Privacy Policy
Last updated: May 28, 2026
1. Data controller
The controller for personal data collected through KupoFlip is Graviton Ltd. (incorporation in progress). For any question, contact us at support@kupoflip.com.
2. Data we collect
When you sign in through Discord OAuth, we collect your Discord ID, username and avatar. No email is collected unless you write to us directly.
If you subscribe, Stripe collects your payment data (card, name, billing address). This data never transits through KupoFlip servers.
3. Purposes
Collected data is used to: authenticate your session, determine your subscription tier (trial, Basic, Premium), enforce the relevant pricing limits, contact you in case of an issue, and improve the service through anonymized statistics.
4. Cookies
KupoFlip relies on two HTTP-only cookies essential to its operation: a short session cookie (15 minutes) and a refresh cookie (7 days). No advertising or tracking cookie is set.
A preference cookie (NEXT_LOCALE) stores your chosen language.
5. Sub-processors
We rely on the following sub-processors: Discord (authentication), Stripe (payment), Vercel (frontend hosting), and our backend infrastructure provider (API servers and database). All of them are GDPR-compliant.
6. Retention
Account data is kept as long as your account is active. Upon deletion, data is wiped within 30 days, except accounting records which we keep for 10 years to comply with legal obligations.
7. Your rights
Under the GDPR, you have a right to access, correct, erase, port and object to the processing of your data. To exercise these rights, write to support@kupoflip.com.
8. Security
Traffic is encrypted over HTTPS. No password is stored (authentication is delegated to Discord). Access tokens are JWT-signed and stored in HTTP-only cookies inaccessible to client-side JavaScript.