Privacy Policy
This Privacy Policy explains what data IndustrialFlipper collects, why we collect it, who we share it with, and the rights you have over your data. Plain English where we can. Legal terms only where the law requires them.
1. What We Collect
1.1 Account data. Your email address and a password. We never see or store your password in plaintext — it is hashed with bcrypt before it touches our database. We cannot recover your password; we can only let you reset it.
1.2 Payment data. Payment card details are entered directly into Stripe Checkout and never touch our servers. We store only the Stripe customer ID, the membership tier purchased, and the transaction timestamp — enough to deliver your membership and respond to billing questions.
1.3 Usage data. Session timestamps, the pages you visit on the Platform, and your IP address. We use this for security (detecting suspicious activity), debugging, and understanding which features are useful enough to keep building.
1.4 Email engagement. Our email service, Loops, tracks whether you opened our emails and clicked links inside them. We use this to improve what we send and to stop emailing people who clearly are not interested.
1.5 Content you create. Questions you ask the AI, deals you post in the community, and any other content you submit. We store this so the Platform works — your history, your saved collections, your community posts.
2. How We Use It
2.1 We use your data to:
- (a) Deliver the Platform and the membership you paid for;
- (b) Send transactional emails (receipts, password resets, account notifications) and marketing emails about Platform updates;
- (c) Prevent fraud, abuse, and unauthorized access — both to your account and to the Platform as a whole;
- (d) Respond to your customer support requests;
- (e) Improve the Platform based on which features are used and which are not.
2.2 We do not sell your personal data. We do not rent it. We do not share it with advertisers.
3. Third-Party Processors
3.1 We rely on a small set of third-party services to run the Platform. Each one is bound by their own privacy policy:
- Stripe — payment processing. We do not see or store your card details. stripe.com/privacy
- Loops — transactional and marketing email delivery. Loops receives your email address and tracks opens and clicks. loops.so/privacy
- Cloudflare — DDoS protection and bot mitigation. Cloudflare receives your IP address and a session-bound bot-protection cookie. cloudflare.com/privacypolicy
- Hetzner — hosting provider for the Platform itself. Hetzner sees server-level traffic only and does not have access to application data. hetzner.com/legal/privacy-policy
3.2 We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers. If we ever change this, we will update this page and notify active Members by email.
4. Cookies
4.1 We use a small number of essential cookies only:
- Authentication cookies. An HttpOnly refresh token that keeps you signed in. It cannot be read by JavaScript and is required for the Platform to work.
- Cloudflare bot-protection cookies. Used to tell humans apart from bots and to absorb traffic spikes before they reach our servers.
4.2 We do not use third-party tracking cookies and we do not run advertising pixels. Under the GDPR "strict necessity" exception, no cookie banner is required for the cookies above — but we want to be explicit about what is set and why.
5. Your Rights (GDPR)
5.1 If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your data ("right to be forgotten").
- Portability — receive your data in a machine-readable format.
- Restriction — ask us to limit how we process your data.
- Objection — object to processing for direct marketing or other legitimate-interest grounds.
6. Your Rights (CCPA)
6.1 If you are a California resident, the California Consumer Privacy Act gives you the right to:
- Know what personal information we collect and how we use it.
- Delete personal information we hold about you.
- Opt out of the sale of personal information. We do not sell personal information, so this opt-out is effectively the default — but the right is yours regardless.
7. How to Exercise Your Rights
Email Q4chris@industrialflipper.com from the address attached to your account. Tell us which right you want to exercise. We will respond within 30 days. We may ask for additional verification before acting on a request — to make sure we are not handing your data to someone impersonating you.
8. Children
The Platform is intended for adults. We do not knowingly collect personal information from anyone under 18 years of age. This matches Section 2.1 of our Terms of Service. If we learn that we have collected data from a minor, we will delete it promptly.
9. Security and Retention
9.1 Passwords are stored only as bcrypt hashes. Refresh tokens are issued as HttpOnly cookies and rotated on a regular cadence. Database backups are encrypted at rest.
9.2 We retain your account data for as long as your membership is active and for a reasonable period afterward to meet legal, accounting, or fraud-prevention requirements. If you delete your account, your personal data is removed within 30 days, except where retention is legally required.
10. Changes and Contact
10.1 If we materially change this Privacy Policy, we will notify active Members by email and update this page. The "Effective" date at the top of this document always reflects the most recent revision.
10.2 Questions, requests, or concerns:
GJ & AM Properties, LLC
IndustrialFlipper.com
Q4chris@industrialflipper.com
By using the Platform, you acknowledge that you have read and understood this Privacy Policy.