Privacy Policy
Flip AI, Inc.
Effective date: 2026-05-22 Last updated: 2026-05-22
Flip AI, Inc. ("Flip," "we," "our," or "us") operates the Flip web application at fliplabs.ai, the Flip API, the Flip SDK, and related services ("Services"). This Privacy Policy explains how we collect, use, share, and protect information when you use the Services.
About Flip. Flip is a non-custodial interface to public blockchains. We do not custody your assets, hold private keys, or initiate transactions on your behalf. Much of the data Flip displays — wallet balances, positions, transaction history, prices — is read directly from public blockchains and third-party data providers; that data was public before it reached Flip and remains public after. Flip's role is to help you compose, simulate, and route transactions that you sign with your own wallet.
1. What We Collect
1.1 Your Wallet as Your Account
Flip does not require traditional account signup — no name, no email, no password. When you connect a wallet to the Services, that wallet address becomes your account identifier. Wallets you connect (and any settings, saved flows, or credit balances tied to them) are stored server-side keyed by that address. Disconnecting a wallet removes the active session; the persisted record is retained until you request deletion (see Section 7).
We do not collect names, email addresses, or other personal contact information as part of normal use. If you choose to contact us via email for support, deletion requests, or compliance questions, we receive whatever you provide in that message.
1.2 Wallet Addresses and On-Chain Activity
When you connect a wallet to the Services or paste a wallet address, we:
- Record the wallet address(es) you connect or look up;
- Read publicly available balance, position, and transaction data for those addresses from public blockchains and from third-party data providers (e.g. Alchemy, Helius, Zerion, Pendle, DefiLlama);
- Compute derived state (idle vs deployed, protocol exposure, recent activity) for use inside the Services.
We do not have information about wallet activity beyond what is already publicly available and recorded on the relevant blockchain. Connecting a wallet to Flip does not transmit any data that wasn't already public — it just lets Flip render and act on it.
Sanctions screening. When you connect a wallet, we screen the address against publicly-available sanctions data sources to detect addresses on the OFAC SDN list and similar designations. The sanctions data provider is listed in the Sub-Processors table in Section 3. Wallets that match a sanctions listing are blocked from connecting; we do not store the screening result beyond the active session.
We do not collect private keys or seed phrases. If you are ever prompted for a private key or seed phrase by something claiming to be Flip, treat it as phishing.
1.3 Connected Source Metadata (future / optional integrations)
If Flip later offers and you opt to connect a custodian, exchange, or other off-chain source, we will ingest the position, balance, and transaction data that source exposes via API. These integrations would be opt-in per source. As of the effective date above, the Services support only self-custodial wallet connections (Section 1.2) — this section is forward-looking.
1.4 Workflow Configurations
The workflow templates, allowlists, spend caps, approver sets, slot defaults, and network configurations you define in the Services.
1.5 Chat and Workflow Transcripts
Your interactions with Flip's AI workflow interface, including the intent you express, the plan Flip generates, and any clarifications. Transcripts are stored and linked to your account.
1.6 Usage and Telemetry
Log data, API call patterns, page views, feature interactions, error events, and performance metrics. Collected via PostHog.
1.7 Payment Information
If you pay through Stripe, Stripe collects your payment card or bank details directly. Flip receives only a tokenized reference and transaction status. We store your billing address and invoice history.
1.8 Support Communications
Emails, messages, and other communications you send to Flip.
2. How We Use Your Information
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide and operate the Services | Contract (Art. 6(1)(b)) |
| Process transactions and fees | Contract |
| Authenticate your account and sessions | Contract |
| Detect fraud, abuse, and security threats | Legitimate interest (Art. 6(1)(f)) |
| Comply with applicable legal obligations including sanctions screening | Legal obligation (Art. 6(1)(c)) |
| Product analytics and improvement | Legitimate interest |
| Send service notifications (downtime, ToS changes, security alerts) | Contract / Legitimate interest |
| AI model improvement (opt-in only — see Section 4) | Consent (Art. 6(1)(a)) |
We do not "sell" your personal information as defined under CCPA. We do not share your personal information with any third parties for marketing purposes. We do not use your data to train advertising profiles.
