Flypost Privacy Policy | Data Protection & User Information
FLYPOST

PRIVACY
POLICY

Ground Truth / De-Identified Record

Effective: March 17, 2026  ยท  Replaces all prior versions

1. Who We Are

Flypost ("we," "our," or "us") operates a presence-verification and anonymous feedback platform for real estate open houses, accessible at goflypost.com and its subdomains. This policy explains what data we collect, why, how long we keep it, and your rights over it.

Flypost does not require you to create an account, provide your name, or share contact information to use the buyer-facing check-in service.

2. Data We Collect and Why

2.1 Pseudonymous Browser Token (buyerToken)
When you first access the check-in service, we generate a random identifier (e.g., ulid_4727โ€ฆ) and store it in your browser's localStorage. This token allows us to associate your check-ins and feedback with a consistent session history without knowing who you are. It is not linked to your name, email, or device identifier by us.

2.2 Precise Geolocation
We request your GPS coordinates at the moment you tap "Check In." We use these coordinates solely to verify that you are physically present within 50 meters of the open house address. We do not track your location continuously, in the background, or after check-in is complete. Raw GPS coordinates are used to compute a pass/fail distance check and are not retained after verification is complete.

2.3 Voluntary Feedback
If you submit text in the "Liked" or "Disliked" fields, we store that text and associate it with your buyerToken and the relevant event. We recommend you do not include your name, contact information, or details that could identify you.

Notice on PII in Open-Text Fields

If you type personal information into feedback fields, that information will be stored and shared with the event host. We cannot retroactively remove it from reports already delivered. We strongly recommend keeping feedback anonymous.

2.4 Agent / Event Host Data
Agents who publish open house events via post.goflypost.com provide an email address used for magic-link authentication and event claim. We store the event address, scheduled time window, and associated email. This data is necessary to operate the platform.

2.5 Technical Log Data
Our servers automatically log standard request metadata โ€” IP address, browser type, referring URL, timestamp โ€” for security, fraud prevention, and debugging. IP addresses are not linked to buyerTokens in our application layer.

3. How We Use Your Data

  • Presence verification: Confirming you were physically at the open house during the active time window.
  • Organizer reports: Providing the event host with pseudonymous attendance counts, check-in times, and voluntary feedback. Reports do not include raw GPS coordinates or browser token values.
  • Platform integrity: Detecting and preventing GPS spoofing, automated check-ins, and other fraudulent activity.
  • Service operation: Maintaining Firestore records, generating event schemas, and delivering agent-facing reports.

We do not use your data for advertising, behavioral profiling, or any purpose not listed above.

4. Data Sharing

We do not sell, rent, or trade your data. We share data only as follows:

  • Event hosts: The agent or brokerage hosting the open house receives a pseudonymous report of verified attendees and submitted feedback. No buyerToken values, GPS coordinates, or browser identifiers are included in these reports.
  • Infrastructure providers: We use Google Firebase / Firestore to store event and check-in records. Google's data processing terms apply.
  • Legal compliance: We may disclose data if required by a valid court order, subpoena, or applicable law. We will notify affected users where legally permitted.

5. Data Retention

  • GPS coordinates: Not retained after the distance verification check is complete.
  • Check-in records (event ID, timestamp, buyerToken): Retained for 24 months from the event date, then deleted.
  • Feedback text: Retained for 24 months from submission, then deleted.
  • Agent account data: Retained for the duration of the agent's active relationship with Flypost, plus 12 months.
  • Server logs: Retained for 90 days for security purposes, then purged.

6. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: You may request a summary of the categories of personal information we have collected about you and how it has been used.
  • Right to Delete: You may request deletion of personal information we hold associated with your buyerToken.
  • Right to Opt Out of Sale: We do not sell personal information. No opt-out is required, but you may confirm this in writing by contacting us.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise your rights, email support@goflypost.com with the subject line "CCPA Request." We will respond within 45 days.

7. Your Controls

  • Location access: You can deny browser location permissions at any time. Doing so will prevent successful check-in.
  • Reset your identity: Clearing your browser's localStorage removes your buyerToken. Any subsequent check-in will generate a new token with no link to prior activity.
  • Delete your history: You may request deletion of all records associated with your current buyerToken by emailing support@goflypost.com with the subject line "Delete My History." We will confirm deletion within 30 days. A self-service deletion tool is in development and will be added to site settings when available.

8. Security

We store event and check-in data in Google Firebase / Firestore, which provides encryption at rest and in transit. Because we do not collect passwords, names, or financial information from buyers, the risk exposure from a data breach is materially lower than a traditional account-based system. That said, no system is completely secure. We maintain access controls, audit logging, and rate limiting on all check-in endpoints.

9. Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect any information from children. If you believe a child has submitted information through our platform, contact us at support@goflypost.com and we will delete it promptly.

10. Changes to This Policy

We may update this policy as the platform evolves. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify event hosts by email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data requests, or concerns:

Flypost, Inc.
Santa Monica, CA

Questions regarding pseudonymous data?

support@goflypost.com