Privacy Policy
How we collect, use, and protect your personal information when you use Fluxer. Your privacy matters to us.
Last updated March 10, 2026
Effective date: 2026-03-10
The short version
You deserve to know what happens with your data. Here's the gist:
We will never sell, rent, licence, or monetise your personal data or message content. This commitment is baked into our Terms of Service. We have no advertising partnerships and no data broker relationships. We don't train AI models on your messages, files, or anything else you create or share on Fluxer. We never have, and we're not going to start. We don't profile you, track you across other websites, or serve you targeted ads. We don't have an advertising business and we don't plan to build one. We collect the minimum data we need to run the service, and where we could collect more, we choose not to. You own your data. You can export everything, delete anything, and close your account whenever you like. Most account data is currently hosted in the United States, and we explain below why we chose US East Coast infrastructure, what that means under US law (including the CLOUD Act), and how we're looking into regional alternatives. Where our privacy protections fall short, we tell you directly, explain why, and describe what we're doing about it.
This summary is here for convenience. Please read the full policy below for the detail.
Our privacy commitments
Before we get into the legal specifics, here's what we commit to. These aren't nice-sounding aspirations; they're binding obligations, enforceable under EU consumer protection law and referenced in our Terms of Service.
We will never sell, rent, licence, trade, or transfer your personal data or content to any third party for their own commercial purposes. We don't engage in "selling" or "sharing" personal information for cross-context behavioural advertising as the California Consumer Privacy Act (CCPA/CPRA) defines those terms. We don't serve advertisements and we don't build advertising profiles. No third parties get to advertise to you based on your Fluxer activity. Our revenue comes from optional premium subscriptions (Fluxer Plutonium), not from your data. We will never use your messages, files, voice communications, or any other content to train, fine-tune, evaluate, or improve AI or machine learning models, whether ours or anyone else's. We don't track your activity across websites, build behavioural profiles, use fingerprinting, or deploy advertising trackers or analytics SDKs. We collect only the data we need to run, secure, and improve the service. When we can get something done with less data, we use less. You can export your data, delete your messages, and close your account at any time. We'll honour those requests quickly and fully, subject only to limited legal retention obligations that we describe below.
We treat privacy by design and by default as a product and engineering principle, in line with GDPR Article 25. In practice, that means we try to minimise the personal data we collect, avoid tracking and profiling business models entirely, limit third-party exposure to cases where it's genuinely needed to provide a feature or meet a legal obligation, and build privacy-protective defaults, retention limits, and user controls into the service from the start rather than as an afterthought.
If we ever need to change these commitments, we'll give you at least 30 days' notice, explain what's changing and why, and ask for your consent before continuing to provide the service under modified terms.
1. Who we are
Fluxer Platform AB is a Swedish limited liability company (organisation number: 559537-3993), headquartered in Stockholm County, Sweden. We run the Fluxer chat platform and related services.
We are the data controller for your personal data when you use Fluxer, which means we determine how and why your personal data gets processed. As a Swedish company, we're subject to the General Data Protection Regulation (GDPR) as implemented in Sweden, supervised by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Privacy contact: Hampus Kraft, Founder and CEO
Email: privacy@fluxer.app
Postal address: Fluxer Platform AB, Norra Kronans Gata 430, 136 76 Brandbergen, Stockholm County, Sweden
Hampus Kraft is our primary contact for all privacy and data protection matters, including data subject requests, questions about this policy, and concerns about how your data is handled.
We keep under review whether our processing activities require us to appoint a Data Protection Officer (DPO) under GDPR Article 37. That assessment takes account of the scale of the service, our automated safety and abuse-prevention measures, access eligibility checks, security and operational logging, and relevant regulatory guidance. We haven't appointed a DPO at this stage, but we don't treat that position as fixed, and we'll update this section if our assessment changes.
We're also assessing whether we need to designate a UK representative under UK GDPR Article 27 as Fluxer grows, and we'll update this section when we have a clearer picture. UK residents can direct any data protection enquiry to privacy@fluxer.app.
2. What we collect — and what we don't
We want to be specific here. This section breaks down into three parts: what you give us, what we pick up automatically, and what we receive from others.
2.1 Information you provide to us
Account information. To create an account, we need your email address, a username, a password, and your date of birth. Your password is stored using Argon2id, a modern memory-hard hashing algorithm, so we never have it in readable form. You can optionally add a phone number. Where SMS services are enabled for the Fluxer instance you're using, a verified phone number can be used for SMS-based two-factor authentication (2FA) and certain account-security verification or recovery flows.
Content and communications. Messages, files, images, voice and video communications (where supported), community information, reactions, and profile data like your avatar, bio, and display name. This includes information about Communities you create or administer. This content belongs to you; see our commitments above and our Terms of Service for how we handle it.
Support and correspondence. Whatever you send us when you contact support, including message content, attachments, and any extra details you choose to share. Support interactions may be handled through our customer support platform (Intercom), which processes this information along with basic technical data like your IP address and browser type.
