Flipyield — Privacy Policy
Issuing controller: ML Consulting MB · Vilnius, Republic of Lithuania · legal entity code 306991112
Version: 1.0
Effective from: 1 January 2027
Last updated: 3 July 2026
Privacy contact: support+flipyield@mlconsulting.lt
Lead supervisory authority: Valstybinė duomenų apsaugos inspekcija (VDAI), Vilnius
Data residency: Customer Data lives in the Subscribing Customer's own Apple iCloud. ML Consulting operates no server, no web portal, no App Clip surface and receives no Customer Data on its own infrastructure.
Distribution: Apple App Store (Pro at EUR 9.99 / month or EUR 79.99 / year; 2-week full-featured introductory trial)
Secondhand-reseller tax-reporting, marketplace, accounting and professional-advice disclaimer — read first
Flipyield is a private sourcing, inventory and profit ledger for sole-trader secondhand resellers. It is NOT an accounting, bookkeeping, tax, VAT, invoicing, point-of-sale, ERP, MRP, marketplace-listing-management, marketplace-payments-reconciliation, payment-processing, banking, credit or lending product; NOT a chartered / certified accountant, tax adviser, tax agent, EA (Enrolled Agent), Steuerberater, Buchhalter, expert-comptable, dottore commercialista, contable colegiado, contador público or equivalent regulated professional; NOT a solicitor's, barrister's, notary's, Rechtsanwalt's, Notar's, avocat's, avvocato's, abogado's or licensed-conveyancer's instrument; NOT a court, tribunal, arbitrator, mediator or ombuds ruling; NOT a Qualified Trust Service Provider, eIDAS-recognised qualified electronic signature / seal / timestamp service within the meaning of Regulation (EU) 910/2014; NOT an e-invoicing platform under EU Directive 2014/55/EU or the German ZUGFeRD / XRechnung / EN 16931 standard; NOT a marketplace operator under EU Directive 2000/31/EC (E-Commerce Directive), Regulation (EU) 2022/2065 (Digital Services Act — DSA), Regulation (EU) 2019/1150 (Platform-to-Business Regulation) or Directive (EU) 2021/514 (DAC7 — Cooperation Directive on Reporting Obligations for Digital Platforms); NOT a Steuerberatungsgesetz (StBerG) registered service, ICAEW / ACCA / AICPA / CIMA / CIOT / CTA / AAT / IAB / IFA / Enrolled-Agent / CPA / chamber-of-tax-advisers registration or professional-body attestation; NOT a Land Registry, Companies House, HMRC, IRS, ATO, VMI, Bundeszentralamt für Steuern (BZSt), Finanzamt, Companies Register or Centre of Registers (Registrų centras) filing instrument; and NOT a fire alarm, intrusion alarm, gas / smoke / carbon-monoxide detector, calibrated instrument or public emergency service.
Flipyield does NOT provide accounting, bookkeeping, tax, VAT, USt, TVA, IVA, GST, HST, sales-tax, income-tax, self-employment-tax, national-insurance, PAYE, self-assessment, Kleinunternehmerregelung UStG §19, Making Tax Digital (MTD), Schedule C, Schedule SE, Form 1040, Form 1099-K, Form 1099-DA, Business Activity Statement (BAS), Instalment Activity Statement (IAS), DAC7 platform-report reconciliation, UK Digital Platform Reporting Regulations 2023 reconciliation, IRS 1099-K / 1099-DA / IRC §6050W reconciliation, insurance, product-liability, product-safety (GPSR / U.K. GPSR 2005 / CPSIA / CCPSA — which apply to used goods sold in the course of a commercial activity), counterfeit-goods, trademark, cultural-goods (UNIDROIT 1995 / UNESCO 1970 / U.K. Dealing in Cultural Objects (Offences) Act 2003), CITES (for ivory, tortoiseshell, taxidermy, exotic materials), used-electronics safety, used-children's-goods safety (CPSIA lead limits) or Money-Laundering (5AMLD / 6AMLD / OFAC / EU / U.K. OFSI) advice, opinion, determination or attestation. Flipyield does NOT interact with any marketplace API for import, listing publication, crosslisting, relisting, live-fee retrieval or sold-listing lookup — by design, not by omission. Flipyield does NOT verify item authenticity, does NOT verify item condition, does NOT verify item provenance, does NOT compute “what's it worth” valuations, does NOT run price-comparison lookups against sold-listing databases, and does NOT look up UPCs / EANs / ISBNs / catalogue references (a scanned barcode persists in Flipyield as an opaque SKU string only). Every figure Flipyield displays is an estimate derived from the Subscribing Customer's own entries, computed from the disclosed formulas set out in the App's in-App formula-disclosure surface, and is labelled as an estimate for the owner's decision-making — never as advice, never as an audit-ready or tax-ready figure, never as a guarantee, and never as a “tax-ready DAC7 pack”, an “IRS 1099-K reconciliation”, an “HMRC-compliant return” or a “Vinted / eBay / Poshmark platform-report substitute”.
Local notifications, widgets, App Intents, Foundation Models on-device narrative-summary and per-product price-suggestion outputs (v1.1), Vision-framework on-device receipt-OCR suggestions, per-photo SHA-256 hashes, XLSX imports and exports and PDF Pack renders are advisory only. The Subscribing Customer remains the sole trader for every payment received through every marketplace, every craft fair and every direct sale — independently of the App. CALLING 112 / 999 / 911 / 000 OR THE LOCALLY APPLICABLE PUBLIC EMERGENCY NUMBER REMAINS MANDATORY whenever any person is in apparent danger of death or serious harm in a workshop or at a market (including burns from wax, resin, soap-lye or hot glass; fire; electrocution from tooling; slips, trips or falls; laceration from cutting tools; chemical exposure; anaphylaxis; or medical emergency).
At a glance — what you should know in 60 seconds
• We do not sell your personal data and we never will. In fact, ML Consulting collects no Customer Data on its own infrastructure at all: Flipyield is a no-server, no-account, offline-first iPhone-and-iPad application, and every Customer Data category (Items and Lots, Purchases, Bins with user-owned QR labels, Listings, Sales, Trips and mileage, Marketplace fee profiles, Adjustments, Settings, AVFoundation item / receipt / bin photographs with per-photo SHA-256 hashes captured at save, Vision-framework on-device QR-scan outputs and barcode-capture outputs — persisted as opaque SKU strings only, never resolved against any external product catalogue — XLSX imports and exports from the user's own Files picker, PDF Pack renders and — from v1.1 — Foundation Models on-device outputs) lives in the Subscribing Customer's own Apple iCloud (Core Data mirrored to CloudKit private database) on the Subscribing Customer's own iCloud quota. We do not use Subscriber Data to train, fine-tune, evaluate or benchmark any machine-learning model.
• Flipyield is offline-first. Capture, browsing, editing, Batch production, Order quick-log, Pack generation, XLSX import and export, and every other operational flow work with zero connectivity; CloudKit syncs when your device is next online. If iCloud is unavailable (signed out or quota-full), the App runs fully locally with a passive banner and no work is lost.
• Flipyield operates no server, no web portal, no App Clip surface, no operator dashboard, no third-party analytics SDK, no crash-reporting SDK, no advertising SDK, no attribution SDK, no tracking SDK and no live marketplace-API integration. Measurement is App Store Connect + MetricKit + on-device counters only. The App Store “Data Not Collected” privacy label reflects this. There is no ad model and there never will be. There are no streaks, no shareable moments, no marketing-style nudges and no anxiety-triggered notifications.
• Flipyield is sold by subscription through the Apple App Store: Pro at EUR 9.99 per month or EUR 79.99 per year. A 2-week full-featured introductory trial applies, configured in App Store Connect. Post-trial the App is read-only with full XLSX + PDF export always available; your data is never held hostage. A single StoreKit 2 entitlement gate is the only check in the codebase and guards record creation and artifact generation. Read and export are never gated. All billing runs through Apple App Store In-App Purchase; ML Consulting operates no direct billing channel and does not use Stripe, PayPal, GoCardless or any other payment processor for Flipyield.
• The App is NOT an accounting or bookkeeping product, NOT a tax adviser or Steuerberater, NOT a marketplace-listing manager, NOT a point-of-sale, NOT an ERP; NOT a Qualified Trust Service Provider under eIDAS; NOT an e-invoicing platform; NOT a marketplace operator under DAC7 / DSA / P2B; NOT a 1099-K, Schedule C, Anlage EÜR, MTD or BAS filing instrument; NOT a product-liability, GPSR, REACH, CLP, Cosmetic Products, MoCRA, NHP, TGA or CE / UKCA / FDA authority; and NOT a public emergency service. Every displayed figure is an estimate for your decision-making, computed from your own entries using the disclosed formulas in the App.
• Optional Face ID / Touch ID app lock (LocalAuthentication) protects local App access on shared devices. Per-photo SHA-256 hashes captured at save time and per-Pack photo-hash manifests are operational, evidentiary anchors — they are a fingerprint, not a notarisation, not an eIDAS qualified electronic seal or timestamp, and not a certified electronic signature. Flipyield deliberately does not include an operator-side handover-signature surface; recipients receive PDFs and XLSX files through the iOS share sheet.
