Google API Disclosure

1. Introduction

This Google API Disclosure Statement (“Disclosure”) explains how FLIP, operated by RheoMinds Global Private Limited (“we,” “us,” or “our”), accesses, uses, stores, and shares data obtained through Google APIs in compliance with the Google API Services User Data Policy, including the Limited Use Requirements.

Our application, FLIP, integrates certain Google APIs to provide users with a seamless and intelligent financial experience, including authentication, email insights, and offer notifications.

This document is incorporated by reference into our Privacy Policy and Terms and Conditions.

2. Scope of the Disclosure

This Disclosure applies specifically to data obtained via:

Google OAuth 2.0 Authentication

Gmail API (if applicable)

Google People API

Google Calendar API (if applicable)

Google Drive API (if used for file storage or user uploads)

The scope covers all data accessed directly through a user’s Google account or indirectly via authorized tokens, as permitted by user consent.

3. Purpose of Google API Access

FLIP uses Google APIs strictly to enhance user experience and enable secure, AI-driven features.

We do not sell, rent, or use Google user data for advertising or marketing purposes.

Specifically, Google user data may be used for:

Authentication:

Simplified login or registration using Google Sign-In.

Verification of user identity for secure account creation.

Email Parsing (Gmail API – if authorized by the user):

Reading transactional emails (e.g., credit card statements, flight bookings, or order receipts) to auto-detect offers, cashback opportunities, and reward milestones.

Only metadata and relevant structured data are processed; the raw content is neither stored nor shared.

Calendar Insights (if applicable):

Accessing calendar events to recommend smart reminders for bill payments, renewals, or travel-linked offers.

Drive Access (if applicable):

Allowing users to export or store financial summaries securely in their Google Drive.

Contact Access (if applicable):

Suggesting referrals or sending user-approved invites to contacts (optional).

4. Compliance with Google API Services User Data Policy

FLIP strictly adheres to the Google API Services User Data Policy, particularly the Limited Use Requirements.

We commit that:

Data Access is Limited: Only the minimum data required for a given feature is accessed.

Data Usage is Purpose-Restricted: Information obtained via Google APIs is used only to provide or improve user-facing features within FLIP.

No Advertising Use: Google data is not used for serving ads, retargeting, or profiling.

No Unauthorized Transfers: Data is not transferred to any third-party service except as necessary to fulfill the specific user-requested function.

No Human Readability: Except where explicit user consent is provided (e.g., debugging at user request), no human has access to raw email or content data.

Secure Storage: All Google-sourced data is encrypted both in transit (TLS 1.2+) and at rest (AES-256).

5. Data Retention and Deletion

Data accessed via Google APIs is stored only as long as necessary to deliver the requested service.

If a user revokes Google account access or deletes their FLIP account, all associated Google API tokens and data are automatically deleted within 72 hours.

Users can also request deletion manually by contacting support@paybyflip.com.

Logs containing aggregated or anonymized data may be retained for analytics and compliance without identifying any user.

6. Data Sharing and Third-Party Access

FLIP does not share any Google user data with external parties unless:

Required by law or legal process;

Explicitly authorized by the user;

Necessary to provide core functionality (e.g., email parsing via secure Google Cloud services); or

Required for maintaining platform security and integrity.

All third-party vendors and sub-processors comply with strict confidentiality and data security obligations consistent with Google’s Limited Use Policy.

7. Data Security and Storage

Google API data is transmitted securely using OAuth 2.0 and HTTPS.

All sensitive data is stored in encrypted environments compliant with ISO 27001 and SOC 2 standards.

Access is restricted to a minimal number of authorized system processes; no external entity has access to raw or unencrypted data.

Tokens are stored securely using Google Cloud Secret Manager or an equivalent standard.

8. User Control and Revocation

Users retain full control over their data and permissions:

You can view or revoke FLIP’s access at any time via your Google Account Permissions page.

Upon revocation, FLIP will immediately disable all API access and delete related data.

You can also contact our Privacy Team for account or data deletion requests:

Email: support@paybyflip.com

Subject Line: “Google Data Access Revocation”

9. Compliance with Indian and International Data Laws

As a company registered under RheoMinds Global Private Limited, FLIP complies with:

Information Technology Act, 2000 (India) and associated SPDI Rules, 2011.

Digital Personal Data Protection Act (DPDP Act), 2023 (India).

Google API Services User Data Policy (Global compliance standard).

GDPR (where applicable) for users outside India.

10. Contact Information

For questions, clarifications, or complaints regarding this disclosure or our data handling practices:

RheoMinds Global Private Limited

4th Floor, Workpod, Sector 44–45, Gurgaon, Haryana – 122002, India

Support: support@paybyflip.com

Response Timeline: Within 60 days as per legal guidelines.

By using FLIP and authorizing Google API access, you acknowledge that you have read, understood, and agree to the terms of this Google API Disclosure.