Flippie

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Flippie Dashboards ("we", "us", "our") is a personal finance management application. We are committed to protecting your privacy and handling your data transparently. This policy explains what data we collect, why, and how we protect it.

2. Data Controller

Flippie Dashboards is the data controller responsible for your personal data. If you have questions about how we process your data, contact us at: hello@flippiedashboards.com.

3. Data We Collect

Account data

  • Email address (for authentication)
  • Hashed password (we never store plaintext passwords)
  • MFA enrollment data (TOTP secrets, hashed backup codes)

Financial data you provide

  • Transactions (amounts, dates, descriptions, categories)
  • Budget configurations
  • Net worth snapshots (asset and liability balances)
  • Account names and categories

Automatically collected data

  • IP address and user agent (for security audit logs and rate limiting)
  • Session metadata (login times, authentication assurance level)

4. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR) — processing your financial data is necessary to provide the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — security measures such as audit logging, rate limiting, and fraud detection protect both you and the Service.
  • Consent (Art. 6(1)(a) GDPR) — where applicable, such as optional communications. You may withdraw consent at any time.

5. How We Use Your Data

  • Provide the service — display dashboards, charts, budgets, and transaction history.
  • Authentication & security — verify identity, enforce MFA, detect suspicious activity, and rate-limit abuse.
  • Audit logging — maintain an immutable record of security-relevant events for incident response.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

6. Administrative Access

Authorized personnel at Flippie Dashboards may access user data through our database administration tools for the following purposes only:

  • Providing technical support when requested by you.
  • Investigating security incidents or suspected abuse.
  • Maintaining and improving the Service (e.g. debugging, performance monitoring).
  • Complying with legal obligations.

Administrative access is restricted, logged, and subject to the same data protection obligations described in this policy.

7. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) ensuring you can only access your own data through the application.
  • Passwords are hashed using bcrypt via Supabase Auth.
  • MFA backup codes are hashed with SHA-256 and a domain-specific salt before storage.
  • All connections use TLS/HTTPS encryption in transit.
  • Content Security Policy, HSTS, and other security headers are enforced.
  • Audit logs are protected with immutability policies (no update or delete).

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal and financial data within 30 days. Anonymized audit logs may be retained for up to 90 days for security purposes.

9. Your Rights

Under the GDPR and applicable Dutch law, you have the right to:

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your account and data.
  • Portability — export your data in a machine-readable format.
  • Restriction — request restricted processing of your data.
  • Objection — object to specific processing activities.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@flippiedashboards.com. We will respond within 30 days as required by the GDPR.

10. Cookies & Local Storage

We use essential cookies and local storage only for authentication sessions and UI preferences (such as theme selection). We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

11. Third-Party Services

We use the following third-party services to operate the Service. We have ensured appropriate data processing agreements are in place where required:

  • Supabase — authentication and database hosting.
  • Upstash — distributed rate limiting (only IP hashes are sent, no personal data).
  • Vercel — application hosting and CDN.
  • Zoho Mail — transactional email delivery (confirmation emails, password resets).

12. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

13. Children's Privacy

Flippie is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

14. Supervisory Authority

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

15. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates when the policy was last revised.

16. Contact

For privacy-related questions or requests, contact us at: hello@flippiedashboards.com