• Item, Lot, Purchase, Bin, Listing, Sale, Trip, Marketplace fee profile, Adjustment, PDF Pack, XLSX export, item / receipt / bin photograph and every other Customer Data record belongs to the Subscribing Customer. We do not share or sell this data with any third party for advertising, commercial-intelligence, marketplace-benchmarking, market-research, credit-scoring, seller-performance-scoring or claim-outcome-prediction purposes. Because Flipyield has no server, we cannot share Customer Data even if we wanted to — we never receive it.
• Flipyield deliberately does NOT offer: AI accounting, bookkeeping, tax, VAT, MTD, Schedule C, Anlage EÜR, BAS, DAC7 / 1099-K / 1099-DA / UK Digital Platform Reporting or IR35 determinations; AI valuation, price-comps, “what's it worth”, sold-listing prediction or dynamic-pricing determinations; AI counterfeit-goods, trademark or copyright determinations; AI CITES / cultural-goods determinations; AI product-safety (GPSR / U.K. GPSR 2005 / CPSIA / CCPSA) determinations on used goods; AI UPC / EAN / ISBN / catalogue-lookup determinations; AI DSA / P2B / DAC7 / DMA marketplace-operator determinations; AI marketplace-terms interpretation; AI insurance underwriting or claims determinations; AI pricing advice or competitor-pricing recommendations beyond the disclosed cost + target-margin formula the owner sets; AI seller-performance, employability, ranking, blacklist, ban-risk, marketplace-behaviour, review-quality, refund-risk, chargeback-risk or claim-outcome-prediction profiles; or AI computer-vision “detected”, “verified”, “counted”, “damage-diagnosed” or “counterfeit-flagged” verdicts. The AI helpers we do offer (Vision on-device QR-scan of the App's own bin labels (never for external QR codes, never for product-catalogue lookups) and barcode capture (persisted as opaque SKU strings only); from v1.1, Vision-framework on-device receipt-OCR suggestions the reseller confirms; and — from v1.1 only, Apple-Intelligence-device-floor-gated in English and German — Foundation Models on-device monthly plain-language recap and listing-description drafts) are on-device only, never autonomous, suggestion-labelled and raw input always retained.
• You can exercise the full set of EU GDPR rights at any time by writing to support+flipyield@mlconsulting.lt. Our lead supervisory authority is the Lithuanian State Data Protection Inspectorate (VDAI) in Vilnius. Where the only copy of your Customer Data lives in your own iCloud, many rights are exercised through Apple (iCloud account controls, Data & Privacy portal at privacy.apple.com) rather than through ML Consulting.
• Flipyield is intended for business users (B2B — sole traders paying personally) only. Users must be at least 18 years old, must be the sole trader or the sole trader's authorised delegate, and must comply with the marketplace terms (eBay, Poshmark, Vinted, Depop, Etsy, Mercari, Vestiaire Collective, Grailed, Whatnot, Facebook Marketplace and equivalents), tax-authority obligations (DAC7 / HMRC / IRS / BZSt / Finanzamt / ATO / CRA / VMI reporting), counterfeit-goods / trademark / CITES / cultural-goods obligations, product-safety obligations (GPSR / U.K. GPSR / CPSIA / CCPSA where applicable to used goods sold in the course of a commercial activity) and insurance obligations of every jurisdiction in which the sole trader operates.
1. About this Privacy Policy
ML Consulting MB (“ML Consulting”, “we”, “us”, “our”) is the publisher of the Flipyield iOS / iPadOS application (the “App”), distributed exclusively through the Apple App Store. This Privacy Policy explains what personal data the App processes — and, importantly, where that data lives, which is the Subscribing Customer's own Apple iCloud rather than any server operated by ML Consulting — when you use the App: subscribe through the Apple App Store, define an Item, log a Purchase or a Lot manually or (from v1.1) by capturing a receipt photograph with AVFoundation and OCRing it on-device with Vision, define a Bin and print a user-owned QR label sheet via PDFKit + Core Image, Mark an Item Listed on a Marketplace, Mark an Item Sold with a profit-waterfall reveal, edit a Marketplace fee profile (all editable estimates), quick-log a Purchase in ≤ 15 seconds median, log a sourcing Trip and its mileage, review the Dashboard, share a Monthly P&L Pack PDF / Inventory Valuation PDF / Year-End Per-Platform Summary XLSX (DAC7 / HMRC / IRS-season records only) / full-data XLSX Export through the iOS share sheet, import an XLSX items or sales workbook through the Files picker, enable the optional Face ID / Touch ID app lock, or opt in to the v1.1 Foundation Models narrative layer where your device meets the Apple Intelligence floor and your language is English or German — why we process it, the legal bases on which we rely, with whom we share it (deliberately: nobody in the data plane other than Apple, for iCloud), for how long we keep it, and the rights you have under the General Data Protection Regulation (GDPR) and other applicable privacy laws.
This Policy is written to satisfy Articles 12 to 14 of Regulation (EU) 2016/679 (the GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data, Regulation (EU) 910/2014 (eIDAS) where electronic-signature claims are concerned (Flipyield issues none), Regulation (EU) 2024/1689 (the AI Act) where transparency and human-oversight obligations apply to Vision receipt-OCR, NaturalLanguage fuzzy-matching and v1.1 Foundation Models features, the EU Consumer Rights Directive 2011/83/EU as transposed into every launch market, Regulation (EU) 2022/2065 (DSA), Regulation (EU) 2019/1150 (P2B Regulation), Directive (EU) 2021/514 (DAC7) — under which Flipyield is not a reporting platform operator because it operates no server, brokers no transactions and lists no items on any marketplace on the reseller's behalf — the marketplaces are the reporting operators — the German BDSG, AO, HGB and GoBD principles, the UK GDPR and Data Protection Act 2018 and Making Tax Digital regime, the U.S. state and federal consumer-privacy regimes, the Australian Privacy Principles under the Privacy Act 1988 and ATO record-keeping obligations, and the Canadian PIPEDA and CRA record-keeping obligations.
Flipyield is intended for business users (B2B) only — sole-trader secondhand resellers paying personally from their own pocket for a Pro subscription. This Policy should be read together with the Flipyield Terms and Conditions (Master Terms + Schedule A) published by ML Consulting MB.
2. Controller identification
We are the data controller for the processing described as “we act as controller” in section 4 of this Policy. Because Flipyield operates no server, no web portal, no App Clip surface, no account and no login, and because Customer Data lives in the Subscribing Customer's own iCloud rather than on ML Consulting infrastructure, the controller-level processing we carry out is deliberately extremely narrow — essentially, StoreKit 2 App Store Server Notifications payloads and support correspondence.
• Legal name: ML Consulting MB
• Legal form: Mažoji bendrija (small partnership) governed by the law of the Republic of Lithuania
• Legal entity code: 306991112 (Centre of Registers of the Republic of Lithuania)
• Website: https://mlconsulting.lt
• Privacy contact: support+flipyield@mlconsulting.lt
ML Consulting MB has not designated a Data Protection Officer because its current processing does not meet the criteria in Article 37(1) GDPR. The privacy contact above handles all data-protection enquiries.
Our lead supervisory authority for the purposes of the GDPR's one-stop-shop mechanism (Article 56 GDPR) is the Lithuanian State Data Protection Inspectorate — Valstybinė duomenų apsaugos inspekcija (VDAI) — at L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania, telephone +370 5 271 2804, email ada@ada.lt, website vdai.lrv.lt.
3. Scope of this Policy
This Privacy Policy applies to:
• the Flipyield iOS / iPadOS application published by ML Consulting MB on the Apple App Store, including the iPhone TabView capture-first surface (Dashboard, Orders, Products, Materials, More), the iPad split-view review-cockpit surface, the AVFoundation receipt-capture layer, the Vision-framework on-device OCR layer, the NaturalLanguage on-device token-similarity fuzzy-matching layer, the PDFKit + ImageRenderer Pack pipeline, the Swift Charts dashboard, the custom pure-Apple XLSXReader / XLSXWriter module, the widget surface, the App Intent surface (LogSaleIntent, AddPurchaseIntent), the BGTaskScheduler background local-notification scheduler, the LocalAuthentication optional app-lock surface, the StoreKit 2 In-App Purchase pipeline, and — from v1.1 — the optional Foundation Models narrative layer, the optional QR-label generation and scan surface, and the optional CKShare single-partner sharing surface (introduced only under an explicit decision gate);
• user accounts — of which there are none. Flipyield uses ambient iCloud identity to access the Core Data / CloudKit private database; there is no account, no login, no password, no email verification and no operator dashboard;
• the App's landing pages, help articles and documentation hosted on mlconsulting.lt that describe Flipyield; and
• email and other communications you exchange with us about the App.
This Policy does NOT apply to the recipient side of Pack and export delivery. When you export a Monthly P&L Pack PDF, a Product Cost Sheet PDF, an Inventory Valuation PDF or a full-data XLSX Export from the iOS share sheet, the PDF or XLSX becomes a document under the recipient's control, processed by the recipient's own email server, document-management system, accounting software (DATEV, Xero, QuickBooks, FreshBooks, Sage, Wave, ELSTER, MTD bridging software or equivalent), or filing platform. ML Consulting has no visibility into and no processing role in the recipient's handling of that document.
