FLIPWORK PRIVACY POLICY
Version 1.0
Effective Date: May 25, 2026
Operator: Groovy Greens, LLC, a North Carolina limited liability company, doing business as "FlipWork" ("FlipWork," "we," "us," or "our")
Contact: CoryThacker@proton.me
Website: https://myflipwork.com
--------------------------------------------------------------------
PLAIN-ENGLISH SUMMARY (not legally binding — read the full policy below)
--------------------------------------------------------------------
Here's what we collect and why, in plain English:
- We collect what you give us (account info, profile, photos,
listings, messages) and a little bit of automatic stuff (your IP
address, what pages you visit) to make the service work.
- We share information with the companies we use to run FlipWork
(Stripe for payments, Supabase for the database, Vercel for
hosting, Sightengine for image moderation, Anthropic for the
support chat).
- We do NOT sell your personal information.
- We do NOT use your photos to train AI models for any purpose
outside of operating FlipWork.
- We use Stripe to handle payments. We do not see or store your
full credit card information.
- You can ask us to delete your account and your personal info at
any time by emailing CoryThacker@proton.me.
- FlipWork is for U.S. residents 18 and older only. We do not
knowingly collect information from anyone under 18.
If you have questions, email CoryThacker@proton.me.
====================================================================
1. SCOPE
====================================================================
This Privacy Policy describes how Groovy Greens, LLC, doing business
as FlipWork, collects, uses, shares, and protects information when
you use the FlipWork website at https://myflipwork.com, any
subdomains, and any related services we offer (the "Service").
This Privacy Policy applies only to the Service. It does not apply
to:
(a) Third-party websites, apps, or services that the Service may
link to or integrate with (such as Stripe, Google, or any
external site). Those services have their own privacy policies.
(b) Information collected offline.
By using the Service, you consent to the collection, use, and sharing
of your information as described in this Privacy Policy. If you do
not agree, you must not use the Service.
====================================================================
2. INFORMATION WE COLLECT
====================================================================
We collect information in three main ways: (a) information you give
us directly, (b) information collected automatically when you use
the Service, and (c) information from third parties.
2.1 Information you give us directly.
(a) Account information. When you create an account, we collect
your email address and a password (which we store hashed, not
in plain text). If you sign in using Google, we receive your
email address and basic profile information from Google
(according to Google's terms and your Google account settings).
(b) Profile information. When you complete your profile, you may
give us your display name, username, location (city and state),
a profile photo or avatar, a short biography, a list of skills,
website link, social media link, and similar information. You
choose what to put in your profile.
(c) Listings and Gigs. When you post a Gig or a Marketplace
listing, we collect everything you include in that post — title,
description, photos, location, price or pay amount, dates,
checklist items, and any other details.
(d) Messages and communications. We collect the messages you send
to other users through the Service, including text content,
timestamps, and read receipts. We also collect any messages
you send to our support agent or to our human support team.
(e) Photos and uploaded files. We collect every image, photo, or
file you upload to the Service. Photos are scanned by an
automated moderation service before being saved.
(f) Payment information. To receive payments as a Worker, you must
go through Stripe Connect's onboarding process. To send
payments as a Flipper, you must save a payment method through
Stripe. We do NOT see, store, or have access to your bank
account number, Social Security Number, or full credit card
number. Stripe holds that information directly. We only see and
store certain non-sensitive payment metadata, such as: the last
four digits of a saved card, card brand, card expiration
month/year, Stripe Customer ID, Stripe Connect Account ID,
Stripe Payment Intent ID, Stripe Transfer ID, and the status of
various Stripe-side flags (charges enabled, payouts enabled,
details submitted).
(g) Reports and complaints. If you report another user, a listing,
or a photo, we collect the details of your report.
(h) Other information you choose to share. We collect anything else
you voluntarily provide.
2.2 Information we collect automatically.
(a) Device and connection information. When you use the Service, we
may receive your IP address, browser type, operating system,
device type, and information about how you arrived at the
Service (such as the referring URL).
(b) Usage information. We log basic information about your use of
the Service, such as the pages you visit, the actions you take,
timestamps, and error events. We use this to operate, debug,
and improve the Service.
(c) Cookies and similar technologies. The Service uses cookies and
similar technologies to keep you logged in, remember
preferences, and provide core functionality. See Section 8 for
details.
2.3 Information from third parties.
(a) Stripe. When you connect a Stripe account or save a payment
method, Stripe shares with us non-sensitive metadata as
described in Section 2.1(f). Stripe also sends us webhook
events about your account and payment status.
(b) Sightengine. Our automated image moderation provider returns
moderation results to us (such as confidence scores indicating
whether an image may contain nudity, weapons, drugs, or other
flagged content).
(c) Google. If you sign in with Google, Google sends us the
information described in Section 2.1(a).
