Changelog

Effective date: 2026-04-25

This page records significant changes to our Terms of Service, Privacy Policy, and Community Guidelines. Each entry describes what changed and when.

For the current versions of our policies, use the links in the footer or the related policies section at the bottom of any policy page.

2026-04-25

Privacy Policy

• Clarified that phone numbers used for account verification are not linked to Fluxer accounts or user IDs. Successful phone verification now stores only a has_verified_phone account flag.
• Added the retention rule for phone verification reuse prevention: Fluxer keeps an encrypted internal marker for about 30 days, used only to allow the same phone number to verify at most twice in that period, with encryption keys rotated roughly every 30 days.
• Clarified that phone verification is used for suspicious registration anti-spam checks, not as a general identity or account-linking system.
• Clarified that SMS-based 2FA is not available for accounts registered on or after 25 April 2026.

2026-04-18

Privacy Policy

The privacy-policy changes below are documented in full here, but they are not treated as the kind of change that requires a separate product announcement or a consent request. Under the GDPR, consent is only one possible legal basis for processing, and this update does not introduce a new purpose for which personal data is used, a new optional feature, or a new category of data leaving Fluxer. It reflects a vendor and disclosure-footprint change within the same already-described purposes: approximate IP geolocation, regional eligibility checks, and anti-abuse or anonymisation checks, including API-edge abuse controls against Tor and residential-proxy traffic. In substance, this update mostly removes providers from the set of third parties involved in that processing. The only new provider reflected here is IPinfo, and IPinfo receives only standalone IP-address lookups for those purposes. IPinfo is not sent account identifiers, user identifiers, session tokens, device information, message content, or any other Fluxer user data with those lookups, and results are heavily cached on our own systems, so this change does not expand what IPinfo can learn about any Fluxer user or what Fluxer does with user data. The change is published here for transparency and accountability, which is the relevant GDPR obligation in this context.

• Updated the list of sub-processors to reflect our current infrastructure. Removed Cloudflare (including the Worker previously used for regional access eligibility), OVHcloud, Hetzner, Better Stack, and Sentry, which are no longer used to process personal data. Removed Porkbun, which handles domain registration only and does not process Fluxer users' personal data (sections 2.3, 4.2, 6.1, 9, 17.4).
• Rewrote Section 3.2. IP geolocation is now handled end-to-end through IPinfo, replacing the local MaxMind databases previously used. When we query IPinfo, only the IP address being looked up is sent, with no account identifier, user identifier, session token, or device context attached, so IPinfo has no way to correlate a lookup with your Fluxer account. All lookups are heavily cached on our own servers, so repeat requests for the same IP never go back out over the network during the cache window. The same IPinfo response powers login security alerts, session displays, regional access eligibility, API-edge abuse controls for Tor and residential-proxy traffic, and the anonymisation signals used during higher-risk events such as registration.
• Removed the separate Backblaze sub-processor entry from Sections 4.2, 6.1, and 17.4. Off-site database backups are still kept with a storage provider for disaster recovery, but those backups are encrypted with keys held only by us; the provider has no ability to read, index, or otherwise process the contents, so we do not treat them as a sub-processor of your personal data under GDPR Article 28 (section 6.1).
• Clarified error monitoring and observability: we run our own observability stack (metrics, logs, traces) on Fluxer-controlled infrastructure and do not send application error or crash data to any third-party error monitoring service (section 4.2).
• Updated Section 6.1. Primary hosting and the object storage for user-uploaded files both run on Vultr in Piscataway, New Jersey, USA. Voice and real-time communication servers also run on Vultr, but are deployed across multiple Vultr regions worldwide so that calls can be handled from a region close to you. Bunny.net continues to run the user-content CDN on fluxerusercontent.com.
• Added a 24-hour safeguard for accidentally deleted attachments. Deleted media is non-visibly retained in our user-content object storage for up to 24 hours so it can be recovered from a bad bulk-delete or similar accident; after that window, and once CDN caches have been purged, it is permanently gone (section 7.3).
• Added Section 7.8, describing how snapshots of content reported through the in-app report feature are handled: stored in an isolated bucket, accessible only to authorised trust-and-safety and engineering staff, audit-logged, retained for up to 1 year, then deleted automatically. Where a specific piece of evidence has to be preserved for longer to meet a binding legal obligation, we keep only what the law requires (sections 7.8, 7.9).
• Rewrote Section 5 and put the top-line position first: Fluxer does not use AI to scan your messages, files, voice calls, or anything else you share. Re-framed the explicit-content classifier as a small, non-AI image model (OpenNSFW2) that runs locally on our servers, does not contribute to AI training, and exists only so that the privacy preferences of users who have opted out of receiving explicit content can be respected. Added the equivalent "no AI reads your content" position to the "How we handle your data" section at the top of the policy.
• Updated the California disclosures table in Section 17.4 to match the new sub-processor list, including IPinfo as the source of geolocation data and removing Backblaze.

2026-04-02

Terms of Service

• Added a clause clarifying that Fluxer is not designed or supported for safety-critical or critical-infrastructure use, and must not be relied on for military, emergency or first-response, healthcare, sanitation, utilities, or similar high-risk operations (section 3.4).