Where Apple Inc. or its subsidiaries, or any other independent third party, processes personal data on its own account in connection with the App — for example, the Apple App Store, iCloud, CloudKit, StoreKit 2, APNs local-notification delivery, WidgetKit, App Intents, BackgroundTasks, PhotoKit, AVFoundation, Vision / VisionKit, NaturalLanguage, PDFKit, LocalAuthentication and Secure Enclave, and — from v1.1 — Core Image and Foundation Models — that party acts as a separate controller and its own privacy policy applies in addition to this Policy.
4. Our two privacy roles — controller and processor
4.1 We act as controller (deliberately narrow — Flipyield collects nothing on ML Consulting infrastructure)
We determine the purposes and means of processing for the following extremely narrow categories:
• billing and payment data returned to us by App Store Server Notifications (subscription identifier, tier, trial state, renewal state, refund state, environment, transaction identifier); Apple Inc. is the merchant of record; we do not receive your payment-card data;
• communications and support correspondence about the App;
• device, technical and telemetry data — deliberately limited: iOS / iPadOS version, device model, App version, language and timezone, visible to us only through App Store analytics reports Apple publishes to developers and MetricKit crash and hang diagnostics if you have opted in to Diagnostics and Usage Data at the OS level; no third-party analytics SDK, no crash-reporting SDK, no attribution SDK, no advertising SDK, no tracking SDK is embedded in the App;
• the internal logs we keep to comply with statutory accounting and tax retention under Lithuanian law.
4.2 We act as processor (Customer Data lives in your own iCloud — we never receive it)
Every category of Customer Data — Items, Lots, Purchases (append-only), Bins with user-owned QR labels, Listings (append-only), Sales (append-only, with per-item cost snapshot frozen at Mark-Sold entry; no marketplace API auto-imports a Sale), Trips and mileage (manual; no CoreLocation in v1.0), Marketplace fee profiles (all editable, all labelled estimates), Adjustments (append-only), Settings, AVFoundation item / receipt / bin photographs, Vision QR-scan outputs of the App's own bin labels and barcode-capture outputs (persisted as opaque SKU strings only, never resolved against any external product catalogue), and — from v1.1 — Vision receipt-OCR suggestion outputs and Foundation Models on-device summary and listing-description-draft outputs — lives in the Subscribing Customer's own Apple iCloud (Core Data mirrored to CloudKit private database). Photographs and other binary assets are stored as CKAssets on the Subscribing Customer's own iCloud quota. When iCloud is unavailable (signed out or quota-full), the App runs fully locally with a passive banner and no work is lost.
The consequence for privacy roles is unusual: for these categories, ML Consulting acts as processor on the Subscribing Customer's instructions insofar as our App code and its Apple-supplied entitlements run on the Subscribing Customer's device, but ML Consulting never itself sees, receives, stores, transmits, indexes, aggregates or otherwise processes the underlying content of that Customer Data on its own infrastructure. Apple Inc., in operating iCloud and CloudKit on behalf of the Subscribing Customer, is a separate independent controller for its own iCloud-side processing.
ML Consulting does not use Subscriber Data to train, fine-tune, evaluate or benchmark any machine-learning model, and does not disclose Subscriber Data to any third-party model provider under any circumstances — because ML Consulting never receives Subscriber Data on its own infrastructure in the first place. Vision, NaturalLanguage and Foundation Models (v1.1) are Apple's on-device frameworks; their inference runs locally and their output does not leave the device as a result of the App's use.
5. Apple App Store, iOS, iPadOS, CloudKit, Vision, NaturalLanguage, Foundation Models and platform context
Because the App is delivered through the Apple App Store, runs on Apple's iOS and iPadOS platforms and stores every Customer Data category in the Subscribing Customer's own Apple iCloud rather than on any ML Consulting server, this section makes the platform inheritance explicit. There is no web portal, no App Clip surface, no operator dashboard, no Mac Catalyst app, no Android app, no watchOS companion and no visionOS surface within the scope of the App.
5.1 App Privacy details on the App Store — “Data Not Collected”
Flipyield's App Privacy details on the App Store are set to “Data Not Collected”. The App Store submission review notes explain the no-account, no-server architecture: all Customer Data lives in the customer's iCloud; the developer collects nothing.
5.2 App Tracking Transparency
Flipyield does not track you across other companies' applications and websites within the meaning of Apple's App Tracking Transparency framework. We do not request the ATT permission and we do not use the iOS Identifier for Advertisers (IDFA). The App's App Store declaration is set to “Data Not Used to Track You”. We never apply seller-performance, employability, ranking, blacklist, ban-risk, review-quality, refund-risk, chargeback-risk or marketplace-behaviour profiling.
5.3 Privacy Manifest
Flipyield ships an Apple-required Privacy Manifest (PrivacyInfo.xcprivacy) declaring the data categories the App accesses, the reasons for any use of “required reason” iOS APIs (camera for AVFoundation receipt capture; photo library for PhotoKit product-photo import; Vision and VisionKit for on-device receipt OCR; NaturalLanguage for on-device fuzzy matching; Foundation Models for the v1.1 narrative layer; PDFKit for Pack render; Keychain for short secrets; LocalAuthentication for optional app lock; BackgroundTasks for local-notification scheduling; StoreKit 2 for IAP) and the third-party SDKs the App depends on — which, deliberately, is none.
5.4 iOS sandbox, Data Protection, per-receipt SHA-256 and append-only records
On-device application data is held inside the iOS application sandbox and benefits from Apple's default Data Protection. Every AVFoundation receipt photograph captured through the App is hashed with SHA-256 at save time. Financial records (PurchaseLots, Batches, Orders and StockAdjustments) are append-only after save: corrections supersede rather than overwrite, both the superseded and the superseding record remain visible, and PDF Pack exports include a hash manifest. This is a fingerprint, not a notarisation.
5.5 Ambient iCloud identity, no account, no login, no Sign in with Apple, and the optional Face ID app lock
Flipyield deliberately has no account architecture. It does not present a login screen, does not ask for an email address or password, and does not use Sign in with Apple in v1.0. It relies on ambient iCloud identity for Core Data / CloudKit private-database access. Optional Face ID / Touch ID app lock is available through LocalAuthentication; biometric data never leaves the device and Apple does not provide us with your biometric template.
5.6 Vision framework — QR-scan of user-owned bin labels and barcode-to-opaque-SKU capture; no CV verdicts, no product-catalogue lookups
Flipyield uses Apple's Vision framework on-device for receipt-OCR text extraction and, from v1.1, for QR-code scanning of user-owned bin labels. Vision output is a labelled suggestion the recorder confirms — no computer-vision verdicts, no “detected”, “verified”, “counted”, “damage-diagnosed”, “counterfeit-flagged” or “provenance-authenticated” claims. Below a deterministic confidence threshold, the App visibly flags the affected line as low-confidence, and no PurchaseLot, no stock change and no cost change persists from any line the recorder does not confirm.
5.7 NaturalLanguage — v1.1 only, deferred to the Foundation Models narrative layer
Flipyield uses Apple's NaturalLanguage framework on-device to fuzzy-match receipt-line text to the Subscribing Customer's own Material names, using deterministic token-similarity with a disclosed threshold. Suggestions only; the recorder confirms every match.
5.8 Foundation Models — v1.1 narrative layer only, English and German, device-floor gated, rule-based parity below the floor
From v1.1, Flipyield will offer an optional Foundation Models on-device narrative layer with two components: a monthly plain-language recap of the reseller's own dashboard KPIs (revenue, fees, COGS, mileage, profit, sell-through, days-to-sale, death-pile count); and listing-description drafts generated from Item attributes the reseller has entered. The layer is gated at three levels: availability (Apple Intelligence device floor), language (English and German only) and per-generation confirmation. Prompts consume derived aggregates only — never raw records. Foundation Models is Apple's on-device large-language-model framework.
5.9 AVFoundation, PhotoKit and Files — item / receipt / bin capture and XLSX import from your own files
Flipyield uses AVFoundation for receipt-capture, PhotoKit only where the recorder explicitly imports an existing photograph, and the iOS Files picker for user-owned XLSX orders and materials workbook import. Flipyield does not read your Contacts, Calendar, HealthKit, HomeKit, CoreLocation, NFC, Speech or RoomPlan / LiDAR — all deliberately excluded.
5.10 Custom pure-Apple XLSXReader / XLSXWriter — no third-party SDK
The XLSX import and export layer is a custom pure-Apple module built on Foundation and Compression. There is no CSV import surface and no CSV export surface anywhere in the App — deliberately, as a binding anti-scope. The XLSX module does not phone home, does not embed telemetry, and does not use any third-party dependency.
5.11 PDFKit, Swift Charts, WidgetKit, App Intents, BackgroundTasks, StoreKit 2
Flipyield relies on several Apple frameworks: PDFKit + ImageRenderer (Monthly P&L Pack, Product Cost Sheet, Inventory Valuation, full-data XLSX Export — mandatory footers on every page); Swift Charts (dashboard); WidgetKit (Today's profit widget, Quick-log deep-link widget — best-effort refresh, no push); App Intents (LogSaleIntent, AddPurchaseIntent — Siri and Shortcuts); BackgroundTasks (BGTaskScheduler — best-effort local-notification scheduling); StoreKit 2 (Apple App Store IAP, 2-week introductory trial, localized product prices only).
