How we protect our users
Every flipprr product handles sensitive data differently — cross-border payments, creator-brand agreements, anonymous messages. Here's how we keep each one secure.
Security principles across all products
Encryption everywhere
All data encrypted in transit and at rest. Every API call, every database query, every file upload is protected with industry-standard encryption.
Minimal data collection
We only collect what’s necessary for each product to function. No tracking pixels, no behavioral analytics, no data harvesting.
Trusted infrastructure
Our products run on enterprise-grade cloud infrastructure with DDoS protection, web application firewalls, and automatic threat mitigation.
Cross-border commerce requires serious trust
ParcelPal connects buyers with travelers across international borders. Real money, real goods, real people. Every layer of the platform is designed to prevent fraud, verify identities, and protect both parties.
Two-step KYC verification
Every user must complete mandatory identity verification before transacting. This is a two-step process:
- 1.Government-issued ID verification (Aadhaar, PAN, or Driving License) through our KYC partner with liveness detection to prevent identity theft.
- 2.Passport verification for travelers to confirm international travel capability and create accountability.
Identity documents are processed by our KYC partner — not stored on our servers. One-time verification fee: ₹50.
Anti-fraud & price validation
Every product listing is automatically validated against global market prices. Listings with price deviations over 25% from fair market value are blocked.
- Anti-hawala detection compliant with PMLA (Prevention of Money Laundering Act)
- Suspicious transaction patterns automatically flagged and reviewed
- Prohibited items screening for customs, FSSAI, and DGCA compliance
- Legal obligation to report suspicious patterns to FIU-IND
Payment protection
Both buyer and traveler pay a one-time, non-refundable connection fee to unlock the deal. This fee covers platform operations, verification infrastructure, dispute resolution, and secure messaging. Product payment is settled directly between buyer and traveler — the platform does not hold funds or take commission on product prices. Connection fees are processed through licensed payment partners.
Dispute resolution
7-day dispute window after expected delivery date. Both parties submit evidence (screenshots, photos, chat history). Our team reviews within 3-5 business days and communicates a resolution — which may include fee refunds, warnings, or account suspension.
ParcelPal operates as an intermediary under Section 79 of the Information Technology Act, 2000.
ParcelPal data handling
| Data | Purpose | Shared with |
|---|---|---|
| Name, email, phone | Account creation & communication | ParcelPal only |
| Aadhaar, PAN, Passport | KYC identity verification | KYC verification partner |
| UPI / payment details | Connection fee collection | Payment processing partner |
| Flight PNR & travel dates | Trip verification | ParcelPal only |
| Product URLs & prices | Price validation | Pricing API (anonymized) |
| Chat messages | Buyer-traveler coordination | Messaging infrastructure |
Verified collaborations, protected content
Frilpp handles brand-creator agreements, social media credentials, and e-commerce fulfillment. Here's how we keep creator data safe and brand collaborations honest.
Social authentication
Creators authenticate through official social platform OAuth flows. We request only the minimum permissions needed — username, follower count, and recent media metadata for deliverable verification. OAuth tokens are encrypted at rest. We never store social media passwords and cannot post on behalf of creators.
Automated deliverable verification
Each campaign generates a unique campaign code. When creators post content, our system checks social media APIs for the code in the caption, verifying the deliverable was actually posted — not faked. Missed or invalid deliverables trigger a strike system: 2 strikes result in a 30-day cooldown, 3 or more lead to a permanent ban.
E-commerce integration security
Frilpp integrates with e-commerce platforms via official OAuth APIs using scoped access tokens. We can create draft orders and read product data — nothing more. All API tokens are encrypted at rest with access limited to required services. Brand payment details are never stored on our servers.
Content ownership & rights
Creators retain full ownership of their content. Brands receive usage rights only as specified in the offer terms and only after the creator explicitly grants consent. Brands may not reuse creator content outside the agreed scope. Frilpp is a facilitator — we are not a party to the brand-creator agreement.
Privacy by architecture, not by policy
ChaosBird is built on a zero-knowledge architecture. We can't betray your privacy because we never collected your data in the first place. This isn't a marketing claim — it's how the system is designed.
What ChaosBird does NOT collect
Encryption
All data is encrypted in transit with TLS 1.3 and encrypted at rest with AES-256. This applies to messages, file uploads, and all metadata. Every WebSocket connection, every API call, every file transfer is encrypted end-to-end. No plaintext data exists on the wire.
Zero tracking
No cookies, no browser fingerprinting, no user tracking of any kind. No third-party analytics scripts (no Google Analytics, no Meta Pixel). Browsing behavior is never recorded or shared. The only external service used is bot protection during sign-up, which does not track users across sites.
Edge-native infrastructure
ChaosBird runs on a globally distributed edge network across 300+ nodes. We don't own or operate physical servers. All data processing — including AI-powered features like sentiment analysis — happens within the same infrastructure. No data leaves the network for AI processing. No external AI providers.
Minimal data retention
File attachments auto-expire and are deleted after 7 days. We store only the minimum data needed: message content, sender username, and timestamp. No server-side logs of user sessions or browsing activity. Usernames are pseudonymous and disposable — nothing traces back to a real-world identity.
What ChaosBird will never do
Regulatory compliance
flipprr products are operated by OneFinexus Private Limited, registered under the Ministry of Corporate Affairs, Government of India. We comply with applicable Indian law across all products.
Information Technology Act, 2000
ParcelPal and Frilpp operate as intermediaries under Section 79. We maintain reasonable due diligence, provide grievance redressal mechanisms, and cooperate with law enforcement when required by valid legal process.
Prevention of Money Laundering Act (PMLA)
ParcelPal's anti-hawala price validation and KYC requirements are designed for PMLA compliance. Transactions resembling informal value transfers are flagged and reviewed. We maintain a legal obligation to report suspicious patterns to FIU-IND.
Companies Act, 2013
OneFinexus Private Limited is incorporated and operates in full compliance with the Companies Act, 2013. Annual filings, statutory audits, and regulatory disclosures are maintained as required.
Customs & prohibited items
ParcelPal screens for prohibited items under Indian customs regulations, FSSAI food safety requirements, and DGCA aviation rules. Travelers are informed they are the importer of record and are responsible for customs compliance.
Report a security concern
If you discover a security vulnerability in any flipprr product, please report it responsibly. Contact us directly and we'll investigate immediately.