Payment information. If you buy Fluxer Plutonium or other premium features, payment processing goes through Stripe. We never store your full card details. Stripe gives us limited information to record and manage your purchases: billing country, partial card details (last four digits and expiry), payment status, and timestamps.
What providing this data means. Some data is necessary to create your account and run the service (email, date of birth, password). Without it, we can't set you up. Other data (phone number for 2FA, avatar, bio) is entirely optional.
Special categories of data. We don't ask for special categories of personal data, like information about your health, religion, race, ethnic origin, sexual orientation, political beliefs, or trade union membership. If you choose to share that sort of thing in your messages or profile, that's up to you. We will never use it to profile, target, or discriminate against you.
2.2 Information we collect automatically
When you use Fluxer, we automatically collect certain technical and usage information. Here's what that includes, and what it doesn't.
Device and technical information. IP address, browser type and version, operating system, device type, device identifiers, language settings, and similar technical data.
Usage information. We collect aggregate, non-identifying information about how Fluxer is used: which features people use and how often (voice calls started, files uploaded, reactions used, that sort of thing), pages and screens visited within the app or site, timestamps and session durations, and crash reports and performance metrics. We don't read message content for analytics. Our usage metrics count events (e.g. "messages sent") without looking at what those messages say.
Security and operational logs. Data our systems generate to keep things running and secure: login attempts and authentication events, changes to account settings, rate limits, API errors and system errors, and IP-based signals relating to spam, abuse, or unusual behaviour.
What we don't collect automatically. We don't use advertising trackers, third-party analytics SDKs, browser fingerprinting, cross-site tracking pixels, or any technology designed to follow you around the internet. We don't build behavioural profiles. We don't track which websites you visit before or after using Fluxer.
2.3 Information from other sources
Other users. When someone mentions you, adds you to a Community, sends you a message, or interacts with your account in some other way, the data involved includes identifiers (like your username and user ID), message content, and interaction metadata.
Service providers. We receive limited operational information from our service providers: delivery status and timestamps from Sweego (transactional email), verification status from Twilio (account verification), payment status and risk assessments from Stripe (payment processing), message content and resolution status from Intercom (support), and abuse or anomaly alerts from infrastructure providers (security).
Public or security sources. Occasionally, we receive security-related information from publicly available sources or from Stripe for fraud prevention, for instance checking whether an IP address is associated with known abuse, or receiving fraud signals as part of payment processing.
We combine this information with data we collect directly and automatically to help run, secure, and improve the service.
3. How we use your information — and how we don't
What we use your information for
Providing the service. Running the Fluxer platform, creating and managing your account, delivering your messages and content to the people you're sending them to, and making features work.
Security and safety. Keeping your account secure and preventing unauthorised access. Detecting, investigating, and preventing abuse, fraud, spam, and violations of our Terms of Service or Community Guidelines. Scanning uploaded media for child sexual abuse material (CSAM) as described in Section 5.
Communication. Sending you service updates, security alerts, and administrative messages necessary for your account to work properly.
Payments. Processing payments, managing subscriptions, and handling financial transactions for Fluxer Plutonium and other premium features.
Improvement. Understanding, at an aggregate level, which features get used and how the service performs, so we can fix bugs, sort out reliability issues, and figure out where to focus our effort. This relies on non-identifying aggregate metrics (error rates, feature-usage counts), not on the content of your messages or files.
Legal compliance. Meeting our legal obligations, responding to lawful requests, and protecting the safety, rights, and property of our users, the public, and Fluxer.
What we won't use your information for
We won't use your messages, files, voice or video communications, or any other content you create or share on Fluxer for targeted or behavioural advertising, for training or evaluating AI or machine learning models, for building profiles about you for ad targeting, marketing, or behavioural analysis, for selling, renting, or licensing to any third party for their own purposes, or for mining, analysing, or aggregating for our own commercial benefit beyond running the service.
3.1 Lawful bases for processing (GDPR)
If you're in the EEA, UK, or another jurisdiction that requires a lawful basis for processing, here's how we justify each type.
Contract necessity (GDPR Article 6(1)(b)). We process data that's necessary to provide the services you've asked for under our Terms of Service. That covers delivering messages, running Communities, maintaining your account, processing payments, and providing support. Without this processing, we can't provide the service.
Legitimate interests (GDPR Article 6(1)(f)). We process some data on the basis of our legitimate interests, balanced against your rights and expectations. For each activity that relies on this basis, we've carried out a three-part assessment: identifying the legitimate purpose, confirming the processing is necessary (with no less intrusive alternative available), and balancing our interests against your rights. This covers things like securing the platform and preventing fraud, maintaining and improving service reliability and performance, understanding feature usage at an aggregate level, and communicating with you about changes to our services or policies.
One example is account security and abuse prevention. Our legitimate interest is protecting users and the service from suspicious logins, spam, fraud, and other misuse. The processing is limited to technical and account-security data such as IP-based signals, login and authentication events, device and browser metadata, rate-limit triggers, and aggregate reliability telemetry, because we couldn't meaningfully detect or respond to those risks without it. We balance that against your rights by using those signals only for security, reliability, and service-administration purposes, not for advertising or behavioural profiling, restricting access to authorised staff, and keeping routine security and usage logs for up to 90 days under normal circumstances. You can object to processing based on legitimate interests at any time; see Section 10.