5.12 CloudKit private database and CKShare (v1.1, decision-gated) — Customer Data in your own iCloud
Every category of Customer Data lives in the Subscribing Customer's own Apple iCloud, in the CloudKit private database for the Flipyield container. From v1.1, if the decision gate passes, team-of-two workspaces are implemented via CKShare: the Subscribing Customer subscribes and creates a single CKShare per company root; a single partner accepts the share link, installs the App and joins as a co-user. CloudKit and CKShare are operated by Apple Inc. under Apple's own privacy terms.
5.13 Recipients — no accounts, no App Clip, no server; Packs and XLSX travel via the iOS share sheet
Recipients — the Subscribing Customer's own accountant, tax adviser, Steuerberater, partner, market organizer, insurance broker or any other counterparty — do not have accounts in Flipyield. There is no App Clip surface and no operator dashboard. Recipients receive Pack PDFs and XLSX Exports via the iOS share sheet.
5.14 App Privacy Report
iOS 15.2 and later provide an in-operating-system App Privacy Report. Flipyield is designed so that this report shows the Apple platform domains used (App Store, iCloud, CloudKit, APNs local-only) and — deliberately — nothing else. No ML Consulting server domain, no third-party analytics domain, no advertising domain, no attribution domain and no crash-reporting domain should ever appear.
6. Key terms used in this Policy
• Personal data — any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR.
• Processing — any operation performed on personal data.
• Controller — the person who determines the purposes and means of processing.
• Processor — a person who processes personal data on behalf of a controller.
• Subscribing Customer — the sole-trader secondhand reseller (or, from v1.1 under CKShare, the sole trader plus one authorised partner) who took out the Flipyield Pro subscription and pays personally from her own pocket.
• Item — a discrete unit of secondhand inventory the Subscribing Customer sources and lists for resale (a jacket, a book, a vinyl record, a pair of sneakers, a vintage camera, a piece of costume jewellery, a set of glasses, a lamp).
• Purchase / Lot — an append-only record of a purchase. A single-item Purchase captures cost, source chip and date. A Lot captures a total cost and item count; per-item cost is allocated by the equal-split, manual-percentage or expected-value-weighted method the reseller chooses at allocation time. Corrections supersede rather than overwrite.
• Bin — a physical storage location for Items (a bin, shelf or storage cage) with a location photograph and a user-owned QR label generated by the App via PDFKit + Core Image and scanned via Vision.
• Trip — a sourcing trip with saved route or venue, user-entered distance in miles or kilometres, per-trip spend link and optional receipt photograph; mileage cost is computed at the user-entered per-mile / per-kilometre rate. No GPS in v1.0.
• Listing — an append-only record capturing that an Item was listed on a specific Marketplace on a specific date, with the reseller's free-text title and description and listing price. The App does not publish the Listing to the Marketplace and does not read from any Marketplace API.
• Marketplace fee profile — an editable Marketplace-fee preset (eBay, Poshmark, Vinted, Depop, Etsy, Mercari, Vestiaire Collective, Grailed, Whatnot, Facebook Marketplace, Bonanza, ThredUp, The RealReal, Cash / fair, other) with tiered percentage, flat-below-threshold and payment-processor rules. All user-editable, all labelled “editable estimate — verify against your statement”.
• Sale — an append-only record of a sold Item with sold price, shipping charged and cost, discount, computed marketplace-fee estimate (from the disclosed Marketplace fee profile formula), optional external order ID copied by the reseller from the Marketplace statement, and profit waterfall. No marketplace API auto-imports a Sale.
• Adjustment — an append-only manual stock or price correction record (returned, damaged, lost, found, deleted, price change). Historical Sales are never edited.
• Pack — a PDF or XLSX assembled on-device by PDFKit + ImageRenderer in one of five types: Monthly P&L Pack, Inventory Valuation (at cost), Year-End Per-Platform Summary XLSX (the DAC7 / HMRC / IRS-season records-only artifact), full-data XLSX Export, and PDFKit-generated QR bin-label sheets. Every Pack carries the mandatory disclaimer footer: “Generated with Flipyield from the owner's own entries. Figures are estimates for the owner's decision-making — not accounting, tax, or legal advice. Verify fees against marketplace statements.” and the discreet product footer: “Made with Flipyield for iPhone.”
• Recipient — the accountant, Steuerberater, tax preparer, spouse or any other counterparty who receives a Pack PDF or XLSX Export via the iOS share sheet. Not a user of the App.
• EntitlementGate — the single StoreKit 2 check that guards record creation and artifact generation; read and export are never gated.
• Foundation Models layer (v1.1) — the opt-in, Apple-Intelligence-device-floor-gated, English-and-German-only on-device narrative-summary and listing-description-draft layer. Prompts consume derived aggregates only; output never auto-persists.
• CKShare partner (v1.1, decision-gated) — an optional single partner the Subscribing Customer invites to co-use the workspace under CKShare.
• On-device — data stored or processed locally on the Subscribing Customer's iPhone or iPad inside the iOS application sandbox.
• Backend — Flipyield has none. The App's server-side surface is Apple iCloud (CloudKit) operated by Apple Inc.
• Sub-processor — a third-party service provider that processes personal data on our behalf. Flipyield deliberately depends on none for its data plane.
• EEA — the European Economic Area.
• VDAI — Valstybinė duomenų apsaugos inspekcija, the Lithuanian State Data Protection Inspectorate.
7. Personal data we process
This section describes the data Flipyield processes. The unusual feature to hold in mind: with the narrow exceptions in section 4.1, the Customer Data below lives in the Subscribing Customer's own iCloud, not on ML Consulting infrastructure. Because Flipyield has no account architecture, we do not even hold an account identifier or an email address for you unless you email us support directly.
7.1 Account and authentication data (we act as controller — deliberately none)
Flipyield has no account architecture. It does not require Sign in with Apple in v1.0, does not present a login screen, does not ask for an email address or password, and does not hold an account identifier for you. Ambient iCloud identity is used only by Apple's CloudKit for the Subscribing Customer's private-database access. Where you email us support, we hold your email address only for the purpose of replying.
7.2 Device, technical and telemetry data (limited)
iOS / iPadOS version, device model, App version, language and timezone (visible to us only through App Store analytics reports); MetricKit crash and hang diagnostics if you have opted in at the OS level; on-device diagnostics counters surfaced only to you (nothing leaves the device). No third-party analytics SDK, no crash-reporting SDK, no attribution SDK, no advertising SDK, no tracking SDK.
7.3 Communications and support data
The content and metadata of any email, support ticket or in-app help message you send us, including any attachments.
7.4 Billing and payment data (Apple is the merchant of record)
App Store Server Notifications payloads: subscription identifier, tier, trial state, renewal state, refund state, environment, transaction identifier. We do not receive your payment-card data. There is no direct billing channel and no Stripe / PayPal / GoCardless / SEPA / bank-transfer path for Flipyield.
7.5 Customer Data (lives in your own iCloud)
Items (short title, category, item photograph, source chip, Bin relation, aging start date); Purchases and Lots (append-only, with source chip, date, single-item cost or lot total cost with item count, currency code, entry method — manual / xlsxImport / v1.1 receipt-OCR — optional receipt-image SHA-256; per-item cost within a Lot allocated by equal-split, manual-percentage or expected-value-weighted method the reseller chooses); Bins (bin identifier, location photograph, description; user-owned QR label sheet generated by the App); Listings (append-only, with Item relation, Marketplace relation, listing date, listing title and description as free text entered by the reseller, listing price); Marketplace fee profiles (name — eBay, Poshmark, Vinted, Depop, Etsy, Mercari, Vestiaire Collective, Grailed, Whatnot, Facebook Marketplace, Bonanza, ThredUp, The RealReal, Cash / fair, other — tiered fee rules, payment-processor rules, all editable, all labelled estimates); Sales (append-only, with Item relation, Marketplace relation, sold date, sold price, shipping charged, shipping cost, discount, optional external order ID copied by the reseller from the marketplace statement, entry method — manual / xlsxImport); Trips and mileage (manual trip log with saved routes and venues, distance entry, per-trip spend link, optional receipt photograph with SHA-256; no GPS in v1.0); Adjustments (append-only, with Item relation, adjustment type — returned, damaged, lost, found, deleted, price change — reason, date); Settings (singleton — base currency code fixed at onboarding, per-mile / per-kilometre mileage rate, death-pile threshold, stale-listing threshold, app-lock enabled); AVFoundation item / receipt / bin photographs stored as CKAssets with per-photo SHA-256 hash at save; Vision on-device QR-scan outputs (of the App's own bin labels only) and barcode-capture outputs (persisted as opaque SKU strings only); PDF Pack renders (Monthly P&L Pack, Inventory Valuation, Year-End Per-Platform Summary XLSX for DAC7 / HMRC / IRS-season records only, full-data XLSX Export, PDFKit-generated QR bin-label sheets) with mandatory footers and hash manifest; XLSX items and sales workbooks the Subscribing Customer imports through the Files picker; and — from v1.1 — Vision-framework on-device receipt-OCR suggestion outputs, NaturalLanguage token-similarity fuzzy-match outputs and Foundation Models on-device monthly-recap and listing-description-draft outputs (English and German only).
