Privacy
Policy

1. Introduction & Who We Are

FlipBooks ("we," "us," or "our") is a financial tracking and bookkeeping software product designed exclusively for individual resellers and small reselling businesses. This Privacy Policy applies to the FlipBooks website, web application, and all associated products and services (collectively, the "Service").

By using FlipBooks, you agree to the collection and use of information as described in this policy. If you do not agree to this policy, please do not use the Service.

We take privacy seriously. We are not an advertising company. We do not sell your data. Our business model is straightforward: you pay us for software, and we build good software. That's it.

2. Information We Collect

We collect information in three ways: information you give us directly, information generated automatically by your use of the Service, and information received from third-party services you connect.

Account Information:

• Name and email address provided during registration
• Password (stored as a one-way bcrypt hash — we cannot read or recover your password)
• Account preferences and settings

Financial Data:

• Bank account transaction data received via Plaid (read-only access; your credentials are never stored by us)
• Sales data from CSV files you upload (eBay, Poshmark, Mercari, Amazon, etc.)
• Manually entered transactions, including cash purchases, sourcing costs, and inventory records
• Cost of goods sold (COGS) records and item-level profit data you enter

Usage Data (collected automatically):

• Pages and features accessed within the Service
• Session duration and interaction patterns
• IP address and approximate geographic location (country/state level)
• Browser type, version, and operating system
• Referring URL and exit pages

Communications:

• Emails and messages you send to our support team
• Feedback, bug reports, and feature requests you submit
• Waitlist registration information

3. How We Use Your Information

We use the information we collect for the following purposes, and only these purposes:

• To provide the Service: calculating profit and loss, generating financial reports, reconciling 1099-K forms, and producing Schedule C exports based on the data you provide.
• To improve the Service: analyzing aggregated, anonymized usage patterns to understand which features are most valuable and how to make the product better.
• Transactional communications: sending you account-related emails such as sign-up confirmations, billing receipts, password resets, and security alerts. These emails are essential to the Service and cannot be opted out of while you have an active account.
• Product updates and early access notifications: sending you information about new features, pricing changes, and launch announcements. You can opt out of these at any time via the unsubscribe link in any email or in your account settings.
• Security and fraud prevention: detecting unauthorized account access, identifying potentially fraudulent activity, and protecting the integrity of the Service.
• Legal compliance: fulfilling our obligations under applicable law, including responding to lawful requests from government authorities and complying with tax reporting requirements.

4. Plaid & Bank Connection Data

FlipBooks uses Plaid Technologies, Inc. to enable you to securely connect your bank accounts and credit cards. Plaid is a leading financial data network trusted by millions of Americans and used by major financial applications across the United States.

• Read-only access: When you connect a bank account through Plaid, we receive read-only access to your transaction history. We cannot initiate transfers, move money, or perform any action on your account other than reading transactions.
• Credentials never stored: Your bank login credentials are entered directly into Plaid's secure interface and are never transmitted to or stored by FlipBooks. We receive only a tokenized access key and the resulting transaction data.
• Data received: We receive transaction amounts, dates, merchant names, and categories — the minimum necessary to categorize your sourcing expenses and business purchases.
• Revocation: You can disconnect your bank connection at any time from your Account Settings page. Upon disconnection, we retain the historical transaction data already imported but will not receive new data.
• Plaid's policies: Your use of Plaid's services is also governed by Plaid's Privacy Policy. We encourage you to review it.

5. Data Sharing & Third Parties

We do not sell your personal data. We do not sell your financial data. We do not share your data with advertisers. These are not negotiable positions — they are core to how we operate.

We share data only in the following limited circumstances:

• Service providers: We use a small number of trusted third-party services to operate FlipBooks. These providers are contractually bound to use your data only as necessary to provide their services to us and may not use it for their own purposes. Current providers include: Plaid (bank connectivity), Stripe (payment processing), Amazon Web Services (cloud infrastructure and data storage), and SendGrid (transactional email delivery).
• Legal requirements: We may disclose your information if required to do so by law, regulation, court order, or other governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of FlipBooks, our users, or the public.
• Business transfers: If FlipBooks is acquired by or merged with another company, your information may be transferred to the new owner. In that event, we will notify you via email and/or a prominent notice on our website prior to the transfer, and the acquiring party will be required to honor this Privacy Policy or obtain your consent to any material changes.
• With your consent: We may share information in other circumstances with your explicit prior consent.

