RigFlip

Privacy Policy

GDPR-compliant Privacy Policy for Rig Flip

Last updated: January 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

Name: Samuel Kamara
Address: Andreezeile 1, 14165 Berlin, Germany
Email: hey@rig-flip.com

2. What Data We Collect

Account Data

When you create an account, we collect your name and email address through our authentication provider, Clerk. This data is necessary to provide you with access to the service.

Usage Data

We collect data about how you use Rig Flip, including:

  • Inventory items you create, edit, and delete
  • Sales records you track
  • Build configurations you create
  • Settings and preferences you configure

This data is stored in our database (Convex) and is necessary to provide the core functionality of the service.

Payment Data

If you subscribe to a paid plan, payment information (credit card details) is collected and processed by our payment processors, Dodo Payments and Stripe. We do not store your full credit card details on our servers. We only receive confirmation of successful payments and subscription status.

Technical and Log Data

We automatically collect certain technical information when you use our service, including:

  • IP address
  • Browser type and version
  • Device type
  • Access times and dates

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and maintaining the Rig Flip service
  • Managing your account and authentication
  • Processing subscription payments and billing
  • Calculating profit margins and tracking inventory
  • Responding to your support requests
  • Improving and optimizing our service
  • Sending important service updates and notifications
  • Ensuring security and preventing fraud

5. Data Sharing

We share your data with the following third-party service providers who help us deliver the service:

Authentication: Clerk

Clerk processes your account data (name, email) for authentication and session management. Clerk is GDPR-compliant and uses Standard Contractual Clauses for international transfers.

Database: Convex

Convex stores all your inventory data, sales records, and usage information. Convex is a US-based service with enterprise-grade security and encryption.

Payments: Dodo Payments and Stripe

Dodo Payments and Stripe process your payment information for subscription billing. Both are PCI-DSS compliant and handle payment data securely.

Analytics: PostHog

With your consent, PostHog processes anonymized usage analytics to help us understand how the Service is used and improve the user experience. PostHog collects interaction data including page views, feature usage, and session information. No analytics data is collected until you provide consent via our cookie banner. PostHog is GDPR-compliant and uses Standard Contractual Clauses for international transfers.

We do not sell your personal data to third parties. We only share data with processors necessary to deliver the service, and all processors are bound by data protection agreements.

6. Data Retention

We retain your personal data for the following periods:

  • Account data: For the duration of your account plus 30 days after account deletion
  • Inventory and sales data: For the duration of your account plus 90 days after deletion for backup purposes
  • Payment records: For 7 years to comply with tax and accounting requirements
  • Technical logs: For 90 days for security and troubleshooting

After the retention period expires, we securely delete or anonymize your data.

7. Your Rights

Under the GDPR, you have the following rights:

Right of Access (Art. 15 GDPR)

You have the right to request a copy of the personal data we hold about you.

Right to Rectification (Art. 16 GDPR)

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR)

You can request that we delete your personal data, subject to legal retention requirements.

Right to Data Portability (Art. 20 GDPR)

You can request a copy of your data in a machine-readable format. You can export your inventory and sales data as CSV files at any time from your account settings.

Right to Restriction (Art. 18 GDPR)

You can request that we restrict processing of your personal data in certain circumstances.

Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at: hey@rig-flip.com

8. Contact and Complaints

If you have questions about this Privacy Policy or how we handle your data, please contact:

Name: Samuel Kamara
Email: hey@rig-flip.com

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. The supervisory authority in your country can be found at: https://edpb.europa.eu/about-edpb/board/members_en

9. International Data Transfers

Some of our service providers are based in the United States (Clerk, Convex, Stripe). When we transfer your data to these providers, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Providers' compliance with GDPR requirements
  • Technical and organizational security measures

10. Cookies

We use cookies and similar technologies for authentication and functionality. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through a notice on our website. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.