7.6 CKShare partner data (from v1.1 if introduced)
Where the Subscribing Customer invites a single partner under v1.1 CKShare: the partner's name, iCloud identity as supplied to the CKShare zone by Apple, join timestamp, and any Customer Data entries the partner captures.
7.7 Recipient data (accountant, Steuerberater, partner, market organizer, insurance broker) — incidental
Where the Subscribing Customer enters a Recipient's email address into the iOS share sheet at Pack export, that address is handled by iOS Mail (or the chosen share-target app), not by Flipyield; we do not store Recipient contact data server-side (because we have no server).
7.8 Customer-of-the-Subscribing-Customer data (incidental in Orders and receipts)
Where an Order line item records an external Order ID (typically an Etsy or marketplace order reference), a customer name or a customer address: that data is Customer Data on the Subscribing Customer's iCloud. Flipyield does not send the Subscribing Customer's customer data anywhere.
7.9 Special-category and sensitive data (Article 9 GDPR — incidental)
Flipyield is not designed to collect special-category data within the meaning of Article 9 GDPR. Item / receipt / bin photographs may incidentally reveal information about a previous owner (letters left inside a book), a supplier's identity, an invoice recipient's name or a delivery address. Barcode captures persist as opaque SKU strings only — the App does not resolve them against any external product catalogue. The Subscribing Customer is responsible for the lawful basis under Articles 6 and 9 GDPR for any special-category data she records. Biometric authentication (Face ID / Touch ID for optional app lock) is performed by Apple's LocalAuthentication framework and biometric data never leaves the device.
7.10 Location data (CoreLocation — deliberately excluded)
Flipyield does not use CoreLocation. Orders record a Channel (Etsy-style handmade marketplace, craft fair, own site, other), not a place.
7.11 What we do not collect
To remove ambiguity, Flipyield does not collect:
• the contents of your Apple Contacts, the wider Apple Calendar, your photo library beyond photographs you actively import through PhotoKit, or any HealthKit / HomeKit data;
• continuous background-location data or any CoreLocation data;
• Speech-framework voice input; Speech is deliberately excluded from v1.0;
• data from any live marketplace API (Etsy, Amazon Handmade, Not On The High Street, Folksy, Bonanza, Shopify, WooCommerce or equivalent) — live marketplace integration is deliberately excluded from v1.0;
• behavioural-advertising identifiers; we do not run advertising, do not use the IDFA and do not share data with advertising networks;
• analytics, attribution or crash-reporting data through any third-party SDK — Flipyield deliberately embeds none;
• any seller-performance, employability, ranking, blacklist, ban-risk, marketplace-behaviour, price-competition, refund-risk, chargeback-risk or claim-outcome-prediction profile.
8. How we collect personal data
We collect personal data in three narrow ways:
1. Directly from you — when you install or use the App on iPhone or iPad, subscribe through the Apple App Store, capture a receipt through AVFoundation, import an XLSX orders or materials workbook through the Files picker, enable the optional Face ID / Touch ID app lock, opt in to the v1.1 Foundation Models narrative layer where your device and locale are eligible, opt in to v1.1 CKShare single-partner sharing (if introduced), contact support or subscribe to a communication.
2. Automatically through your use of the App — when the App generates on-device application data (deterministic engine outputs, Pack render metadata, append-only supersede-chain metadata, per-photo SHA-256 hashes, per-Pack photo-hash manifests) necessary to deliver the service; and when Apple platform services supply data linked to your action. Aside from App Store Server Notifications payloads and any support-endpoint hits, none of this data leaves the device.
3. From Apple — when the App Store delivers an In-App Purchase result through StoreKit 2 and App Store Server Notifications, when App Store analytics reports arrive, when MetricKit publishes crash and hang diagnostics if you have opted in at the OS level, and when — for CloudKit and (v1.1 gated) CKShare — Apple operates the Subscribing Customer's iCloud on the Subscribing Customer's behalf.
9. Why we process personal data and our legal bases
For each processing activity we rely on a lawful basis under Article 6(1) GDPR.
9.1 Performance of a contract (Article 6(1)(b))
• Provide and operate the App on your iPhone and iPad, including the capture-first surface, the review-cockpit surface, the pure deterministic engines, on-device Vision receipt OCR, on-device NaturalLanguage fuzzy matching, on-device PDFKit + ImageRenderer Pack render, on-device pure-Apple XLSXReader / XLSXWriter, and the Core Data / CloudKit private-database sync to your own iCloud.
• Process payments and manage billing through Apple App Store In-App Purchase.
• Face ID / Touch ID gating of the optional app lock.
• v1.1 CKShare single-partner sharing (if introduced).
• Send service messages.
• Provide customer support and respond to enquiries.
9.2 Consent (Article 6(1)(a))
• Camera, microphone, photo-library and Files access via the iOS prompts.
• Local-notification cadence.
• Optional Face ID / Touch ID app lock.
• v1.1 Foundation Models narrative layer enablement (where the device meets the Apple Intelligence floor and the locale is English or German).
9.3 Compliance with a legal obligation (Article 6(1)(c))
• Statutory accounting and tax retention under Lithuanian law.
• Respond to data-subject requests and operate the GDPR rights workflow.
• Comply with legal, regulatory, tax and law-enforcement obligations.
9.4 Legitimate interests (Article 6(1)(f))
• CryptoKit per-photo SHA-256 hashing and append-only supersede-chain evidence integrity.
• Defend or pursue legal claims, including App Store subscription disputes, marketplace-terms disputes, insurance subrogation, product-liability investigations (GPSR / REACH / CLP / Cosmetic Products / MoCRA / NHP / TGA) and class-action investigations.
Where we rely on legitimate interests under Article 6(1)(f) GDPR, we have carried out and documented a balancing assessment. Where we rely on consent under Article 6(1)(a) GDPR, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
10. Offline-first architecture and no-server data model — Customer Data in your own iCloud
Flipyield is offline-first. Capture, browsing, product / recipe editing, batch production, order quick-log, Pack generation, XLSX import and export, and every other operational flow work with zero connectivity; on-device budgets are cold-launch under 2 seconds, quick-log sheet under 300 ms, recipe cost recompute under 100 ms, dashboard under 500 ms at 5,000 orders, OCR suggestion under 4 seconds per receipt page, XLSX parse 1,000 rows under 20 seconds and PDF Pack render under 3 seconds on an A15 device. If iCloud is unavailable, the App runs fully locally with a passive banner and no work is lost.
Flipyield operates no ML-Consulting-hosted backend. No EU-resident managed Postgres, no signed-URL object storage, no server-side AI, no private GPU boundary, no RFC 3161 trusted-timestamp authority, no third-party analytics SDK, no crash-reporting SDK. Customer Data lives in the Subscribing Customer's own iCloud, which is operated by Apple Inc. under Apple's own privacy terms and Apple's own data-residency choices for iCloud.
11. Subscribing Customers, sole-trader responsibility and Recipients
Flipyield is operated on a single-Subscribing-Customer-per-company subscription model. The Subscribing Customer — a sole-trader secondhand reseller paying personally from her own pocket — subscribes through the App Store, administers the workspace, records Items, Purchases and Lots, Bins, Listings, Sales, Trips and mileage, Marketplace fee profiles and Adjustments, generates Packs and shares Pack PDFs and XLSX Exports to Recipients through the iOS share sheet.
11.1 Sole-trader accounting, tax, DAC7 / 1099-K / HMRC platform-report reconciliation, counterfeit-goods, cultural-goods, CITES and consumer-protection responsibility
Every displayed figure is an estimate for the sole trader's decision-making — not accounting, tax, or legal advice. The Subscribing Customer remains the responsible person for every accounting, bookkeeping, tax, VAT, income-tax, self-employment-tax, self-assessment, MTD, Anlage EÜR, Schedule C, Schedule SE, Form 1040, BAS, IAS, IR35 determination, and for every filing to HMRC, IRS, BZSt, Finanzamt, ATO, CRA, VMI and equivalent tax authorities. In particular, the Subscribing Customer is responsible for reconciling her own records against the DAC7 (Directive (EU) 2021/514) platform-report her marketplaces file to her tax authority, the U.K. Digital Platform Reporting Regulations 2023 report to HMRC, the IRS 1099-K / 1099-DA reports filed under IRC §6050W, the CRA Digital Platform Reporting return, the ATO Sharing Economy Reporting Regime return and equivalent regimes — Flipyield does not participate in, receive copies of or reconcile against any of these platform reports. The Subscribing Customer is also responsible for every counterfeit-goods, trademark, cultural-goods (UNIDROIT 1995 / UNESCO 1970 / U.K. Dealing in Cultural Objects (Offences) Act 2003), CITES, used-electronics-safety, used-children's-goods-safety (CPSIA lead limits), product-safety (GPSR / U.K. GPSR 2005 / CPSIA / CCPSA — as applicable to used goods sold in the course of a commercial activity), and marketplace-terms decision on eBay, Poshmark, Vinted, Depop, Etsy, Mercari, Vestiaire Collective, Grailed, Whatnot, Facebook Marketplace, Bonanza, ThredUp, The RealReal and equivalents.