(d) Supabase. Our database and authentication provider may share
service-level information with us, such as authentication
logs, error reports, and storage usage.
2.4 Sensitive information.
- Do NOT send us sensitive information such as Social Security
Numbers, full bank account numbers, full credit card numbers,
driver's license numbers, passport numbers, or health
information through the Service. We do not need or want this
information.
- Stripe handles sensitive identity and financial information
directly. We do not receive or store it.
- We do not use the Service to collect protected health
information or to perform any covered function under HIPAA.
====================================================================
3. HOW WE USE YOUR INFORMATION
====================================================================
We use the information we collect to:
(a) Provide, operate, and maintain the Service.
(b) Authenticate you and keep your account secure.
(c) Process payments via Stripe Connect.
(d) Display your profile, listings, Gigs, and messages to other
users as appropriate.
(e) Send you operational emails (such as account confirmations,
password resets, gig-status updates, and security alerts).
(f) Communicate with you about the Service, including responses
to support requests and notices required by law.
(g) Moderate content and enforce our Terms of Service, including
using automated image moderation to screen uploads.
(h) Detect, investigate, and prevent fraud, abuse, security issues,
and violations of our Terms.
(i) Comply with legal obligations, including tax reporting (which
may include providing information to Stripe so Stripe can
issue you a 1099-K or similar tax form).
(j) Respond to legal requests, court orders, and subpoenas.
(k) Analyze and improve the Service, including by understanding
usage patterns and fixing bugs.
(l) Show you content that is relevant to you (such as Gigs in your
area). The Service does not currently serve third-party
advertisements.
3.1 AI and automated decisions.
(a) Image moderation. We use Sightengine, an automated image
moderation service, to scan uploaded photos for prohibited
content (such as nudity, weapons, drugs, violence, and minors).
An upload may be blocked automatically if Sightengine's
confidence score crosses our thresholds. You may try again with
a different image.
(b) Support chat. Our support chat is powered by Anthropic's Claude
Haiku model. When you use the chat, your messages are sent to
Anthropic's API. Anthropic processes these messages according
to its own privacy and data-handling terms. The chat agent has
limited ability to look up information about YOUR own account
(your gigs, payouts, Stripe status) to answer your questions.
It cannot see other users' data. Anthropic does not train its
models on data sent via its API by default.
(c) Real estate of decisions. None of our automated systems make
legally significant decisions about you without human review.
In particular, we do not use automated profiling to decide
whether to suspend or terminate your account. A human at
FlipWork makes those decisions.
3.2 Why we use your information (legal bases). We use your information
because it is necessary to perform our contract with you (the Terms
of Service), because we have a legitimate interest in operating and
improving the Service and in preventing fraud, because we are
required to by law (such as tax reporting), or because you have
consented (for example, by signing in with Google or by accepting
this Privacy Policy).
====================================================================
4. WHO WE SHARE INFORMATION WITH
====================================================================
We do NOT sell your personal information.
We share information only in the categories below.
4.1 With other users. Some information you provide is intentionally
visible to other users:
(a) Your username, display name, profile photo, location (city and
state), biography, skills, website link, and similar profile
details are visible on your public profile page.
(b) Listings and Gigs you post are visible to other users, along
with photos and details you include.
(c) Photos in your Work Samples gallery are publicly visible on
your profile.
(d) When you message another user, your messages are visible to
that user.
(e) When a Worker is picked for a Gig, the Flipper may see the
Worker's profile and contact through the Service.
(f) Sold/completed history and similar marketplace activity may be
visible on your profile, depending on the feature.
4.2 With service providers. We share information with companies that
help us run the Service. These providers may only use your
information to perform services for us. The categories of providers
and the types of information they may receive:
- Supabase (database, authentication, file storage, real-time
messaging) — receives almost all of the data we collect, since
it is our underlying database and storage.
- Vercel (hosting) — receives information at the network level
needed to serve the Service, including IP addresses, request
metadata, and any data passing through our server functions.
- Stripe (payments) — receives payment-related information needed
to process payments and onboard Workers and Flippers.
- Sightengine (image moderation) — receives copies of images you
upload, scanned for moderation purposes.
- Anthropic (support chat) — receives the text of your support
chat messages.
- Google (sign-in) — if you use Google to sign in, your Google
account information passes through Google.
- Email service provider (planned, not yet active) — once
deployed, will receive your email address and notification
content needed to send transactional emails.
4.3 With law enforcement and as required by law. We may share
information when we believe in good faith that doing so is required
or appropriate to:
(a) Comply with a law, regulation, court order, subpoena, search
warrant, or other legal process.
(b) Cooperate with a government investigation.
(c) Enforce our Terms of Service or other agreements.
(d) Protect the rights, property, or safety of FlipWork, our
users, or the public.
(e) Detect, investigate, or prevent fraud, abuse, or security
issues.
