi-region US) - Encryption: Data encrypted at rest and in transit - Backup: Automatic daily backups File Storage: Firebase Storage (Google Cloud) - Location: United States - Security: Private by default, read/write via authentication Payment Processing: Stripe (PCI-DSS Level 1 certified) - We never store full credit card numbers - Stripe handles all payment data securely - Compliance: PCI DSS, SOC 2 Type II All third-party processors are contractually bound to maintain confidentiality and security.
6. Data Retention
We retain your data as follows: While Your Account is Active: - All listings, chats, and transaction records are kept - Available in your Dashboard After Account Deletion: - Personal account information is deleted immediately - Listings are unpublished - Chat history is retained (for dispute resolution) - Transaction records kept for 7 years (legal/tax requirements) - Backups may retain data for up to 30 days before purge Inactive Accounts: - Accounts inactive for 2+ years may be archived - We will notify you before archiving You can request data deletion at any time by contacting info@siteflip.co with "Data Deletion Request."
7. GDPR Data Subject Rights
If you are in the EU or UK, you have the following rights: Right to Access: - Request a copy of your personal data - We will provide it in a structured, commonly used format within 30 days Right to Rectification: - Correct inaccurate personal data - Update your profile information at any time Right to Erasure ("Right to be Forgotten"): - Request deletion of your personal data - We will comply unless legal obligations require retention - Some data (transaction records) may be kept for tax/legal purposes Right to Data Portability: - Export your data in machine-readable format (JSON, CSV) - Transfer to another service provider Right to Restrict Processing: - Limit how we use your data - Useful if you dispute data accuracy Right to Object: - Object to marketing communications (opt-out of emails) - Object to profiling or automated decision-making To exercise any of these rights: Email info@siteflip.co with your request and "GDPR Request" in the subject line. Include: - Your full name - Email address - Specific right you're exercising - Any relevant transaction IDs We will respond within 30 days. If we need more time, we'll notify you.
8. International Data Transfers
Your data is stored and processed in the United States. If you are in the EU or UK, this constitutes an international data transfer. Legal Basis for Transfers: - Contractual Necessity: Data transfer is necessary to provide our services - Standard Contractual Clauses (SCCs): We use Google Cloud's approved SCCs - Adequacy Decision: Transfers to US are permitted under applicable law Your data receives the same level of protection under US law as EU law requires. We maintain technical and organizational safeguards.
9. Third-Party Services
We use the following third-party providers: Stripe (Payment Processing): - Collects payment method information - Privacy Policy: stripe.com/privacy Firebase (Database & Storage - Google Cloud): - Stores all user and listing data - Privacy Policy: policies.google.com/privacy Google Analytics (Analytics): - Collects anonymized usage data - Privacy Policy: policies.google.com/privacy These providers are Data Processors on our behalf. They are contractually bound to maintain your data confidentially and securely. We do not share your personal information with advertisers, brokers, or other third parties without your explicit consent.
10. Contact & Data Subject Requests
For questions about this Privacy Policy, data access requests, or GDPR inquiries: Email: info@siteflip.co Subject: "Privacy Policy Question" or "GDPR Request" We will respond within 30 days. For data protection authority complaints (EU/UK): - Contact your local Data Protection Authority - Links: edpb.europa.eu (EU) or ico.org.uk (UK)