11.2 Sourcing-site safety, secondhand-goods hazards and workshop hazards where applicable
The Subscribing Customer remains responsible for her own sourcing-site personal safety at estate sales, garage sales, thrift stores, flea markets, storage-unit auctions, home-sales and any other secondhand-sourcing venue, and for the safety of any goods she resells. Flipyield does NOT track sourcing-site hazards, does not verify that resale goods are safe, does not test for mould / asbestos / lead-paint contamination on second-hand goods, does not verify that used electronics are safe to resell under U.K. Electrical Equipment (Safety) Regulations 2016 or state e-waste laws, does not verify that used children's toys meet CPSIA lead-content limits or EU Toy Safety Directive 2009/48/EC or U.K. Toys (Safety) Regulations 2011 requirements, and does not verify used-cosmetics safety under the EU Cosmetic Products Regulation, U.K. Cosmetic Products Enforcement Regulations 2013 or FDA MoCRA — its scope is strictly the reseller's own private ledger of sourcing, inventory, listings, sales and profit.
11.3 Marketplace-terms compliance, Platform-to-Business Regulation and DAC7 reporting-platform responsibility
The Subscribing Customer remains responsible for compliance with the terms of every marketplace on which she sells (eBay Seller Terms, Poshmark Community Guidelines and Terms, Vinted Terms and Vinted Pro Terms, Depop Terms of Service, Etsy Seller Handbook, Mercari Terms, Vestiaire Collective Terms, Grailed Terms, Whatnot Terms of Use, Facebook Marketplace Commerce Policies, Bonanza Booth Terms, ThredUp Cleanout Kit Terms, The RealReal Consignor Terms and equivalents), and for exercising her rights and complying with her obligations under Regulation (EU) 2019/1150 (Platform-to-Business Regulation), Regulation (EU) 2022/2065 (Digital Services Act), Directive (EU) 2000/31/EC (E-Commerce Directive), Directive (EU) 2021/514 (DAC7), Regulation (EU) 2022/1925 (Digital Markets Act) and equivalent regimes. Flipyield is not a marketplace operator, is not a platform under DAC7 / DSA / P2B / DMA, does not broker, list, intermediate, publish, crosslist, relist or report any transaction, and does not send any data to any marketplace or tax authority.
11.4 Consumer-protection responsibility toward the sole trader's customers
The Subscribing Customer remains the seller under EU Directive 2011/83/EU (Consumer Rights Directive), the U.K. Consumer Rights Act 2015, U.S. state UDAP / FTC Act §5, Canadian federal / provincial consumer-protection statutes, the Australian Consumer Law and equivalents. Flipyield is not the seller and is not liable to the sole trader's customers.
11.5 Recipients — no accounts, no App Clip, no server
Recipients do not have accounts in Flipyield. There is no App Clip surface and no operator dashboard. Recipients receive Pack PDFs and XLSX Exports via the iOS share sheet; once a document leaves your device, it is under the Recipient's control, processed by their own email server, DMS or accounting software.
12. Recipients of personal data
We share personal data only with the categories of recipients listed below, and only to the extent necessary for the purpose. We do not sell personal data, and we do not “share” personal data for cross-context behavioural advertising as that term is defined under California law. We do not share or sell Material, PurchaseLot, Product, Recipe, Batch, Channel, Order, OrderLine, StockAdjustment, receipt photograph or Pack data with any third party for advertising, commercial-intelligence, marketplace-benchmarking, market-research, credit-scoring, seller-performance-scoring or claim-outcome-prediction purposes. Because Flipyield has no server, no third-party analytics SDK, no crash-reporting SDK, no advertising SDK, no attribution SDK, no tracking SDK and no direct billing channel, this list is deliberately extremely short.
Categories of recipients:
• Apple Inc. and Apple Distribution International Limited — App Store distribution, App Store In-App Purchase (StoreKit 2), App Store Server Notifications, ambient iCloud identity, iCloud, CloudKit private database, CKShare zones (v1.1 if introduced), APNs local-notification delivery, WidgetKit, App Intents, BackgroundTasks, PhotoKit, AVFoundation, PDFKit, ImageRenderer, Swift Charts, LocalAuthentication and Secure Enclave, Vision framework, VisionKit (v1.1), NaturalLanguage framework, Foundation Models framework (v1.1), Core Image (v1.1), MetricKit and every other Apple platform service on which the App depends. Independent controller for App Store-side, iCloud-side and Apple-platform-side processing.
• Recipients of Pack PDFs and XLSX Exports (accountant, Steuerberater, partner, market organizer, insurance broker, product-liability insurer, banker, any other counterparty) — receive Pack PDFs and XLSX Exports sent from the Subscribing Customer's iPhone or iPad via the iOS share sheet; process those documents on their own systems (email, DATEV, Xero, QuickBooks, FreshBooks, Sage, Wave, ELSTER, MTD bridging software). No Flipyield account, no App Clip, no server-side portal. Independent controllers under their own professional, contractual, marketplace-terms, insurer and confidentiality duties. Not sub-processors of ML Consulting.
• Professional advisers to ML Consulting (lawyers, accountants, auditors) — legal, tax, audit and employment advice on a need-to-know basis. Independent controllers under their own duties of confidence.
• Authorities, courts and regulators — where we are required by law, court order or a binding regulatory request, including the Lithuanian State Data Protection Inspectorate (VDAI), Lithuanian State Tax Inspectorate (VMI), U.K. Information Commissioner's Office (ICO), HMRC, Trading Standards, Irish Data Protection Commission (DPC), German BfDI and Land DPAs, BZSt and Finanzamt, French CNIL and DGCCRF, Italian Garante, Spanish AEPD, Australian OAIC and ATO, U.S. FTC, IRS, CPSC and state attorneys general, Canadian OPC, CRA and Health Canada, and equivalents. Independent controllers acting under their statutory powers.
• Successor entity — in the context of a merger, acquisition, restructuring or sale of assets, subject to confidentiality safeguards and to the buyer continuing to honour the commitments in this Policy. Independent controller after the transaction closes.
References in the App and in this Policy to Etsy, Amazon Handmade, Not On The High Street, Folksy, Bonanza, Craftybase, Inventora, DaWanda-legacy, Zibbet-legacy, Shopify, WooCommerce, PayPal, Stripe (as marketplace payment processor), HMRC, IRS, BZSt, Finanzamt, ATO, CRA, DATEV, ELSTER, ICAEW, ACCA, AICPA, CIMA, CIOT, Steuerberaterkammer, Bundessteuerberaterkammer and equivalent tax-adviser and accountancy bodies are descriptive only. None of those bodies endorses, certifies, audits, accredits or warrants the App or any Pack, and none is a partner, sub-processor, recipient or party to this Policy by virtue of being named.
A current list of our sub-processors, together with the country in which each provider operates, is published at mlconsulting.lt/legal/sub-processors and is updated when the list changes. For Flipyield specifically, the sub-processor list is deliberately empty: Apple Inc. is an independent controller for every Apple platform service on which the App depends, and ML Consulting engages no third-party data-plane sub-processor for Flipyield.
13. International data transfers
ML Consulting MB is established in Lithuania. Because Flipyield has no server and no ML-Consulting-hosted backend, the international-transfer question turns on Apple's iCloud residency for the Subscribing Customer's Apple Account and on the App Store's processing of billing data — both of which are choices made by Apple, not by ML Consulting.
For the narrow controller-level data ML Consulting itself processes, we keep data in the European Union by default. Where personal data is transferred outside the EEA or the United Kingdom to a country that has not been the subject of an adequacy decision under Article 45 GDPR, we rely on one or more of the safeguards required by Chapter V GDPR, in particular:
• European Commission adequacy decisions, including the EU-US Data Privacy Framework where the recipient is certified under it;
• the European Commission's Standard Contractual Clauses (Module Two and Module Three), with the UK International Data Transfer Addendum or the UK International Data Transfer Agreement for transfers from the United Kingdom, and supplementary measures consistent with the European Data Protection Board's recommendations;
• additional technical measures including TLS 1.2 or higher for data in transit and Apple's iCloud encryption at rest, plus contractual and organisational measures appropriate to the sensitivity of sole-trader financial data; and
• any other lawful transfer mechanism under Articles 46 to 49 GDPR.
14. Automated decision-making, on-device ML and Foundation Models — no backend AI
14.1 No solely-automated decisions with legal or similarly significant effects
We do not subject you to decisions producing legal effects concerning you or similarly significantly affecting you that are based solely on automated processing within the meaning of Article 22 GDPR. Where any aspect of a decision affecting you is informed by automated logic, the recorder or Subscribing Customer is meaningfully involved in the outcome.