4.4 In connection with a business transaction. If FlipWork is
involved in a merger, acquisition, financing, reorganization,
bankruptcy, or sale of some or all of its assets, your information
may be transferred as part of that transaction. We will notify you
of any such transfer that materially changes how your information
is handled.
4.5 With your consent. We may share information with your consent or
at your direction, including when you choose to share content
publicly through the Service.
4.6 Aggregated or de-identified information. We may share aggregated
or de-identified information (information that no longer identifies
you) for any lawful purpose. For example, we might publish anonymous
statistics about how the Service is used.
====================================================================
5. PAYMENT PROCESSING
====================================================================
Payment processing on the Service is handled by Stripe, Inc. Stripe
is independently certified as a Level 1 PCI-DSS Service Provider.
(a) For Workers. When you connect a Stripe Express account, you
provide your bank account number, tax identification
information (such as SSN or EIN), date of birth, full legal
name, and address directly to Stripe. We do NOT see or store
that information. We only store the Stripe Account ID and a
few status flags returned by Stripe.
(b) For Flippers. When you add a payment method, you enter your
credit or debit card information into a Stripe-hosted form
embedded in our pages. The card number, expiration date, and
CVC are sent directly to Stripe. We only see and store the
card brand, last 4 digits, and expiration month/year (for
display purposes), plus a Stripe Payment Method ID.
(c) Tax reporting. Stripe may issue you a 1099-K or similar tax
form if your earnings on the Service reach a reporting
threshold. Stripe may also share certain tax information with
tax authorities as required by law.
(d) Stripe's privacy practices. Stripe's collection and use of
your information is governed by its own privacy policy,
available at https://stripe.com/privacy. By using the
Service's payment features, you also agree to Stripe's terms.
====================================================================
6. DATA RETENTION
====================================================================
We keep your information for as long as your account is active or as
needed to provide the Service. After your account is deleted or your
relationship with FlipWork ends, we may retain certain information
for the following purposes:
(a) To comply with legal obligations (such as tax recordkeeping
requirements, which can require us to keep certain records
for seven years or longer).
(b) To resolve disputes and enforce our agreements.
(c) To detect and prevent fraud and abuse, including by retaining
enough information to recognize banned accounts trying to
sign up again.
(d) To maintain backup copies for operational continuity. Backups
typically expire on a rolling basis within 90 days, after
which the deleted information is no longer recoverable.
(e) To preserve information related to ongoing transactions
(such as a completed Gig that has open dispute potential).
(f) For Stripe-related data, until Stripe's own retention period
ends and Stripe purges its records.
We do not retain information longer than necessary for these
purposes. When information is no longer needed, we delete or
de-identify it.
====================================================================
7. SECURITY
====================================================================
We take reasonable technical and organizational measures to protect
your information against unauthorized access, alteration, disclosure,
and destruction. These measures include:
(a) Encryption in transit (HTTPS for all communication between
your device and the Service).
(b) Encryption at rest for sensitive data stored by Supabase.
(c) Hashed password storage (we never store passwords in plain
text).
(d) Outsourcing of credit card and bank account handling to Stripe,
a PCI-DSS Level 1 provider.
(e) Access controls limiting who at FlipWork can access user data.
(f) Row-level security policies on our database that restrict each
user to seeing only data they are authorized to see.
(g) Webhook signature verification for incoming notifications from
third-party services.
However, NO METHOD OF TRANSMISSION OVER THE INTERNET OR METHOD OF
ELECTRONIC STORAGE IS 100% SECURE. We cannot guarantee absolute
security of your information.
If we discover a breach that materially affects your personal
information, we will notify you and any regulators as required by
applicable law.
====================================================================
8. COOKIES AND SIMILAR TECHNOLOGIES
====================================================================
8.1 What are cookies. Cookies are small data files that a website
stores on your device. We use cookies and similar technologies (such
as localStorage) to:
(a) Keep you signed in (an authentication cookie set by Supabase).
(b) Remember your preferences and session state.
(c) Maintain real-time features like live messaging and unread
counts.
(d) Protect the Service from abuse and fraud.
(e) Understand basic usage patterns (such as which pages people
visit) so we can improve the Service.
8.2 Third-party cookies. Stripe sets cookies for fraud detection and
to enable card-collection forms. Google may set cookies when you
sign in with Google.
8.3 Your choices. Most browsers let you delete cookies, refuse to
accept cookies, or alert you when cookies are being sent. If you
refuse to accept the cookies we use, parts of the Service may not
work properly (for example, you may not be able to stay signed in).
8.4 No advertising tracking. FlipWork does not currently use
advertising cookies, behavioral advertising trackers, or third-party
analytics tools beyond what is necessary to run the Service.
8.5 Do Not Track. Some browsers send a "Do Not Track" signal. We do
not currently respond to that signal because there is no industry
consensus on what it means and because we do not perform the kind of
tracking that the signal is designed to prevent.
