Privacy Policy

Flipio is the data controller for personal data processed through the platform.

Contact: privacy@getflipio.com

Account data: name, email, password hash, phone number, region preference, owner type.

Verification data: identity documents, driving licence, selfie, verification status.

Booking data: dates, vehicle, payment method, deposit status, platform fee status, chat messages.

Payment data: processed by Stripe — we receive transaction IDs and payment status, not full card numbers.

Technical data: IP address, browser type, device information, cookies, and usage logs.

Communications: messages sent through Flipio chat and support correspondence.

To provide and operate the marketplace (accounts, listings, bookings, payments, chat).

To verify identity and prevent fraud.

To send transactional emails (booking confirmations, payment reminders, chat notifications, pickup reminders).

To enforce our Terms, moderate content, and protect platform integrity.

To improve our services and comply with legal obligations.

We do not sell your personal data to third parties.

Contract performance: processing necessary to provide the service you requested.

Legitimate interests: fraud prevention, security, platform moderation, and service improvement.

Legal obligation: compliance with tax, anti-money-laundering, and law-enforcement requests where required.

Consent: marketing communications where applicable (you may opt out at any time).

Stripe — payment processing and Connect payouts to Hosts.

Supabase — database hosting and authentication.

Resend — transactional email delivery.

Other users — limited profile information shared after booking confirmation (e.g. first name for coordination).

Authorities — when required by law or to protect rights and safety.

All processors are bound by data processing agreements where required.

Account data is retained while your account is active and for up to 6 years after closure for legal and accounting purposes.

Booking and payment records are retained as required by tax and consumer protection law.

Chat messages may be retained for dispute resolution and moderation for up to 3 years.

Verification documents are deleted or anonymised within 90 days of account closure unless retention is legally required.

Under GDPR you may have the right to access, rectify, erase, restrict, port, and object to processing of your data.

You may withdraw consent where processing is consent-based.

You may lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus).

Requests: privacy@getflipio.com — we respond within 30 days.

We use essential cookies for authentication and session management.

Analytics cookies may be used to understand platform usage — you can control non-essential cookies in your browser settings.

We implement industry-standard security measures including encryption in transit (HTTPS), access controls, and secure password hashing.

No method of transmission over the Internet is 100% secure; you use the platform at your own risk.

Data may be processed in the EU/EEA and by subprocessors in countries with adequate protection or appropriate safeguards (Standard Contractual Clauses).

Flipio is not intended for users under 18. We do not knowingly collect data from children.

We may update this policy. The “last updated” date will change and material updates will be communicated via the platform or email.