14.2 Explicit AI exclusions
Flipyield does NOT offer:
• AI accounting, bookkeeping, tax, VAT, income-tax, self-employment-tax, self-assessment, MTD, Schedule C / SE, BAS / IAS, DAC7 / 1099-K / 1099-DA / IRC §6050W / UK Digital Platform Reporting reconciliation, IR35 or off-payroll-working determinations, computations or advice;
• AI HGB §257 / AO §146 / §147 / GoBD / Companies Act 2006 / IRC §6001 record-keeping-compliance attestations;
• AI valuation, price-comps, “what's it worth”, sold-listing prediction or dynamic-pricing determinations; AI counterfeit-goods, trademark or copyright determinations; AI CITES / cultural-goods (UNIDROIT 1995 / UNESCO 1970) determinations; AI product-safety (GPSR / U.K. GPSR 2005 / CPSIA / CCPSA) determinations on used goods; AI condition-grading, authenticity-verification, provenance-authentication verdicts; AI UPC / EAN / ISBN / catalogue-lookup determinations;
• AI Digital Services Act (DSA), Platform-to-Business Regulation, DAC7 or Digital Markets Act marketplace-operator determinations;
• AI marketplace-terms interpretation (Etsy, Amazon Handmade, Not On The High Street, Folksy, Bonanza, Shopify, WooCommerce and equivalents);
• AI antitrust, competition-law, Kartellverbot, Bundeskartellamt, CMA, FTC or ACCC determinations;
• AI sanctions / PEP / ultimate-beneficial-owner / source-of-funds / 5AMLD / 6AMLD / OFAC / EU Consolidated / U.K. OFSI determinations;
• AI insurance underwriting or claims determinations by any insurer;
• AI pricing advice, market-price predictions, competitor-pricing recommendations or dynamic-pricing suggestions beyond the disclosed cost + target-margin formula that the Subscribing Customer sets;
• AI computer-vision “detected”, “verified”, “counted”, “damage-diagnosed”, “counterfeit-flagged”, “provenance-authenticated” or “photo-genuineness” verdicts;
• AI seller-performance, employability, ranking, blacklist, ban-risk, review-quality, refund-risk, chargeback-risk, marketplace-behaviour or claim-outcome-prediction profiles; or
• Any AI feature that requires transmission of Customer Data off-device to a third-party model provider. Vision, NaturalLanguage and Foundation Models are Apple's on-device frameworks; there is no ML-Consulting-hosted backend model and no Anthropic / OpenAI / Whisper / Google / Meta model in the Flipyield data plane.
14.3 On-device Vision, NaturalLanguage and PhotoKit — suggestion-only
The App uses on-device Vision framework receipt OCR, on-device NaturalLanguage token-similarity fuzzy matching, and on-device PhotoKit access. These run locally on your iPhone or iPad and the input is not transmitted to any third-party AI provider as a result of these features. Every extracted value is a labelled suggestion — the recorder confirms every line before it becomes an evidentiary PurchaseLot; below the confidence threshold, the App visibly flags the affected line, and no PurchaseLot, no stock change and no cost change persists from any line the recorder does not confirm.
14.4 v1.1 Foundation Models narrative layer — opt-in, English and German only, device-floor gated
From v1.1, Flipyield will offer an optional Foundation Models on-device narrative layer with three components: monthly plain-language summary; per-product price suggestion computed from the disclosed cost + target-margin math; and anomaly narration on the disclosed flags. The layer is gated at three levels — availability (Apple Intelligence device floor; below the floor rule-based parity is shown), language (English and German only; in other locales rule-based parity is shown) and per-generation confirmation. Prompts consume derived aggregates only — never raw records.
14.5 Deterministic on-device engines (not AI)
The core computational engines are DETERMINISTIC and not AI at all: the weighted-average-cost engine (over non-superseded lots); the fixed-in-dimension unit-conversion engine (g↔kg × 1000, ml↔l × 1000, m↔cm × 100; cross-dimension ml↔g only via the Material's user-entered density factor; absent factor → conversion refused with explanation, never guessed); the product-unit-cost engine; the fee-computation engine per Channel (base × (feePct + paymentPct) + feeFixed + paymentFixed + perOrderExtra, half-up rounding at cent applied once at order level); the profit and margin engines; the price-creep flag at 1.15 × prior weighted-average cost and total ≥ €5; the low-stock flag at manual reorder threshold; and the dashboard reconciliation invariant enforced by property-based tests. These engines are pure, unit-tested Swift code; their output is fully explainable by inspection of the code and the Customer Data.
14.6 EU AI Act readiness
We design and operate the App's on-device AI features to be compatible with applicable obligations under Regulation (EU) 2024/1689 (the AI Act), including transparency (raw input always retained alongside any structured output; the recorder always confirms; the AI-drafted suggestion carries a “Suggestion — review before use” label), logging and human-oversight requirements. None of the current AI features is, or is held out as, a high-risk AI system within the meaning of Annex III of the AI Act.
15. How long we keep personal data
We keep personal data only for as long as we need it for the purpose for which it was collected, or as required by applicable law. Because Customer Data lives in the Subscribing Customer's own iCloud, Flipyield cannot itself delete Customer Data from your iCloud — you (and Apple) do that.
• Account and authentication data — none retained on ML Consulting infrastructure by default (Flipyield has no account).
• Device, technical and telemetry data — where visible to us at all, retained in identifiable form for a maximum of 13 months; aggregated or anonymised data may be retained indefinitely.
• Communications and support correspondence — up to 24 months from the close of the last related correspondence; longer where the matter relates to a complaint, dispute, investigation, regulatory matter or legal claim.
• Billing, accounting and tax records — up to 10 years from the end of the relevant accounting period, in line with Lithuanian law.
• Customer Data on the Subscribing Customer's own iCloud — retained on the Subscribing Customer's iCloud for as long as the Subscribing Customer keeps it (typically for years, since DAC7 / HMRC / IRS record-keeping expectations run for six years or more depending on jurisdiction). Post-trial the App is read-only with full XLSX + PDF export always available; data is never held hostage. On App deletion the on-device store is removed by iOS. On the Subscribing Customer's use of the “Erase all data” Settings flow, the App wipes the local store + the private CloudKit zone after typed confirmation.
• v1.1 CKShare partner data (if introduced) — a partner's Customer Data entries remain in the Subscribing Customer's zone if the Subscribing Customer removes the partner. A partner leaving the share does not touch company data.
• Backups (Apple iCloud backup) — Apple's iCloud backup rotation applies; ML Consulting does not operate a separate backup and does not restore deleted accounts.
16. Security and personal-data breaches
16.1 Article 32 measures
We implement and maintain appropriate technical and organisational measures to protect personal data — particularly the narrow controller-level data we hold — against unauthorised access, accidental loss, destruction, alteration or disclosure (Article 32 GDPR). For Flipyield specifically, these measures include: iOS application-sandbox isolation and Apple's default Data Protection; per-photo SHA-256 hashing of AVFoundation receipt captures at save time; append-only supersede-chain evidence integrity on PurchaseLot, Batch, Order, OrderLine and StockAdjustment; the optional Face ID / Touch ID app-lock; Keychain-scoped short secrets; watermarking and version-stamping on every Pack, mandatory disclosure and product footers on every Pack page, and a per-Pack hash manifest; the Privacy Manifest declaration; and — for the Customer Data itself — Apple's iCloud in-transit and at-rest encryption on the Subscribing Customer's own iCloud.
16.2 Notification of personal-data breaches
If we become aware of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons in respect of the narrow controller-level data we hold, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach (Article 33 GDPR). Where the breach is likely to result in a high risk, we will notify the affected data subjects without undue delay (Article 34 GDPR). Because Customer Data lives in the Subscribing Customer's own iCloud, an iCloud-side security incident is handled by Apple under Apple's own breach-notification obligations.
16.3 Reporting a suspected breach to us
If you suspect a security incident or unauthorised access affecting your App Store subscription, App Store Server Notifications payloads, biometric-verification metadata or any Pack PDF or XLSX Export you generated, please notify us at support+flipyield@mlconsulting.lt without undue delay. Provide as much detail as you can; do not include passwords or other secrets in the email.
17. Your rights as a data subject
Subject to the conditions set out in the GDPR, you have the rights below. These rights are not absolute and may be restricted by law. Because Customer Data lives in your own iCloud, several of these rights are exercised most efficiently through Apple (iCloud account controls, Data & Privacy portal at privacy.apple.com) rather than through ML Consulting.
• Right of access (Article 15) — confirm whether we process personal data about you and obtain a copy. Note that ML Consulting itself holds only the narrow controller-level data described in section 4.1; the bulk of your Customer Data lives in your own iCloud.
• Right to rectification (Article 16) — have inaccurate personal data corrected and incomplete data completed. In the App itself, financial records are append-only after save — corrections supersede and both remain visible.
• Right to erasure (Article 17) — have personal data erased where the conditions apply. For Customer Data on your own iCloud, use the App's in-Settings “Erase all data” flow.
• Right to restriction of processing (Article 18) — restrict our processing while we verify contested data or deal with an objection.
• Right to data portability (Article 20) — receive the data you provided in a structured, commonly-used and machine-readable format. The App provides in-Settings full-data XLSX Export at any time.
• Right to object (Article 21) — object to processing based on legitimate interests on grounds relating to your particular situation, and at any time to direct marketing.
• Rights related to automated decision-making (Article 22) — not be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. See section 14 and the explicit AI exclusions.