6. Data Storage & Security

We take the security of your data seriously, particularly given the sensitive financial nature of the information you entrust to us.

• Infrastructure: All data is stored on Amazon Web Services (AWS) servers located in the United States, in data centers with industry-leading physical and network security controls.
• Encryption in transit: All data transmitted between your browser or device and our servers is encrypted using TLS 1.3, the current industry standard for transport security.
• Encryption at rest: All stored data — including your financial records, account information, and transaction history — is encrypted at rest using AES-256 encryption.
• Password security: Passwords are hashed using bcrypt with a work factor that we periodically increase. We cannot recover your password. If you forget it, we can only reset it.
• Access controls: Internal access to production data is strictly limited, logged, and subject to multi-factor authentication requirements. No employee can access your account data without a specific business justification.
• Security audits: We conduct regular internal security reviews and engage third-party security researchers to identify vulnerabilities. We have a responsible disclosure process for security researchers.
• SOC 2 compliance: We are actively working toward SOC 2 Type II certification. We will communicate our compliance status as it progresses.

No method of transmission or storage is 100% secure. While we implement industry-standard measures to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy, subject to the following:

• Active accounts: We retain all account and financial data for as long as your account is active and in good standing.
• Account deletion: When you delete your account, we will delete your personal identifying information (name, email, password hash) within 30 days. You can request deletion by emailing privacy@flipbooks.io.
• Financial records: We retain financial transaction records for seven (7) years following account closure, as required by applicable U.S. tax and financial recordkeeping regulations. These records are retained in anonymized or pseudonymized form where possible.
• Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently purged from backup storage.
• Data export: You can request a complete export of your data at any time from your Account Settings, or by emailing privacy@flipbooks.io. We will provide your data in a machine-readable format within 30 days.

8. Your Rights (CCPA & General)

Regardless of where you are located, we honor the following rights with respect to your personal information:

• Right to know: You have the right to request information about the categories and specific pieces of personal data we have collected about you, the sources of that data, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request that we delete your personal information. We will honor deletion requests subject to our legal retention obligations described above.
• Right to opt out of sale: We do not sell personal information. You therefore have no data sale to opt out of — but this right applies to you, and we confirm it is not being exercised against you by any practice of ours.
• Right to correct: You have the right to correct inaccurate personal information we hold about you. You can update most information directly in your account settings.
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights. Exercising your privacy rights will not result in different pricing, service levels, or quality of service.

To exercise any of these rights, please email privacy@flipbooks.io. We will respond to verified requests within 45 days. We may need to verify your identity before processing certain requests.

9. GDPR Rights (EU / UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

• Right of access (Article 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17): You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
• Right to restriction of processing (Article 18): You may request that we restrict processing of your data in certain circumstances.
• Right to data portability (Article 20): You may request your data in a structured, commonly used, machine-readable format.
• Right to object (Article 21): You may object to processing of your personal data where we rely on legitimate interests as our legal basis.

Legal bases for processing: We process your personal data under the following legal bases: (a) performance of the contract between us when providing the Service; (b) our legitimate interests in maintaining the security and integrity of the Service; and (c) your consent, where explicitly obtained.

To exercise your GDPR rights or to lodge a complaint, contact our Data Protection contact at privacy@flipbooks.io. You also have the right to lodge a complaint with your local supervisory authority.

10. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. Here is exactly what we use and why:

• Essential cookies: Required for the Service to function. These include session tokens (to keep you logged in), CSRF protection tokens (to prevent cross-site request forgery attacks), and user preference cookies. These cannot be disabled without breaking the Service.
• Analytics cookies: We use Google Analytics to collect anonymous, aggregated data about how users navigate the Service. This data does not identify you personally. IP addresses sent to Google Analytics are anonymized. You can opt out of Google Analytics across all sites using the Google Analytics Opt-out Browser Add-on.

What we do NOT use: We do not use advertising cookies, retargeting pixels, social media tracking pixels, or any third-party tracking technology designed to follow you across the web or build an advertising profile.

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect your ability to use certain features of the Service.

11. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any information to us.

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from or about a child under 13, please contact us immediately at privacy@flipbooks.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes — those that meaningfully affect your rights or how we handle your data — we will provide at least 30 days' advance notice via email to the address associated with your account before the changes take effect. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

If you disagree with any changes to this policy, you may close your account and request deletion of your data at any time.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out: