Privacy Policy

We are committed to protecting the privacy of individuals whose data we process through our website, products or services. We believe that protecting the privacy of our users is an integral part of our service and we take this responsibility very seriously.

Our Privacy Policy sets out how we collect and process personal information about our users, which includes:

  • Visitors to our Websites (www.flip.to, its subdomains and such other sites as may be designated by us).

  • Customers who use our Services (through manage.flip.to, its subdomains, and other sites designated by us).

  • Our customers' audience who interact with our Software (through www.flip.to, www.stories.travel, its subdomains, and other sites designated by us).

Please read this Privacy Policy carefully. By using or accessing the Service (defined below), you acknowledge that you have read, understood, and agree to be bound to all the terms and conditions of this Privacy Policy, and the "Terms of Use" or other customer agreement between you and Flip.to that is applicable to the particular Service you are using or accessing (collectively, "User Agreements").

If you do not agree to this Privacy Policy and the applicable User Agreement, please exit, and do not access or use, the Service.

Introduction

This Privacy Policy ("Privacy Policy") sets forth the privacy practices of Flip to, Inc. ("Flip.to"), all Flip.to software and applications (including Flip.to websites located at stories.travel, subdomains and any other websites designated by us) (collectively, the "Software"); the Flip.to websites located at www.flip.to, its subdomains, and any other websites or services designated by us (collectively, the "Websites"); and all other Flip.to products or services provided or otherwise made accessible on or through the Software or the Websites or that otherwise link to or reference this Privacy Policy. The Software, the Websites, and any other Flip.to products or services that link or refer to this Privacy Policy are collectively referred to as the "Service." This Privacy Policy describes how Flip.to collects, discloses, stores, transfers, and uses information that could individually identify our users ("Personal Data") in connection with our Service.

In this Privacy Policy, "we," "us," "our," and other similar references mean Flip.to; "you", "your", "user", "user's" and other similar references mean any user of the Service (including customers); and "customer", "customers", and "our customers" and other similar references mean any customer who purchased or subscribed to the Service.

This policy applies immediately to new users who use or access the Service on or after the Effective Date, and on the Effective Date to users who use or access the Service before the Effective Date.

Transfers of Personal Data

The Service is hosted and operated in the United States ("U.S.") through Flip.to and its service providers. For users who do not reside in the U.S., laws in the U.S. may differ from the laws where the user resides. Any Personal Data, regardless of whether provided by user or obtained from a third party, is being provided to Flip.to located in the U.S. and will be hosted on U.S. servers, and the user authorizes Flip.to to transfer, store, host and process information to and in the U.S.

EU Personal Data

For users located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the "GDPR") related to your Personal Data. We provide all users of our Service the ability to exercise their rights as described in the "Your Privacy Choices" section.

For the purposes of EU data protection legislation, Flip.to's role is defined as follows:

  • We are the controller of Personal Data for visitors who use our Websites, and customers who purchase or subscribe to our Service.

  • We are the processor of Personal Data for users who interact with our Software (our customer's audience). In this role, each customer is a controller of the Personal Data we process for them.

EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

Flip.to complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Flip.to has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Flip.to has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. As further set forth in the Principles, we remain potentially liable if a third party processing Personal Data received from the EU and the United Kingdom and Switzerland on our behalf processes that Personal Data in a manner that is inconsistent with the Principles (unless we can prove that we are not responsible for the event giving rise to the damage). Flip.to is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to any failure to comply with the Principles. Individuals from EU or Switzerland with inquiries or complaints regarding U.S. privacy practices should contact us at the email or address set forth in the section titled "Questions Regarding Our Privacy Policy" below.

California Personal Data

For residents of California, U.S., you may have additional rights under the California Consumer Privacy Act (the "CCPA") related to your Personal Data. We provide all users of our Service the ability to exercise their rights as described in the "Your Privacy Choices" section.

Information We Collect and How We Use It

Types of Personal Data We Collect

Flip.to collects Personal Data about users when they provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), service providers (such as our advertising service providers) provide us with Personal Data, or when Personal Data is automatically collected in connection with a user's use of our Service. We collect the following Personal Data in connection with the Service:

  • Contact Information: information we collect to identify or contact a user. such as first and last name, email address, and social network handle.

  • User Content: information, visual content (including images and video), written content (including quotes, feedback, and comments), and other content that we may collect that a user posts to or through the Service.

  • Transaction Information: information related to transactions a user conducts on the Service, including registering for a webinar or event, downloading special content, and a user's own interactions with the Service (for example the functionality used and links clicked on the Service).

  • Customer Account Information: information that identifies a customer to the Service, such as first and last name, email address, physical address, telephone number, password, and IP address.

  • Customer Financial Account Information: information that a customer provides in connection with a purchase of the Service (or a purchase made through the Service), including credit card number, credit card expiration date, credit card verification code, bank account number, bank account title, bank name, branch location, and routing number.

  • Log Data: information automatically recorded by the Service about how a person uses our Service, such as anonymized IP addresses, device and browser type, operating system, the pages or features of our Website or Service to which a user browsed, the time spent on those pages or features, the frequency with which the Service is used by a user, search terms used by a user, the links on the Service that a user clicked on or used, and other statistics.

We also collect usage and performance information that is not Personal Data or that we aggregate or de-identify so that it no longer personally identifies an individual. We also associate some data that is not Personal Data with Personal Data.

Types of Personal Data We Do Not Collect

Flip.to does not collect Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or information specifying the sex life of an individual (“Sensitive Personal Data”).

How We Collect Personal Data

Some of the methods and tools we use to collect Personal Data are:

  • Unique Identifiers: We use unique identifiers such as cookies, e-mail or a user's pseudonymized customer ID to track individual usage behavior on our Service, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user's use of our Service on an individual basis.

  • Cookies, Web Beacons, and Other Tracking Tools: We and our third party service providers collect information about our users, their devices, and their use of the Service through cookies, clear gifs (a.k.a. web beacons/web bugs) ("Web Beacons"), and other tracking tools and technological methods (collectively, "Tracking Tools"). Tracking Tools collect information such as computer or device operating system type, IP address, browser type, browser language, mobile device ID, device hardware type, the website or application visited or used before or after accessing our Service, the parts of the Service accessed, the length of time spent on a page or using a feature, and access times for a web page or feature. These Tracking Tools help us learn more about our users and analyze how users use the Service, such as how often users visit our Service, what features they use, what pages they visit, what emails they open, and what other sites or applications they used prior to and after visiting the Service.

    • Cookies: Like many websites and mobile application operators, we collect certain information through the use of "cookies," which are small text files that are saved by the browser when a user accesses our Service. Cookies can either be "session cookies" or "persistent cookies". Session cookies are temporary cookies that are stored on a user's device while visiting our Website or using our Service, whereas "persistent cookies" are stored on a user's device for a period of time after leaving our Website or Service. We use persistent cookies to store user preferences so that they are available for the next visit, and to keep a more accurate account of how often a user visits our Service, and how their use of the Service varies over time. We also use persistent cookies to measure the effectiveness of advertising efforts. Through these cookies, we may collect information about a user's online activity after they leave our Service. For more information on cookies, including how to control your cookie settings and preferences, visit https://ico.org.uk/for-the-public/online/cookies/.

    • Web Beacons: Web Beacons, or tracking pixels, help us better manage content on our Service by informing us what content is effective. Web Beacons are embedded in, or otherwise associated with, certain emails or other communications that you receive from us or our partners. Web Beacons help us track user responses and interests and deliver relevant content and services. For example, they may let us know when a user takes actions based on the emails that we send.

  • Social Media Widgets: Some parts of our Service may include social media features, such as the Facebook "like" button, and widgets, such as the "share this" button. These social media features are either hosted by a third party or hosted directly on our Service. When a user uses these tools, the party that provides the tool, the third party that operates the social media services, and/or we may receive Personal Data. By using these tools, the user will be prompted to provide consent that some information, including Personal Data, from a user's social media services will be transmitted to us, and that information is therefore covered by this Privacy Policy, and some information, including Personal Data, may be shared with the third party services, and that information is therefore governed by their privacy policies.

  • Third Party Sources: We may use third-party services, such as open search tools and social networks, to obtain information about a user (such as name or company) and to enrich a user's personal information by obtaining publicly available information about the user.

  • Online Behavioral Advertising: Some of our advertising ("Behavioral Advertising") involves using Tracking Tools to collect information about a user's online activities over time and across non-affiliated websites and applications and providing ads to the user based the user's interests (as inferred from the user's online activity) or use of our Service. Behavioral Advertising may appear on our Service or on other websites or services. We work with third parties to provide Behavioral Advertising, such as advertising networks, data exchanges, traffic measurement service providers, marketing analytics service providers, and other third-party service providers (collectively, "Advertising Service Providers"). Advertising Service Providers perform services such as facilitating targeting of advertisements and measuring and analyzing advertising effectiveness on the Service (collectively, all such services, "Targeting Services"). Targeting Services help us display Behavioral Advertising, prevent a user from seeing repeated ads, and enable us to research the usefulness of ads. We adhere to self-regulatory principles for online behavioral advertising issued by the Digital Advertising Alliance ("DAA") and the European Interactive Digital Advertising Alliance ("EDAA") (collectively, the "OBA Principles"). More information about the OBA Principles can be found at http://digitaladvertisingalliance.org/principles and http://www.edaa.eu/european-principles/. User's have the option to opt out of Behavioral Advertising. For more information, see the section below titled "Opting Out of Behavioral Advertising and Tracking Tools."

How We Use Personal Data

We use Personal Data to:

  • provide, administer, and improve our service.

  • better understand our user's needs and interests.

  • fulfill requests that our users make.

  • personalize user experience.

  • provide Service announcements.

  • provide users with information and offers from Flip.to.

  • protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity.

  • comply with legal obligations to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Personal Data collected by Flip.to is only used for the purpose it was originally collected for, and will never be used for any other purpose.

We do not sell or rent Personal Data to third-parties.

We will only use Personal Data if we have a lawful basis for doing so. Lawful basis for processing include consent, contractual necessity, and our "legitimate interests" or the legitimate interest of others, as further described below.

  • Contractual Necessity: We process the following categories of Personal Data because we need to process the data to perform under our User Agreement with our customers, which enables us to provide our Service. When we process data due to contractual necessity, failure to provide such Personal Data will result in a customer's inability to use some or all portions of the Service that require such data:

    • Contact Information

    • User Account Information

    • Financial Account Information

    • Transaction Information

    • User Content

  • Legitimate Interest: We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties:

    • Contact Information

    • Financial Account Information

    • User Account Information

    • Transaction Information

    • User Content

    • Partner Information

    • Log Data

  • Consent: In some cases, we process Personal Data based on the consent a user expressly grants to us at the time we collect such data. When we process Personal Data based on user's consent, it will be expressly indicated to the user at the point and time of collection.

  • Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of our users or other data subjects, or if it is necessary for a task carried out in the public interest.

In order for us to provide our Services, we engage Flip.to affiliates and third-party service providers (collectively "Sub-processors") to assist with certain data processing activities on behalf of Flip.to. Our Sub-processors are subject to contract terms designed to ensure that these service providers process personal data only for the purposes of providing services to Flip.to and in accordance with our commitments to our customers and applicable data protection laws.

Security

We believe the security of user information is a serious issue and we are committed to protecting the information we receive from our users. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, data encryption at rest (for customers that elect to purchase our "private cloud" solution), pseudonymization, and enforcement of least privilege and need-to-know principles.

To the extent the Service requires our customers to provide any Financial Account Information, such as when a customer purchases subscriptions to the Service, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Service, provided that we do store (or our payment processor on our behalf will store) just the last four digits of our customer's credit card number, if the customer provides this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.

Data Retention

We retain Personal Data for users for as long as our customer has an open account with us or as otherwise necessary to provide our Service, and thereafter as set forth in our Service agreement (typically 30 days after termination of the Service, or sooner upon request, except as required by law). In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Upon disposal, we will destroy or render unreadable any such Personal Data. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify any user personally.

Closing A Customer's Account

A customer may close an account, and upon termination of the account, we will take reasonable steps to provide, modify, or delete all Personal Data associated with the customer and any users associated with that customer, as soon as is practicable. However, Flip.to may nevertheless retain Personal Data to protect the business interests of Flip.to, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.

Children

Our Service is not intended for children under the minimum age of 16, and therefore, we do not knowingly acquire or receive Personal Data from children under the minimum age. If we later learn that any user of our Service is under the minimum age, we will take appropriate steps to remove that user's information from our account database and will restrict that individual from future access to the Service.

Policy Changes

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via email (if you have an account where we have your contact information) or otherwise in some manner through the Service that we deem reasonably likely to reach you (which may include posting a new privacy policy on our Website—or a specific announcement on this page or on our blog). Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting) or on the Effective Date set forth in the modified Privacy Policy. In all cases, your continued use of the Service or Website after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.


Your Privacy Choices

Opting Out of Behavioral Advertising and Tracking Tools

You can opt-out of certain Behavioral Advertising activities by doing one or more of the following. Please note that you will need to opt-out of each browser and device for which you desire to apply these opt-out features.

  • Service Provider Opt Out: You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads' preferences at http://www.google.com/ads/preferences/. You can also use Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout/. Because those opt-out and preference control pages are specific to the individual browser used to visit it, and because that page is not operated by us, we are unable to perform the opt-outs on your behalf.

  • Industry Opt Out Tools: Some Advertising Service Providers or providers of Tracking Tools may participate in the Network Advertising Initiative's (NAI) Opt-Out Tool (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Consumer Choice Page (http://www.aboutads.info/choices/), and you can opt-out of certain services and learn more about your choices by visiting the links included there. Users in the EU can visit http://www.youronlinechoices.eu/ for more information about your choices and to opt out of participating service providers.

  • Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser's support feature. Through your web browser, you may be able to:

    • Delete existing Tracking Tools

    • Disable future Tracking Tools

    • Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set

  • Mobile Opt Out: Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA's AppChoice app on your mobile device (download for iTunes or Android). To opt-out of ads from specific services, please visit Apple or Google, or applicationprivacy.org for general information and additional opt-out links.

  • Do Not Track: Your browser may offer you a "Do Not Track" option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. The Service does not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Service and after you leave our Service.

Opting Out of Emails

We will give you the ability to opt-out of marketing-related emails by clicking on an unsubscribe link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service.

Accessing, Correcting, or Deleting Your Personal Data

You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!). If you have any requests or questions, contact us at the email or address set forth in the section titled "Questions Regarding Our Privacy Policy" below.

  • Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.

  • Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.

  • Erasure: You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Service to you, your User Account will be deactivated and you will lose access to the Service.

  • Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

  • Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.

  • Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.

  • Restriction of Processing: You can ask us to restrict further processing of your Personal Data.

Non-discrimination

All users will receive the same level and quality of our Service without discrimination regardless of their privacy choices or any rights they exercise with respect to their Personal Data.

Questions Regarding Our Privacy Policy

Please contact us if you have any questions or comments about our privacy practices or this Privacy Policy, if you wish to report a security concern, or if you would like to make a request regarding your Personal Data. You can reach us online at privacy@flip.to, or by mail at:

Flip.to Attention: Privacy Officer 766 N. Sun Drive, Suite 2030 Lake Mary, FL 32746 United States of America

Data Privacy Framework Inquiries

We commit to resolve complaints about user privacy and our collection or use of Personal Data transferred from the EU and Switzerland to the U.S. in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, where applicable, and have further committed to refer unresolved complaints to JAMS, an alternative dispute resolution provider located in the U.S. If you do not receive timely acknowledgment of your DPF-related complaint from us, or if we have not resolved your complaint, you may contact or visit JAMS at https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for residual claims about whether we have violated our obligations to you under the DPF, and if that violation remains fully or partially unremedied.


Effective as of August 28, 2024

Last updated