Legal obligations (GDPR Article 6(1)(c)). We process data where it's necessary to comply with the law, for instance accounting, tax, and record-keeping under Swedish law; child protection and CSAM reporting obligations; responding to lawful requests from public authorities; and complying with applicable data protection, security, and consumer laws.
Consent (GDPR Article 6(1)(a)). In a few cases, we may rely on your consent, for example where we need it to send certain optional communications, or where local law requires consent for specific processing or cookie use on our marketing site. You can withdraw consent at any time in your settings or by contacting us. Withdrawing consent doesn't affect the lawfulness of processing that happened before the withdrawal.
3.2 IP address geolocation
We use your IP address to work out your approximate location (city, region, and country level) for a few specific reasons: giving you security alerts when logins happen from new or unusual locations, showing you where your account is currently logged in for security monitoring, preventing fraud and detecting abuse, working out regional age requirements and access eligibility under local laws, and meeting legal obligations around export control and sanctions.
We use IP geolocation databases that run locally on our servers for internal platform functions. For regional access eligibility checks, we also use a Cloudflare Worker that we control, which returns MaxMind geolocation data based on your IP address. This Worker runs on Cloudflare's infrastructure using code we wrote and maintain, solely for regional access eligibility. No personal data goes to Cloudflare beyond the IP address the Worker needs to function.
Automated access decisions. Some regions have laws requiring online platforms to verify users' ages. Rather than asking for government ID uploads or biometric scans, which we think are disproportionately invasive, we enforce regional restrictions using automated systems that mainly rely on IP geolocation. This can affect whether you can access Fluxer or certain features from a given region.
This system isn't perfect. IP geolocation can be inaccurate, especially if you're travelling or using a VPN. If you think your access has been restricted by mistake, get in touch at privacy@fluxer.app. When you contact us to contest an access restriction, we'll acknowledge your request within 5 business days and conduct a human review of the decision. Your account will remain in its current state while we investigate. We'll notify you of the outcome and explain our reasoning. You have the right to express your point of view at any stage of this process. Where applicable data protection laws give you rights around automated decision-making (for example, under GDPR Article 22), we'll honour those rights as described in Section 10.
For full details on how regional restrictions work, which regions are currently affected, and what each restriction means in practice, see our Regional restrictions help article.
4. Who we share information with — and who we don't
We don't sell, rent, trade, or licence your personal data to any third party. We share information only in these limited situations.
4.1 When you direct us to share
We share your information when you intentionally interact with others on Fluxer: sending messages to other users, joining or participating in Communities, sharing content publicly or with specific groups, making your profile information visible through your settings, or choosing to connect to integrations or third-party services where available.
In those cases, other users can see what you choose to share and may further share or store it outside Fluxer. It's worth being thoughtful about what you share and with whom.
4.2 With service providers (processors)
We work with a carefully chosen set of third-party service providers who process data on our behalf. We've evaluated each one for privacy and security practices, and we enter into data processing agreements as required by GDPR Article 28.
Here's who they are, what they do, and where your data goes.
Infrastructure and data storage:
OVHcloud provides primary hosting in Vint Hill, Virginia, USA, and is one of the main locations where your data is stored and processed; OVHcloud also hosts voice and real-time communication servers. Vultr provides additional primary hosting, with our primary Vultr location for storing your data in Piscataway, New Jersey, USA; Vultr also hosts voice and real-time communication servers. Hetzner hosts voice and real-time communication servers. Backblaze stores encrypted backups in Amsterdam, Netherlands. Bunny.net runs our content delivery network (CDN) for user-generated content on the fluxerusercontent.com domain.
Security and safety:
Cloudflare runs a Worker we control that returns MaxMind geolocation data for regional platform access eligibility checks only. hCaptcha provides CAPTCHA challenges for bot prevention. The Arachnid Shield API, operated by the Canadian Centre for Child Protection (C3P), handles CSAM detection for user-uploaded media using cryptographic hash-matching, perceptual hashing, and Microsoft PhotoDNA, as described in Section 5. C3P is a Canadian registered charity subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). Canada benefits from an EU adequacy decision for commercial organisations subject to PIPEDA (Commission Decision 2002/2/EC, reviewed and reconfirmed by the European Commission in January 2024).
Error monitoring:
Better Stack handles application error monitoring. Error data is hosted in the EU. We send error and crash diagnostics directly to Better Stack over HTTPS so we can investigate reliability and security issues. This may include stack traces, runtime metadata (browser, OS, device details), release identifiers, and account identifiers tied to the active session (user ID, username, email). We don't use error monitoring data for advertising, and routine error reports don't include private message content or uploaded file attachments.
Third-party content:
Google provides YouTube embeds and GIF search (Tenor). KLIPY provides GIF search. We proxy all traffic to Tenor and KLIPY through our own servers, so your IP address and device identifiers are never visible to them, not for search queries and not when GIFs are displayed in Fluxer. For YouTube, we fetch metadata server-side and only load a YouTube iframe from your device if and when you choose to play a video.