3. Sub-Processors
Flip uses the following third-party sub-processors to operate the Services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Convex | Database and real-time backend | US |
| Vercel | Hosting and compute | US (global edge) |
| WorkOS | Authentication and SSO | US |
| Stripe | Payment processing | US |
| Anthropic | AI model inference | US |
| PostHog | Product analytics and event tracking | US |
| Alchemy, Helius | Blockchain data and RPC | US |
| Zerion | Wallet portfolio data | EU |
| Chainalysis | Wallet sanctions screening (OFAC SDN list lookup) | US |
| LiFi | Cross-chain swap and bridge routing | EU |
| Jupiter | Solana DEX aggregation and lending | Singapore |
| Pendle | Yield position data lookup | Singapore |
We enter into data processing agreements with each sub-processor where one is offered. Sub-processors are evaluated for security posture before engagement. This list is updated as our infrastructure evolves; the version date at the top of this Policy reflects the most recent update.
4. AI Model Training
Flip does not use your wallet-linked data — positions, transaction history, or chat transcripts — to train AI models. We do not share your data with model providers for training purposes, and we do not opt you into any training program.
Aggregated, anonymized usage patterns (e.g., which flow types are most common, which prompts the parser handles well or poorly) may be used internally for product improvement, since they cannot be attributed to an individual wallet.
If Flip later offers a user-controlled opt-in for AI model improvement, opt-in would be explicit and revocable; until then, no training opt-in mechanism exists.
5. International Data Transfers
Flip AI, Inc. is based in the United States. If you access the Services from the European Economic Area, United Kingdom, or Switzerland, your data may be transferred to and processed in the United States. For such transfers we rely on Standard Contractual Clauses where required and applicable.
6. Data Retention
We retain wallet-linked data — connected-wallet records, your saved flows, chat transcripts, and usage telemetry — for the lifetime of the wallet's connection, plus an additional period to meet legal, audit, or dispute-resolution obligations. Payment records (Stripe-side) are retained as required by tax and audit law (typically 7 years).
We currently do not provide a self-service delete control. You can request deletion of your wallet-linked data by emailing privacy@fliplabs.ai; we will action requests as described in Section 7, subject to the Blockchain Limitation also described there.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your data (subject to retention requirements and the blockchain limitation below);
- Port your data in a machine-readable format;
- Restrict processing in certain circumstances;
- Object to processing based on legitimate interest;
- Withdraw consent for AI training opt-in at any time; and
- Opt out of the sale or sharing of personal information (California residents under CCPA/CPRA).
To exercise any right, email privacy@fliplabs.ai. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling a request.
Blockchain limitation. Data that has been written to a public blockchain — including wallet addresses, transactions you've signed, and on-chain interactions — is permanent, public, and outside Flip's control. We cannot edit or delete information that is stored on a public blockchain. A deletion request can remove Flip's internal copies of your data (account, settings, transcripts, telemetry); it cannot remove records from the chains themselves.
8. Children
The Services are not directed to individuals under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, contact privacy@fliplabs.ai and we will delete it promptly.
9. Cookies and Tracking
We use PostHog for product analytics. PostHog sets cookies or uses localStorage to track session activity, feature usage, and error events. We do not use third-party advertising cookies.
Opting out. You can stop most analytics collection without contacting us:
- Browser cookie controls. Block cookies for fliplabs.ai (or all third-party cookies) via your browser's privacy settings. See allaboutcookies.org for browser-specific instructions.
- Privacy browsers and extensions. Browsers like Brave and extensions like uBlock Origin or Privacy Badger block most analytics scripts by default.
- Email request. If you'd like us to flag your account for "do not track," email privacy@fliplabs.ai and we'll exclude you from analytics aggregation going forward.
10. Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption in transit (TLS 1.2+) and at rest;
- Account-level isolation: each wallet's data is stored and computed separately;
- Access controls with least-privilege principles.
No security measure is perfect. If you discover a vulnerability, email security@fliplabs.ai.
11. Changes to This Policy
We will notify you of material changes to this Policy via the email address on your account or via in-product notice, at least 30 days before the changes take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.
12. Contact
Privacy requests and data subject rights: privacy@fliplabs.ai Security issues: security@fliplabs.ai General: legal@fliplabs.ai
Flip AI, Inc. is a Delaware C-corporation. Legal notices may be delivered to our registered agent:
Legalinc Corporate Services Inc. 131 Continental Dr, Suite 305 Newark, DE 19713 United States