Privacy Policy

1. Who we are

FipFlow ("we", "us", "our") is a social media scheduling platform. When you use FipFlow, we collect and process certain personal data. This policy explains what data we collect, why, and how we protect it.

2. Data we collect

• Account data: name, email address, and password (stored as a bcrypt hash).
• Social account tokens: OAuth access and refresh tokens for your connected social media accounts. These are encrypted at rest using AES-256-GCM.
• Content data: posts, media files, hashtag groups, and templates you create in Fipflow.
• Usage data: activity logs, login timestamps, and IP addresses for security purposes.
• Payment data: billing records processed by Mollie. We do not store full card details.

3. How we use your data

• To provide and improve the Fipflow service.
• To publish your scheduled posts to connected social platforms on your behalf.
• To process payments and manage subscriptions.
• To send transactional emails (account confirmation, billing receipts).
• To detect and prevent fraud or abuse.

4. Data retention

We retain your data for as long as your account is active. You can delete your account at any time from Settings → Account → Delete Account. Upon deletion, your personal data is removed within 30 days.

5. Third parties

We share data with social media platforms (Facebook, Instagram, TikTok, LinkedIn, Pinterest, YouTube, Threads, Bluesky, Mastodon) only as required to publish your content. We use Mollie for payment processing. We do not sell your personal data.

6. Your rights (GDPR)

If you are in the EU/EEA, you have the right to access, correct, export, or delete your personal data. To exercise these rights, email us at [email protected].

7. Contact

Questions about this policy? Email [email protected].