Privacy Policy
Last Updated: July 6, 2026
This Privacy Policy explains how FluxyAPI processes personal data when you use our website, dashboard, API builder, runtime, payment features, support channels, and related services. It is intended to provide clear information without disclosing unnecessary technical, operational, or security-sensitive details.
1. Controller
The controller for platform-related processing is [OPERATOR / COMPANY], represented by [AUTHORIZED REPRESENTATIVE], [ADDRESS], [COUNTRY], email: [PRIVACY EMAIL], website: [DOMAIN] ("FluxyAPI", "we", "us", or "our").
If a data protection officer or dedicated privacy contact is required by law, the relevant contact details will be made available here or through the contact details above.
2. Roles and User Responsibility
We act as controller where we process personal data for our own platform purposes, including account management, billing, support, security, service operation, and legal compliance.
Where users create projects, endpoints, workflows, databases, files, integrations, or public services through FluxyAPI, the user is generally responsible for the personal data processed through those configurations. In those cases, FluxyAPI generally acts as processor and processes data according to the user's instructions, the applicable agreement, and the data processing agreement where required.
3. Data We Process
Depending on how the Service is used, we may process account and contact data, login and session data, security and abuse-prevention data, payment and subscription data, project and workflow data, support communications, usage information, logs, files, media, and technical data generated by browsers, devices, APIs, and infrastructure.
Users decide what data they include in their own projects, requests, responses, logs, prompts, files, databases, and third-party integrations. Users must ensure that their own configurations are lawful, transparent, secure, and limited to what is necessary.
4. Purposes and Legal Bases
We process personal data to provide and improve the Service, create and manage accounts, authenticate users, operate projects and platform features, process payments, provide support, detect and prevent abuse, secure our systems, enforce limits and agreements, comply with legal obligations, and establish or defend legal claims.
The legal bases are generally contract performance, legitimate interests, legal obligations, consent where required, and processing on behalf of users under Article 28 GDPR where FluxyAPI acts as processor.
5. Login, Payments, AI, and Third-Party Features
If you use external login providers, payment features, AI-assisted features, security checks, email features, custom domains, webhooks, external APIs, external databases, or other integrations, the relevant third-party services may receive or process the data required for the selected feature.
Depending on the feature you choose, these services may include payment processors such as Stripe, OAuth providers such as Google, GitHub, or Discord, security providers such as Cloudflare, infrastructure and storage providers, analytics providers, and third-party APIs, databases, AI providers, or webhook targets configured by you inside a project.
User-selected integrations are controlled by the user. FluxyAPI is not responsible for the user's choice of third-party services, the user's instructions to those services, or personal data that users send to them through their own workflows.
If you click an outbound affiliate or partner link, such as a domain registrar recommendation, the destination provider and affiliate network may process click, referral, device, browser, and purchase attribution data after you leave FluxyAPI. We do not pass account email, user ID, project ID, or similar personal identifiers to affiliate links.
6. Cookies and Similar Technologies
We use technically necessary cookies, local storage, and similar technologies for login, session security, CSRF protection, preferences, platform operation, and abuse prevention. These are required to provide secure core functionality.
Required third-party service requests may also occur when you actively use a related feature, such as paying through Stripe, opening a billing portal, signing in with an OAuth provider, completing a security check, or connecting an external API, database, AI provider, or webhook. These providers may set their own cookies or use similar technologies where necessary for their service.
Stripe is loaded when you open checkout or billing-related flows and may use cookies or similar technologies needed for payment processing, fraud prevention, and secure payment functionality. Cloudflare Turnstile is loaded where security verification is required, such as login or password reset flows.
Static interface assets such as maps, code highlighting resources, report export utilities, and editor fonts are served locally by FluxyAPI where reasonably possible, so these interface features do not require additional browser requests to public CDNs or raw asset repositories.
Non-essential analytics, marketing, or tracking technologies are used only where a valid legal basis exists, such as consent where required by law. If you are logged in, we store your consent choice in your user settings. For visitors who are not logged in, we store the choice locally in the browser.
Analytics with Google Analytics and PostHog
With your consent, we use Google Analytics and PostHog to understand product usage and improve FluxyAPI.
When you provide your explicit consent via our privacy banner or preferences panel (Art. 6(1)(a) GDPR), these services may use cookies or local storage to measure page views, product usage, and similar interaction data. If you are logged into your account, we may link PostHog session data with your user profile, including user ID, email, and name, to better understand how logged-in users interact with the Service.
You can revoke or change analytics consent at any time through the privacy preferences link in the footer or on this page. Data may be transferred to and processed on servers outside the EU or EEA where this is necessary for the selected analytics services and permitted by applicable transfer mechanisms.
7. Recipients and Service Providers
We may share personal data with hosting, infrastructure, security, payment, communication, analytics, support, storage, authentication, AI, and other technical service providers where this is necessary for the Service. These providers may act as processors or independent controllers depending on the service and legal relationship.
We may also disclose data where required by law, enforceable authority request, contract enforcement, security investigation, corporate transaction, or protection of rights, users, third parties, or the Service.
8. International Transfers
Personal data may be processed in countries outside the EU or EEA where this is necessary for the Service, providers, support, security, or user-selected integrations. Where required, we use appropriate transfer mechanisms such as adequacy decisions, standard contractual clauses, or other safeguards permitted by law.
9. Retention and Deletion
We retain personal data only for as long as necessary for the relevant purpose, including service operation, account management, billing, security, troubleshooting, legal compliance, contract enforcement, and legitimate business interests. Retention periods may vary by data type, plan, feature, legal duty, and user configuration.
Users are responsible for exporting, deleting, or limiting data in their own projects where required. Some data may remain for a limited period in backups, logs, billing records, security records, or legal archives before deletion or anonymization.
10. Security
We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption, secure authentication, monitoring, rate limits, logging, separation of permissions, and other security controls appropriate to the risk.
No system can be guaranteed to be completely secure. Users remain responsible for securely configuring their own accounts, projects, endpoints, domains, credentials, secrets, prompts, logs, files, and third-party integrations.
11. Your Rights
Subject to the conditions and limits of applicable data protection law, data subjects may request:
- access, rectification, erasure, and restriction of processing
- data portability where the legal requirements are met
- objection to processing based on legitimate interests
- withdrawal of consent with effect for the future
- complaint with a competent data protection supervisory authority
Requests can be sent to [PRIVACY EMAIL]. If a request concerns data that we process on behalf of a user or customer, we may refer the request to that user or customer or assist them according to the applicable agreement.
12. Required Data and Automated Controls
Some data is required to create an account, log in, use platform features, process payments, operate projects, prevent abuse, or provide support. Without this data, some or all features may not be available.
We may use automated technical controls for security, abuse prevention, rate limits, payment status, usage limits, and service protection. These controls may restrict or block access where necessary to protect FluxyAPI, users, third parties, or legal interests.
13. Changes to This Privacy Policy
We may update this Privacy Policy when our Service, providers, legal requirements, security needs, or business operations change. The current version will be made available through the website or dashboard. Material changes may be communicated in an appropriate way.