Flipcommons

Privacy Policy

Last updated: March 2026

How We Operate

Flipcommons is a public knowledge project, not an advertising or growth-optimization platform. We do not design for engagement addiction, infinite-scroll optimization, or manipulative notification funnels.

Information We Collect

Flipcommons collects only the minimal information needed to operate and improve the service:

  • Account information — if you create an account: your email address, your chosen username, and your first and last name (provided by your sign-in provider).
  • Usage data — standard web server logs including IP addresses, browser type, and pages visited.
  • Uploaded images — files you upload. All metadata (including GPS, camera info, and timestamps) is stripped before storage.

Information We Publish

Only your username is shown publicly — for example, on contributions you make and on your profile page. Your email address and real name are never displayed to other users.

How We Don't Use Information

We do not sell personal information to third parties. We do not:

  • share analytics with ad networks or participate in behavioral advertising
  • perform cross-site tracking
  • fingerprint visitors, build shadow profiles, or perform behavioral profiling

Cookies

Flipcommons uses a small number of cookies for essential functionality:

  • Session cookie — maintains your login state.
  • CSRF token — protects against cross-site request forgery.

We do not use tracking or advertising cookies.

Data Retention

Account information is retained while your account is active. Server logs are retained for a limited period for operational purposes. You may request deletion of your account and associated data at any time.

Third-Party Services

Flipcommons relies on a number of third-party services to operate:

  • WorkOS — handles sign-in and authentication.
  • Railway — hosts the application.
  • Bunny CDN — serves images and other media.
  • iDrive e2 — stores uploaded files.
  • Sentry — receives error reports when something breaks in your browser or on our servers, so we can fix it. Reports include your account ID and username if you're signed in; personally identifying information like IP addresses, email addresses, request bodies, and query strings are stripped before delivery. Does not use cookie tracking or record browser sessions.
  • PostHog — helps us understand which parts of the site are used and where contributors get stuck, so we can improve them. We notify PostHog each time you do specific actions like visit a page, successfully save an edit, or have an upload fail. Each notification includes the page you were on (without anything after the ? in the address bar), the site that referred you (if any), and your browser and operating system family. We have configured PostHog not to set cookies, not to remember anything about you between visits, not to store your IP address, not to silently record the buttons you click or text you type, not to record a video of your session, not to run pop-up surveys, not to record your screen or window size, and not to capture marketing or ad-tracking tags from the address bar (things like utm_source or gclid) or the search terms that brought you here from Google or Bing. A temporary ID groups activities from the same browser tab together and is forgotten when you close the tab.

Your Rights

You have the right to access, correct, or delete your personal information. To exercise these rights, please contact us.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

If you have questions about this privacy policy, please contact us.