Privacy Policy

Last updated: May 28, 2026

1. Data controller

The controller for personal data collected through KupoFlip is Graviton Ltd. (incorporation in progress). For any question, contact us at support@kupoflip.com.

2. Data we collect

When you sign in through Discord OAuth, we collect your Discord ID, username and avatar. No email is collected unless you write to us directly.

If you subscribe, Stripe collects your payment data (card, name, billing address). This data never transits through KupoFlip servers.

3. Purposes

Collected data is used to: authenticate your session, determine your subscription tier (trial, Basic, Premium), enforce the relevant pricing limits, contact you in case of an issue, and improve the service through anonymized statistics.

4. Cookies

KupoFlip relies on two HTTP-only cookies essential to its operation: a short session cookie (15 minutes) and a refresh cookie (7 days). No advertising or tracking cookie is set.

A preference cookie (NEXT_LOCALE) stores your chosen language.

5. Sub-processors

We rely on the following sub-processors: Discord (authentication), Stripe (payment), Vercel (frontend hosting), and our backend infrastructure provider (API servers and database). All of them are GDPR-compliant.

6. Retention

Account data is kept as long as your account is active. Upon deletion, data is wiped within 30 days, except accounting records which we keep for 10 years to comply with legal obligations.

7. Your rights

Under the GDPR, you have a right to access, correct, erase, port and object to the processing of your data. To exercise these rights, write to support@kupoflip.com.

8. Security

Traffic is encrypted over HTTPS. No password is stored (authentication is delegated to Discord). Access tokens are JWT-signed and stored in HTTP-only cookies inaccessible to client-side JavaScript.