Payment and communications:
Stripe handles payment processing for subscriptions and other purchases. Sweego, hosted in the EU, handles transactional email. Twilio provides SMS-based account verification. Intercom is our customer support platform. When you contact us through support, Intercom processes your messages, email address, and basic technical information on our behalf so we can manage and respond to your enquiry. Intercom acts solely as a processor under our instructions and doesn't use your data for its own purposes.
Other:
Porkbun handles domain registration. Porkbun processes certain data (like WHOIS records) partly as an independent controller under ICANN requirements.
Data processing agreements. We have data processing agreements in place with OVHcloud, Vultr, Hetzner, Backblaze, Bunny.net, Cloudflare, hCaptcha, Better Stack, Stripe, Sweego, Twilio, and Intercom.
Independent controllers. Some providers, like Google (for YouTube embeds) and hCaptcha, may process data as independent controllers when you interact directly with their services (for example, when you play an embedded YouTube video or complete a CAPTCHA). In those cases, their own terms and privacy policies apply too.
Changes to providers. We'll update this list when we add or replace sub-processors that handle personal data, and we'll note material changes in our policy changelog.
4.3 When required by law or to protect rights
We may disclose your information if we reasonably believe it's necessary to comply with a valid legal obligation, legal process, or enforceable governmental request; to enforce our Terms of Service or other agreements; to protect the safety, rights, or property of our users, the public, or Fluxer; or to detect, prevent, or address fraud, security, or technical issues.
Where the law allows it and where doing so wouldn't create a risk to safety, security, or legal obligations, we'll try to let you know before we disclose your information in response to legal requests, especially if the request concerns your account or content.
4.4 Business transfers
If we're involved in a merger, acquisition, reorganisation, sale of assets, or similar transaction, your information may need to be transferred. If that happens, we commit to the following.
We'll notify you at least 30 days in advance, where legally permitted, before any transfer of your personal data to a new entity. The acquiring entity will be bound by the commitments in this Privacy Policy for as long as it holds your data, unless it gets your affirmative consent to a new policy. You'll have the chance to delete your account and request deletion of your data before the transfer takes effect, and we'll give you clear instructions on how to do that. We won't transfer your data to any entity that doesn't agree to honour these protections.
5. Content scanning for safety
We use automated tools and, in limited circumstances, human review to help keep Fluxer safe and compliant with the law. Content scanning involves privacy trade-offs. Here's what we do, why we do it, and where the limits are.
5.1 CSAM scanning
What we do and why. We have a legal and moral obligation to prevent the distribution of child sexual abuse material (CSAM) on our platform. All user-uploaded media is checked against databases of known CSAM before it gets stored. We use the Arachnid Shield API, operated by the Canadian Centre for Child Protection (C3P).
The trade-off. Every image and video you upload is transmitted to an external service during the upload process. We believe preventing the distribution of child sexual abuse material justifies this, but we also recognise that sending media to any external party is a real privacy consideration. We're working to self-host the hash databases in the future so that matching can happen entirely on our own infrastructure, without sending your files to a third party. We'll update this policy when that transition is done.
How it works. When you upload media, we securely transmit the file to the Arachnid Shield API over HTTPS. The API checks it against C3P's database of known CSAM, material that has been identified and confirmed by law enforcement and child safety organisations worldwide. This happens during the upload: if there's a match, the upload is immediately rejected and the content isn't delivered to anyone. C3P doesn't store, retain, or independently use your uploaded files. They're processed in real time and discarded by C3P straight after the check.
What this system doesn't do. This isn't AI, machine learning, or generative content analysis. The system uses cryptographic hash-matching, perceptual hashing, and Microsoft PhotoDNA to detect exact and near-exact matches of media that has already been identified and confirmed as CSAM. In practice, that means it can catch the same known file and simple variants of it, such as resized, cropped, or recompressed versions, but not genuinely new material that hasn't previously been identified and added to those databases. And it doesn't scan your text messages, only uploaded media.
What gets scanned. All user-uploaded media: avatars, emojis, stickers, and file attachments. These are all subject to CSAM scanning before storage.
What doesn't get scanned. Text messages and the main Fluxer application traffic aren't processed by this tool.
When a match is detected, the upload is immediately rejected and not delivered to anyone. We take appropriate action, which may include immediate account suspension. We're legally obliged to report confirmed CSAM to the National Center for Missing & Exploited Children (NCMEC), which may share reports with law enforcement agencies worldwide. Where required or permitted by law, we preserve the matched media and related records for reporting and evidence preservation.
Evidence retention. If a match is detected, we may keep the matched media (or a limited evidentiary record such as hashes, metadata, and logs) in a secure evidence store for as long as the law requires or as otherwise needed for reporting and compliance.