====================================================================
9. YOUR RIGHTS AND CHOICES
====================================================================
9.1 Access and correction. You may access and update most of your
personal information by signing in and editing your profile. If you
need help, email CoryThacker@proton.me.
9.2 Account deletion. You may delete your account by emailing
CoryThacker@proton.me from the email address associated with your
account. After we verify your identity, we will delete your account
and personal information subject to the retention periods described
in Section 6. Some information may persist in backups, aggregated
data, or in records we are required to keep by law.
9.3 Marketing emails. We do not currently send marketing emails.
If we ever start, every marketing email will include an unsubscribe
link. Operational emails (such as password resets, gig-status
notifications, and security alerts) cannot be opted out of, because
they are necessary to provide the Service.
9.4 Communication preferences. You can adjust most communication
settings within your account. For settings that are not exposed in
the UI, email CoryThacker@proton.me.
9.5 California residents — your CCPA rights. If you are a California
resident, the California Consumer Privacy Act ("CCPA") gives you
certain rights regarding your personal information:
(a) Right to know. You may request that we disclose the categories
and specific pieces of personal information we have collected
about you, the categories of sources, the business purposes
for collecting it, and the categories of third parties we
share it with.
(b) Right to delete. You may request that we delete personal
information we have collected from you, subject to exceptions
allowed by law.
(c) Right to correct. You may request that we correct inaccurate
personal information about you.
(d) Right to opt out of "sale" or "sharing." We do not sell your
personal information and we do not share it for cross-context
behavioral advertising. There is nothing to opt out of here,
but if our practices ever change we will provide an opt-out
mechanism.
(e) Right to non-discrimination. We will not discriminate against
you for exercising any of these rights.
To exercise your CCPA rights, email CoryThacker@proton.me with the
subject "CCPA Request." We may need to verify your identity by
asking you to confirm certain account details. We will respond
within the timeframes required by California law.
9.6 Other state privacy rights. Residents of certain other U.S.
states (such as Virginia, Colorado, Connecticut, Utah, Texas,
Oregon, Montana, and others) have similar rights under their state
privacy laws. To exercise rights under your state's law, email
CoryThacker@proton.me. We will treat your request consistent with
applicable law.
9.7 Authorized agents. You may designate an authorized agent to make
requests on your behalf. We will require evidence of the agent's
authority and may verify your identity directly.
====================================================================
10. INTERNATIONAL USERS
====================================================================
The Service is operated from the United States. The Service is
intended for U.S. residents only. If you access the Service from
outside the United States, you do so at your own risk and you
acknowledge that your information will be transferred to, stored in,
and processed in the United States, where data protection laws may
differ from those in your jurisdiction.
We do not knowingly direct the Service to users outside the United
States, and we are not configured to comply with the General Data
Protection Regulation ("GDPR") or other non-U.S. privacy frameworks.
If you are located outside the United States, please do not use
the Service.
====================================================================
11. CHILDREN'S PRIVACY
====================================================================
The Service is not intended for children under 18 years old. We do
not knowingly collect personal information from anyone under 18.
If you are under 18, do not use the Service or send us any
information about yourself.
If we learn that we have collected personal information from a child
under 18, we will delete that information promptly. If you believe a
child under 18 has provided us with personal information, please
contact us at CoryThacker@proton.me.
The Service does not comply with the Children's Online Privacy
Protection Act ("COPPA") rules for under-13 children because the
Service is not intended for them.
====================================================================
12. THIRD-PARTY LINKS AND SERVICES
====================================================================
The Service may contain links to or integrate with third-party
websites, apps, or services (for example, Stripe Express dashboard
links, Google sign-in, links to external resources). We are not
responsible for the privacy practices or content of those third
parties. We encourage you to read the privacy policies of every
third-party service you interact with.
====================================================================
13. CHANGES TO THIS PRIVACY POLICY
====================================================================
We may update this Privacy Policy from time to time. If we make a
material change, we will notify you by email, by a notice on the
Service, or by requiring you to re-accept the Privacy Policy when
you next sign in. The "Effective Date" at the top of this Policy
will always show when it was last updated.
Your continued use of the Service after the effective date of any
update constitutes acceptance of the updated Privacy Policy. If you
do not agree to the update, you must stop using the Service and may
delete your account as described above.
====================================================================
14. CONTACT
====================================================================
If you have any questions, concerns, or requests regarding this
Privacy Policy or your personal information, please contact:
Groovy Greens, LLC, d/b/a FlipWork
Attn: Privacy
CoryThacker@proton.me
https://myflipwork.com
--------------------------------------------------------------------
END OF PRIVACY POLICY — Version 1.0 — Effective May 25, 2026
--------------------------------------------------------------------
Privacy Policy
Version 1.0