• Right to withdraw consent (Article 7(3)) — where we rely on consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint (Article 77) — complain to our lead supervisory authority, the VDAI in Vilnius, or to the supervisory authority of the EU Member State where you habitually reside, where you work or where the alleged infringement took place.
17.1 How to exercise your rights
You can exercise the rights above by sending an email to support+flipyield@mlconsulting.lt with the words “Privacy request — Flipyield” in the subject line. For rights that concern data in your own iCloud, we may redirect you to Apple's Data & Privacy portal at privacy.apple.com.
We will respond to verifiable requests without undue delay and in any event within one month of receipt under Article 12(3) GDPR. We may extend that period by up to a further two months for complex or numerous requests.
18. Regional rights notices
18.1 Lithuania — VDAI, Labour Code, accounting and tax law
Where the Subscribing Customer operates from the Republic of Lithuania, the Republic of Lithuania Law on Legal Protection of Personal Data applies in addition to the GDPR; the Republic of Lithuania Labour Code, Law on Financial Accounting, Law on Tax Administration and Law on Value Added Tax apply independently of the App.
18.2 Germany and Austria — BfDI / Land DPAs, BDSG, AO, HGB, GoBD, UStG, Kleinunternehmerregelung, DAC7 implementation into German law
Where the Subscribing Customer operates from Germany or Austria (the DE / AT launch storefronts), the GDPR, BDSG, Abgabenordnung (AO — including §146 record-keeping and §147 retention), Handelsgesetzbuch (HGB — including §257 retention), the GoBD principles, Umsatzsteuergesetz (UStG) including the Kleinunternehmerregelung §19 small-business threshold, Steuerberatungsgesetz (StBerG), Produkthaftungsgesetz, Chemikaliengesetz, Gefahrstoffverordnung, Kosmetikverordnung, ZUGFeRD / XRechnung / EN 16931 e-invoicing and the Austrian equivalents (BAO, UStG 1994, UGB) apply independently of the App.
18.3 United Kingdom — UK GDPR, ICO, HMRC self-assessment, Digital Platform Reporting Regulations 2023
If you are in the United Kingdom, the UK General Data Protection Regulation and the UK Data Protection Act 2018 apply. The UK supervisory authority is the Information Commissioner's Office (ICO). The HMRC self-assessment regime, the £1,000 trading allowance, Making Tax Digital where thresholds are met, the U.K. Digital Platform Reporting Regulations 2023 (implementing DAC7 into U.K. law — the marketplaces are the reporting platforms, Flipyield is not), the U.K. Trade Marks Act 1994, the U.K. Dealing in Cultural Objects (Offences) Act 2003, the U.K. General Product Safety Regulations 2005 (which apply to used goods sold in the course of a commercial activity), the U.K. Electrical Equipment (Safety) Regulations 2016, the U.K. Toys (Safety) Regulations 2011 and the Consumer Rights Act 2015 apply to U.K. resellers independently of the App.
18.4 Republic of Ireland, France, Italy, Spain, Netherlands, Belgium and other EU Member States
Where the Subscribing Customer operates from another EU Member State, the GDPR and the relevant national data-protection, tax and consumer-protection laws apply. The relevant national data-protection authority is the supervisory authority for processing in that Member State.
18.5 United States — CCPA / CPRA, IRS 1099-K / 1099-DA / IRC §6050W, Schedule C, CPSC, state marketplace-facilitator laws
If you are a California resident, the CCPA / CPRA gives you the rights described in the corresponding section of this Policy. We do not sell personal information and we do not “share” personal information for cross-context behavioural advertising. The IRS 1099-K and 1099-DA regimes, IRC §6001 record-keeping obligations, IRC §6050W third-party settlement organisation reporting rules, state marketplace-facilitator laws (California CDTFA and equivalents in New York, Michigan, Washington, Illinois, Texas and other states), the U.S. Trademark Counterfeiting Act, the U.S. Consumer Product Safety Improvement Act (CPSIA — including lead-content limits on used children's goods), state e-waste laws for used electronics and the U.S. National Labor Relations Act apply to U.S. resellers independently of the App. Similar privacy rights are available to residents of Colorado, Connecticut, Virginia, Utah, Texas, Florida, Oregon, Washington and other US states.
18.6 Canada, Australia and other jurisdictions
Where the Subscribing Customer operates from Canada (PIPEDA and provincial private-sector privacy laws; CRA record-keeping; Consumer Packaging and Labelling Act; Consumer Product Safety Act; Health Canada NHP) or Australia (Privacy Act 1988 and Australian Privacy Principles; ATO record-keeping and BAS regime; Australian Consumer Law; TGA cosmetics rules), the relevant national laws apply independently of the App. Similar frameworks apply in Switzerland (revFADP), Norway (Personopplysningsloven), Japan (APPI — deferred launch market) and other jurisdictions.
18.7 Global Privacy Control
On the App's landing pages, we honour the Global Privacy Control signal where technically feasible, treating it as an objection to non-essential cookies and a request to opt out of any “sale” or “sharing” of personal information.
19. Children
Flipyield is intended for business users (B2B) only and is not designed for use by minors. Users must be at least 18 years old and must be the sole trader (or the sole trader's authorised delegate). Apple's App Store age rating reflects the relevant minimum age. If we become aware that we have collected personal data from a child without the appropriate authorisation, we will work with the relevant Subscribing Customer to investigate and, where appropriate, erase the data.
20. Cookies and similar technologies
The Flipyield iOS / iPadOS App does not use analytics, advertising, profiling or marketing cookies. The App uses on-device storage (the iOS application sandbox, the Keychain, Core Data with CloudKit private-database mirroring, UserDefaults) to deliver its features. This is not “cookies” within the meaning of the ePrivacy Directive 2002/58/EC.
The App's landing pages on mlconsulting.lt use only strictly-necessary cookies. No analytics or advertising cookies are set. Because there is no direct billing channel and no Stripe billing pages for Flipyield, there are no third-party payment cookies to disclose either.
21. Communications
21.1 Service messages
We send transactional service messages (App Store billing notices via Apple, support replies, material change notices) on the basis of contract performance under Article 6(1)(b) GDPR. Service messages are not commercial marketing and cannot be opted out of without ceasing to use the App.
21.2 Direct marketing
Where we send commercial marketing emails about Flipyield, we rely either on (i) your prior consent under Article 6(1)(a) GDPR and Article 13 of the ePrivacy Directive, or (ii) the “soft opt-in” under Article 13(2) of the ePrivacy Directive. You may opt out at any time by clicking the unsubscribe link in any marketing email, by emailing support+flipyield@mlconsulting.lt or by updating your preferences.
21.3 Operational notifications — not tax advice, not statutory-deadline advice
Local-notification cadence, widgets, App Intent invocations and PDF Pack completeness-check flags are operational reminders configured by you. They are best-effort and depend on Apple's platform services. They are NOT tax-filing deadlines, NOT VAT-return deadlines under HMRC MTD / BZSt / Finanzamt / ATO / CRA / VMI, NOT an accountant's or Steuerberater's opinion, NOT a court order, NOT a Qualified Trust Service Provider attestation, NOT a marketplace-terms interpretation, NOT a product-safety notice under GPSR / REACH / CLP / Cosmetic Products / MoCRA / NHP / TGA, NOT a fire alarm, NOT an intrusion alarm, NOT a calibrated instrument reading and NOT a 112 / 999 / 911 / 000 dispatch. CALL 112 / 999 / 911 / 000 OR THE LOCALLY APPLICABLE PUBLIC EMERGENCY NUMBER FIRST whenever any person is in apparent danger of death or serious harm in the workshop or at a market.
22. Changes to this Policy
22.1 Routine updates
We may update this Policy from time to time, for example to reflect new features (v1.1 Foundation Models narrative layer, v1.1 QR labels, v1.1 CKShare single-partner sharing if introduced), regulatory developments, Apple platform changes (Foundation Models version updates, iOS 26+ RecognizeDocumentsRequest availability) or operational changes. The latest version is always published on the App's App Store listing and at mlconsulting.lt/flipyield/privacy.
22.2 Material changes
Where a change is material and adversely affects your rights or expectations, we will give reasonable advance notice — typically at least 30 days, unless a shorter period is required by law, by Apple App Store policy or to address a security risk — by in-app notice and, where we have your email address, by email. Non-material changes take effect on posting.
22.3 Versioning
Each version of this Policy is dated and archived. The version in force at the time of the relevant processing governs that processing. The Foundation Models model version in use at any given time (v1.1 onward) is disclosed in the App's release notes.
23. Contact us
For any question, request or complaint about this Policy or about how we process your personal data, please contact us using the details below.
• Controller: ML Consulting MB
• Address: Vilnius, Republic of Lithuania
• Legal entity code: 306991112
• Privacy contact (email): support+flipyield@mlconsulting.lt
• Website: https://mlconsulting.lt
• Lead supervisory authority: Valstybinė duomenų apsaugos inspekcija (VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania · +370 5 271 2804 · ada@ada.lt · vdai.lrv.lt
Document end · Version 1.0 · Effective 1 January 2027 · Flipyield — Privacy Policy · © 2026 ML Consulting MB
© 2026. All rights reserved.