5.2 NSFW content classification
We use an automated machine-learning classification model to detect probable nudity and explicit content in user-uploaded images and video thumbnails. This model runs entirely on our own servers. No media is sent to any third party for this. The model analyses visual features of uploaded media and outputs a probability score; when that score exceeds a set threshold, the content is marked with an explicit-content indicator and access is restricted to users who are 18 or older. This is a content classification tool, not a system that makes decisions about individuals' access to essential services or rights.
5.3 Other safety measures
Beyond CSAM and NSFW scanning, we may use automated systems to detect and block malware, phishing, spam, and other harmful or abusive content; to prevent and mitigate harassment, raiding, or coordinated abuse; to detect suspicious login attempts or access patterns; and to enforce our Terms of Service and Community Guidelines.
These systems mainly rely on metadata, patterns, and signals like message frequency, link patterns, account age, and IP reputation. We don't use your private messages or files to build behavioural advertising profiles.
Where it's necessary for enforcing our policies, ensuring safety, or responding to user reports, authorised staff may review specific content. That access is subject to strict access controls and audit logging. We know who accessed what, when, and why.
5.4 Data Protection Impact Assessments
Where our processing is likely to create a high risk to individuals' rights and freedoms, we carry out Data Protection Impact Assessments (DPIAs) as required by GDPR Article 35. We've completed DPIAs for three processing activities: our CSAM detection process (the scanning of user-uploaded media via the Arachnid Shield API, described in Section 5.1), our NSFW content classification system (Section 5.2), and our IP-based automated access decisions (Section 3.2). Each assessment evaluates the necessity and proportionality of the processing, identifies risks to data subjects, and documents the technical and organisational measures we use to mitigate them. We review and update our DPIAs when we introduce new processing activities, significantly change existing ones, or on a regular schedule — whichever comes first.
6. Data storage and international transfers
6.1 Where your data is stored
We store and process data in several locations.
Our primary servers are at OVHcloud (Vint Hill, Virginia, USA) and Vultr (Piscataway, New Jersey, USA). Your main data (account information, messages, communities, and other content) lives on these servers. Voice and real-time communication servers are hosted by OVHcloud, Vultr, and Hetzner. Voice and video traffic handled by these RTC servers is encrypted in transit but not currently end-to-end encrypted; see Section 9 for more on this trade-off and the improvements we're working on. Encrypted backups go to a Backblaze data centre in Amsterdam, Netherlands. User-generated content is delivered and cached through Bunny.net edge locations worldwide (for content on the fluxerusercontent.com domain). For safety scanning, user-uploaded media is transiently processed by the Arachnid Shield API (C3P) in Canada for CSAM detection. Files are processed in real time and C3P doesn't store them.
6.1.1 Why our primary hosting is currently in the United States
Right now, our main application data is hosted in data centres on the US East Coast. We chose these locations because, at our current stage, they offer a good balance of connectivity, reliability, and acceptable latency for a global service. This is a practical choice, not a statement that US hosting is better from a privacy standpoint, and we keep evaluating alternatives.
We think it's important to be upfront about the trade-off: storing primary data in the United States means it may be subject to lawful access requests under US law, including the Clarifying Lawful Overseas Use of Data Act (the "CLOUD Act"). Under the CLOUD Act, a provider of electronic communication service or remote computing service that falls under US jurisdiction can be required to hand over data in its possession, custody, or control, even when that data is stored outside the United States. So US hosting, and the use of providers subject to US jurisdiction, can create an additional foreign-government access risk that you should be aware of.
We treat this as a real privacy consideration, not fine print. We account for it in our transfer impact assessments, provider reviews, and the legal request procedures described in Sections 6.2 and 14.
6.1.2 Regional hosting we're considering
We want to reduce our reliance on US-hosted primary infrastructure over time. One option we're looking into is a separate EU region where accounts and Communities could be hosted in Europe.
Regional hosting would fit naturally with future federation work by allowing data and community operations to stay closer to the legal and technical environment they're meant for. Depending on the providers and architecture involved, this could reduce this exposure rather than eliminate it entirely. That said, we're exploring this direction, not promising a feature on a specific timetable. If we introduce regional hosting, we'll explain clearly what it changes, what it doesn't, and which legal regimes still apply.
6.2 International data transfers
Because we operate globally and use service providers in different countries, your data may be transferred to and processed in countries outside your own, including the United States and Canada. These countries may have different data protection laws.
How we protect your data during transfers. Where required by law (for example, under GDPR), we put appropriate safeguards in place.
We include Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities in our data processing agreements, and we maintain SCCs as a safeguard even where other adequacy mechanisms may apply. We carry out Transfer Impact Assessments, evaluating the legal framework in each recipient country and the practical ability of authorities to access data. Our current supplementary measures are mainly contractual, organisational, and conventional technical protections: encryption in transit and at rest, strict access controls, audit logging of access to user data, and contractual restrictions on how providers may use data.
We also want to be direct about the limits of those measures. We don't currently claim jurisdiction-specific key separation, customer-controlled encryption keys, or a technical architecture that prevents a provider with access to server-side data from being compelled to disclose it under a lawful order. For data that we need to process on our servers to provide Fluxer, these measures reduce transfer and access risk, but they don't remove it entirely.
