01 Who we are
This privacy policy applies to all personal information processed through aiflipping.work and any related learning platform, support channels and email communications.
Lucky Birds
Deken van Oppensingel 115
Venlo 5911AC NL
Registration: 76361241
Email: [email protected]
We are responsible for the processing of your personal data as described in this policy. For any privacy-related question, you can reach us at any time at the email above.
02 Data we collect
Depending on how you interact with us (browsing, signing up, purchasing, contacting support), we may process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity | First and last name, username |
| Contact | Email address, optionally phone number |
| Billing | Billing address, country, tax/VAT number (for businesses) |
| Payment | Transaction data via our payment provider; we do not receive or store full credit card or bank details |
| Account & progress | Login credentials (hashed), modules viewed, progress in the program |
| Communication | Chat support messages, email correspondence, complaints |
| Technical | IP address, browser type, device type, language preference, time zone |
| Usage | Pages visited, clicks, time on page, referral source, UTM parameters |
| Marketing | Newsletter opt-in, email opens and clicks, preferences |
We do not knowingly collect special or sensitive categories of personal data (such as health, religion or political views), unless you voluntarily share them with our support team.
03 Purposes & legal bases
We only process your data for specific purposes, each supported by a valid legal basis under the GDPR (Article 6) and equivalent provisions in other applicable laws.
| Purpose | Legal basis |
|---|---|
| Performing the contract (granting access to the program, providing support, invoicing) | Contract performance (Art. 6(1)(b)) |
| Complying with accounting and tax obligations | Legal obligation (Art. 6(1)(c)) |
| Improving the website, debugging, security | Legitimate interest (Art. 6(1)(f)) |
| Sending transactional emails (confirmations, login info, invoices) | Contract performance (Art. 6(1)(b)) |
| Marketing emails to existing customers about similar products | Legitimate interest with opt-out (Art. 6(1)(f)) |
| Marketing emails or newsletter to non-customers | Consent (Art. 6(1)(a)) |
| Analytics and marketing cookies | Consent via cookie banner (Art. 6(1)(a)) |
| Defending against legal claims, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
You may withdraw any consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
04 Cookies & tracking
Our website uses cookies and similar technologies. Non-essential cookies are only set after you give consent through our cookie banner.
Functional cookies
Required for the site to work (login session, cart, language preference). No consent is required for these.
Analytics cookies
We use analytics tools (such as Google Analytics 4) to understand how visitors use the site. Where possible, data is pseudonymised.
Marketing / tracking cookies
For advertising and remarketing, we use pixels from providers such as Meta (Facebook), Google Ads and TikTok. These are only loaded after your explicit consent.
You can update or revoke your cookie preferences at any time via the “Cookie settings” link in the footer, or by clearing cookies in your browser.
05 Third parties
We only share your data with third parties where necessary to deliver our service, and always under a data processing agreement or other valid legal arrangement.
| Recipient | Purpose |
|---|---|
| LeadConnector / HighLevel | CRM, landing pages, email and marketing automation |
| Stripe | Payment processing and invoicing |
| Thinkific | Access to course videos and bonus materials |
| GoHighLevel | Delivery of transactional and marketing emails |
| Meta (Facebook/Instagram) | Advertising and pixel tracking (consent only) |
| Google (Ads & Analytics) | Analytics and advertising (consent only) |
| Hosting & backup providers | Technical infrastructure |
| Accountant / bookkeeper | Statutory financial administration |
We do not sell your personal data to third parties for commercial purposes.
06 International transfers
Some of our service providers (including LeadConnector/HighLevel, Meta and Google) are based in the United States. This means your data may be processed outside the European Economic Area (EEA) and the United Kingdom.
Where this happens, we rely on appropriate safeguards such as:
- the EU-US Data Privacy Framework where the recipient is certified, or
- the European Commission’s Standard Contractual Clauses (SCCs), often combined with technical measures such as encryption.
A copy of the relevant safeguards is available on request.
07 Retention
We keep your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
- Account data: for as long as your account is active, plus 12 months after closure.
- Invoice & payment data: 7 years (statutory tax retention period).
- Marketing data: until you unsubscribe or withdraw consent.
- Support communications: up to 24 months after the last contact.
- Logs and analytics: typically 14 to 26 months.
08 Security
We apply appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access, including:
- encryption of traffic via TLS/HTTPS;
- secure password storage using modern hashing algorithms;
- access on a strict need-to-know basis within our team;
- two-factor authentication for administrative accounts;
- regular backups and monitoring for suspicious activity.
In the unlikely event of a data breach that presents a high risk to your rights and freedoms, we will notify you and the competent supervisory authority within the legal time limits.
09 Your rights
Under the GDPR (and equivalent laws such as the UK GDPR and the CCPA, where applicable), you have the following rights:
Right of access
You may request a copy of the personal data we hold about you.
Right to rectification
You may ask us to correct or complete inaccurate or incomplete data.
Right to erasure (“right to be forgotten”)
You may ask us to delete your data, subject to statutory retention obligations.
Right to restriction
You may request that we temporarily limit processing, for example while you contest accuracy.
Right to data portability
You may receive your data in a common, machine-readable format, or have it transferred to another controller.
Right to object
You may object to processing based on legitimate interest, or to direct marketing at any time.
Right to withdraw consent
Where processing is based on consent, you can withdraw it at any time.
Send an email to [email protected]. We will respond within 30 days. To protect your data, we may ask you to verify your identity before acting on a request.
10 Minors
Our services are intended for individuals aged 18 or over. We do not knowingly collect data from minors. If you believe we may have received personal data from a minor, please contact us so we can delete it.
11 Updates
We may update this privacy policy from time to time, for example to reflect changes in our services or in applicable law. The most recent version is always available on this page, with the date of the latest revision shown at the top. For material changes, we will notify you proactively, typically by email.
12 Contact & complaints
For any question, request or complaint regarding this privacy policy or the processing of your personal data, please contact us:
Lucky Birds
Email: [email protected]
Address: Deken van Oppensingel 115, Venlo, 5911AC, NL
You also have the right to lodge a complaint with the supervisory authority in your country of residence. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl); in the UK the Information Commissioner’s Office (ico.org.uk); in California you may contact the California Privacy Protection Agency (cppa.ca.gov).