Privacy Policy
Last updated: May 12, 2026
This privacy policy describes how PostFlip (postflip.app) collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679).
1. Data controller
The data controller is the individual operator of PostFlip. For any request regarding your data, contact: hello@postflip.app
2. Data collected
2.1 Account data
When you create an account, we collect your email address and, where applicable, your name. This data is required to authenticate you and manage your subscription.
2.2 Submitted content
The LinkedIn posts you submit to PostFlip are processed by our API to generate the reformatted versions. On the free plan, content is not retained after the session. On the Pro plan, your recasts are saved to your account to build your history.
Your content is never used to train artificial intelligence models.
2.3 Payment data
Payment data (card number, etc.) is processed exclusively by Stripe, Inc. PostFlip stores no banking data. Stripe is PCI-DSS Level 1 certified.
2.4 Technical data
For the proper functioning of the service, we collect limited technical data: IP address (anonymized), browser type, pages visited and usage events (sign-in, recast launched). This data is used only to improve the service.
3. Legal basis for processing
- Performance of the contract for the provision of the service
- Legitimate interest for security and fraud prevention
- Legal obligation for the retention of accounting data
- Consent for marketing communications, where applicable
4. Processors
PostFlip uses the following processors, all subject to GDPR compliance commitments:
- Supabase, Inc. - database hosting (AWS infrastructure, eu-west-1 region)
- Stripe, Inc. - payment processing
- Vercel, Inc. - application hosting
- Anthropic, PBC - content generation via API (your data is not used for training)
- PostHog, Inc. - product analytics (loaded only after your consent)
- Google LLC - Google Analytics 4 and Google Tag Manager for audience measurement (loaded only after your consent)
5. Retention period
- Account data: kept until the account is deleted
- Pro history: kept as long as the account is active
- Billing data: 10 years (legal obligation)
- Technical logs: rolling 30 days
6. Your GDPR rights
In accordance with the GDPR, you have the following rights over your personal data:
- Right of access to your data
- Right of rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to portability
- Right to object
To exercise these rights, contact hello@postflip.app. We respond within 30 days. You may also lodge a complaint with the CNIL: www.cnil.fr.
7. Cookies
PostFlip uses two categories of cookies:
Strictly necessary cookies (no consent required): authentication session and preferences (theme, language). They are essential for the service to work.
Analytics cookies (consent required): no analytics cookie or tracker is set before your explicit consent. If you accept via the cookie banner, we load:
- Google Analytics 4 and Google Tag Manager (Google LLC) - traffic statistics, anonymized IP
- PostHog (PostHog, Inc.) - product usage analytics
You can withdraw your consent at any time by clearing your browser's local storage for postflip.app; the banner will reappear and trackers stay disabled until you accept them. Google Consent Mode v2 defaults to "denied" until consent is given.
8. Transfers outside the EU
Some processors (Stripe, Vercel, Anthropic, Google, PostHog) are established in the United States. These transfers are carried out under the standard contractual clauses approved by the European Commission, in accordance with Article 46 of the GDPR.
9. Changes
We may update this policy at any time. The date of the last update is shown at the top of the page. In the event of a substantial change, you will be notified by email.