We don't transfer your data to third parties for their own independent advertising or marketing purposes. You can contact us for more detail on the safeguards we use for international data transfers (see Section 16).
7. Data retention — how long we keep what, and why
We keep your personal data only for as long as we need it to fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. We actively review retention periods and delete or anonymise data that's no longer needed.
7.1 Active accounts
While your account is active, we keep your personal data, messages, Communities, and other content so the service works. You can delete specific content yourself at any time.
7.2 Attachments and expiry
Attachments may remain available only for a limited time, depending on things like file size, age, and how often they're accessed. Items you save to Saved Media are treated differently and aren't subject to the same expiry rules. For current details, see our help article on attachment expiry.
7.3 Deleted content
When you delete messages or other content:
Database records (messages, account data) are removed from active systems quickly, usually within minutes. Deleted records may linger in encrypted backup systems for up to 30 days before being permanently removed.
Media attachments are removed from active storage usually within hours. Media attachments aren't included in our database backup systems, so once they're cleared from active storage and CDN caches, they're permanently gone. We use Bunny.net's cache purge API to invalidate cached attachments as soon as possible after deletion; in practice, short delays can happen because of rate limits and global propagation.
If you exercise your right to erasure under GDPR Article 17, we treat the 30-day backup retention period as a documented technical limitation. During this window, deleted data remains in encrypted backups that are not used for any active processing and are subject to scheduled purging. We consider your erasure request fully honoured once the data has been removed from both active systems and backup cycles.
We may keep certain data beyond these periods only where the law requires it (for example, for tax or legal compliance).
7.4 Inactive accounts
We may delete accounts after 2 years of inactivity. Before that happens, we'll send advance notice to the registered email address. For details on how we define inactivity, notice periods, and what happens during deletion, see the guide to deleting or disabling an account.
When an account is deleted, you lose access to the account and its data. Messages you posted in Communities or direct messages may remain visible to other users unless you delete them first.
7.5 Payment and transaction data
We keep transaction records for at least seven years, as required by Swedish bookkeeping law (Bokföringslag 1999:1078), and for as long after that as is necessary for legal compliance, dispute resolution, or fraud prevention. We periodically review whether we still need to keep them. We don't store full payment card numbers.
7.6 Logs and security data
Security logs and usage logs are kept for up to 90 days under normal circumstances and then deleted or anonymised. We may keep certain logs beyond 90 days where it's necessary to investigate an active security incident, comply with a specific legal obligation, or resolve an ongoing dispute, and we delete them once the reason for keeping them no longer applies.
Audit logs (records of administrative actions, enforcement decisions, and account changes) are kept for as long as we need them for accountability, appeals, dispute resolution, and legal compliance, and reviewed periodically.
7.7 Summary of retention periods
| Data category | Retention period |
|---|---|
| Account information | While your account is active |
| Messages and user content | While your account is active, unless you delete them earlier |
| Deleted messages (database records) | Removed from active systems within minutes; removed from encrypted backups within 30 days |
| Deleted media attachments | Removed from active systems within hours; CDN caches purged as soon as practicable (not backed up) |
| Security and usage logs | Up to 90 days (longer only for active investigations or legal obligations) |
| Audit logs | Kept as necessary; reviewed periodically |
| Payment and transaction records | At least 7 years (Swedish bookkeeping law); reviewed periodically thereafter |
| Inactive accounts | Scheduled for deletion after 2 years of inactivity, with advance notice |
| CSAM evidence records | As required by law or for active investigations |
8. Your privacy controls
8.1 Privacy dashboard and in-app controls
Through your Privacy Dashboard and account settings, you can do the following.
Export your data. Request a full export of your account data via the Data Export tab. We currently provide user exports as a ZIP archive containing machine-readable JSON files (including account data, per-channel message history, payment history, and security data), plus profile assets where applicable. Message attachments aren't bundled into the standard user export; instead, the export includes CDN URLs you can use to download them while they're still available. See the help article on exporting your account data for current details.
Download attachments. Use the URLs in your data export to download attachments before deleting messages or before they expire.
Delete messages. Delete individual messages in-app. Deleting a message also deletes any attachments in that message.
Bulk deletion. Delete all of your messages via the Data Deletion tab in the Privacy Dashboard. Processing may run in the background and can take a while for large accounts. See the article about requesting data deletion.
Delete your account. Schedule deletion of your account, which goes through after a grace period unless you sign back in during that period to cancel. See the guide to deleting or disabling an account.
8.2 Requests by email
If you need specific data removed or changed without deleting everything, email privacy@fluxer.app from the email address linked to your Fluxer account. Describe clearly what you'd like us to do, and we may ask for more information to confirm your identity.
If you want a copy of your data before deleting messages or your account, request an export first and wait for it to finish.
9. Data security
We maintain technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Our current measures include industry-standard encryption for data in transit (TLS), strong encryption for data at rest on our servers and backups, secure and professionally managed data centres with physical security controls, security updates, patch management, and infrastructure hardening, rate limiting and protections against abuse and attacks, access controls so that only authorised staff can access user data on a need-to-know basis and for limited purposes, regular encrypted backups for disaster recovery, and audit logging of access to user data.
A note on encryption. Fluxer is not currently end-to-end encrypted. While your data is encrypted in transit (between your device and our servers) and at rest (on our servers and backups), we have the technical ability to access message content on our servers.
The same is true right now for real-time voice and video communications. Our RTC infrastructure currently relies on OVHcloud, Vultr, and Hetzner, as described in Section 6.1. Although that traffic is encrypted in transit, it's not end-to-end encrypted. In practical terms, you currently need to trust both us and those RTC infrastructure providers, because the content of your voice and video communications can be technically accessible within that service path.
We're disclosing this because you should know. We're working towards end-to-end encryption for RTC communications so that, when it's ready, the content of your voice and video traffic won't be accessible to us or to those RTC infrastructure providers. Even then, some metadata (account information, call timing, network routing information) will still need to be processed to keep the service running. We'll update this policy as things evolve.
Responsible disclosure. If you discover a potential security vulnerability, please visit our Security bug bounty page and follow the reporting instructions. We appreciate responsible disclosure and may acknowledge your contribution.
9.1 Data breaches
If we become aware of a personal data breach, we will investigate and take appropriate remedial steps. We'll notify the relevant supervisory authority (IMY) within 72 hours of becoming aware of the breach where it's likely to pose a risk to your rights and freedoms (as required by GDPR Article 33). We'll notify you without undue delay where the breach is likely to pose a high risk to your rights and freedoms (as required by GDPR Article 34). And we'll comply with any other breach notification obligations under applicable law.
Notifications will include information about what happened, what data may be affected, the likely consequences, and steps you can take to protect yourself.
10. Your privacy rights
Depending on where you live, you may have rights over your personal data. We're committed to honouring these rights quickly and in good faith.
10.1 Rights under GDPR (EEA and UK)
Right of access. You can ask us to confirm whether we process your personal data and, if so, get a copy.
Right to rectification. You can ask us to correct personal data that's inaccurate or incomplete.
Right to erasure ("right to be forgotten"). You can ask us to delete your personal data where it's no longer necessary for the purposes it was collected for, or in other circumstances the law provides for.
Right to restriction. You can ask us to restrict processing of your personal data in certain circumstances (for example, while we verify its accuracy or assess an objection).
Right to object. You can object to processing based on legitimate interests. We'll stop processing unless we can show compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.
Right to data portability. You can ask for a copy of your personal data in a structured, commonly used, machine-readable format and ask us to send it to another controller where technically feasible. For self-service exports today, that format is a ZIP archive containing JSON files, with download URLs for message attachments and certain related assets where applicable.
Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time. This doesn't affect the lawfulness of processing that took place before the withdrawal.
Rights around automated decision-making. Where automated decisions significantly affect you (like regional access eligibility), you have the right to get human review, express your point of view, and contest the decision.
10.2 Rights under CCPA/CPRA (California residents)
If you're a California resident, you have the right to know what personal information we collect, use, disclose, and share; the right to delete personal information in certain circumstances; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we don't sell or share personal information); the right to limit the use and disclosure of sensitive personal information; and the right not to be discriminated against for exercising your rights. For additional disclosures required by California law, see Section 17.
10.3 Exercising your rights
You can exercise many of your rights directly through your Privacy Dashboard and account settings.
You can also contact us at privacy@fluxer.app. When you do, we may need to verify your identity (for example, by asking you to reply from your registered email or provide extra details). We'll respond within the timeframe required by applicable law (usually within 30 days, or up to 45 days where permitted). If we can't fully comply with your request (for example, because of legal obligations or the rights of others), we'll explain why and what options are still available to you.
You can authorise an agent to submit requests on your behalf where the law permits it. We may ask for proof of authorisation.
10.4 Complaints to supervisory authorities
You have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated. In Sweden, the relevant authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se. In the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk. You can also contact the authority in your country of residence.
We'd prefer you contact us first so we can try to sort things out directly.
11. Children's privacy
We take children's privacy seriously and apply extra protections for younger users.
11.1 Minimum age requirements
You need to meet the minimum age requirement in your region to create and use a Fluxer account. In most places, including Sweden, that's 13 years old, but it may be higher in certain countries. For a full list, see our help article on minimum age requirements.
Users who are above the minimum age but below the age of legal majority (for example, under 18) may use Fluxer, but our Terms require a parent or guardian to review and agree to them on the user's behalf.
11.2 How we protect younger users
We determine eligibility based on your approximate geographic location and self-reported information. We may turn on enhanced safety features by default for users we identify as under 18, like stricter privacy defaults or restricted access to age-restricted features. We don't profile minors for advertising or commercial purposes, and since we don't profile anyone for those purposes, this protection applies to everybody.
We don't use invasive verification methods like government ID uploads or biometric scans for general access. Where legal frameworks require methods we don't support, we restrict access as described in Section 3.2 and on our Regional restrictions page.
11.3 If we learn a child doesn't meet the minimum age
We don't knowingly collect personal information from children under the minimum age in their region. In the United States, we don't knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If we find out that we've collected personal information from a child who doesn't meet the minimum age requirement, we'll take steps to delete that information and, where appropriate, delete the account.
If you're a parent or legal guardian and believe your child has used Fluxer without your consent or doesn't meet the minimum age requirement, please contact privacy@fluxer.app from the child's registered email address (or with enough proof of guardianship) to request deletion of their account and data.
12. Cookies and similar technologies
12.1 Our approach
We don't use third-party advertising or tracking cookies anywhere on our platform. No advertising trackers, analytics SDKs, or fingerprinting technologies. Operational logging and limited feature-usage telemetry are stored server-side and aren't used for advertising or cross-site profiling.
12.2 Cookies we set
We set a small number of cookies, all strictly necessary for the operation and security of the service. Under the ePrivacy Directive, strictly necessary cookies don't require consent. The current first-party cookies we set are:
| Cookie name | Purpose | Duration | Scope |
|---|---|---|---|
| locale | Remembers your language preference | 1 year | Marketing site (fluxer.app) |
| csrf_token | Protects against cross-site request forgery (CSRF) attacks | 24 hours | Marketing site |
| __flx_sudo or __flx_sudo_<user_id> | Verifies your identity during sensitive account operations | 5 minutes | Fluxer application |
Where a sudo-mode cookie is tied to a specific account, we suffix the cookie name with that account's user ID.
12.3 Client-side storage
The Fluxer application doesn't use cookies for authentication or session management. Instead, it uses your browser's local storage and session storage for preferences (like theme, media volume, and playback settings). This data stays on your device and isn't sent to our servers.
12.4 Third-party cookies
When you interact with embedded third-party content, those third parties may set their own cookies.
hCaptcha may set cookies when you complete a CAPTCHA challenge. These are for bot detection and are governed by hCaptcha's privacy policy. YouTube may set cookies if and when you choose to play an embedded video. We fetch video metadata on our servers so YouTube isn't contacted until you actually press play. YouTube cookies are governed by Google's privacy policy.
12.5 Managing cookies
You can control cookies through your browser settings. Because all Fluxer cookies are strictly necessary, switching them off may stop certain features from working properly. If we ever introduce non-essential cookies (for analytics, say), we'll update this section and get your consent before setting them.
12.6 Opt-out preference signals
We honour browser-level opt-out preference signals like Global Privacy Control (GPC). Because we don't sell or share personal information for advertising, these signals don't change how we process your data in practice, but we recognise them as valid opt-out requests as the CCPA requires.
We don't respond differently to Do Not Track (DNT) browser signals, since there's no industry consensus on how DNT should be interpreted. That said, our practices already reflect the idea behind DNT: we don't track users across third-party sites.
13. Third-party services and links
Fluxer may contain links to or integrations with third-party services. Here's how they work.
GIF search (Tenor, KLIPY). Both search queries and GIF embedding go through our servers. These providers never see your IP address or device identifiers.
YouTube links. We fetch metadata from the YouTube API on our servers to show previews without your device contacting YouTube. If you play an embedded video, the content loads directly from YouTube, and YouTube may collect information under its own privacy policy.
Other third-party content. If you interact with embedded third-party content, it may load directly from that third party, which may collect information from your device under its own terms.
Third-party services have their own privacy policies and data practices. We aren't responsible for their privacy practices, and we'd encourage you to check their policies.
14. Law enforcement and legal requests
We take the privacy and security of our users seriously and look carefully at all legal requests for data.
Requests should be directed to legal@fluxer.app and should clearly identify the requesting authority, legal basis, and scope of data requested. We may refuse or narrow requests that are too broad, not legally valid, or inconsistent with applicable law. Where legally permitted and where it wouldn't create a risk to safety, security, or legal obligations, we'll try to let affected users know before disclosing their data so they have a chance to object. We may disclose data without prior notice where we reasonably believe it's necessary to prevent harm, protect individuals' safety, or respond to emergencies, in line with applicable law.
15. Changes to this Privacy Policy
We may update this policy to reflect changes in our practices, services, or legal obligations. If we make significant changes, we'll give at least 30 days' notice through one or more of these channels: email, in-app notifications, or a notice on our website. We'll indicate the effective date at the top of this policy, and within Fluxer we may show a persistent notice linking to the updated policy.
After the effective date, the updated policy applies to your continued use of Fluxer. We may also ask you to review and acknowledge significant changes in the app so we can record that you've seen them.
If you don't agree with the updated policy, you can export your data, delete your messages, and delete your account at any time using the tools described in Section 8.
We keep a changelog of all significant changes for reference.
16. Contact us
Privacy and data protection
Email: privacy@fluxer.app
Contact person: Hampus Kraft, Founder and CEO
General support
Email: support@fluxer.app
Website: https://fluxer.app/
Postal address
Fluxer Platform AB
Norra Kronans Gata 430
136 76 Brandbergen
Stockholm County, Sweden
Organisation number: 559537-3993
For account-related requests, please contact us from the email address associated with your Fluxer account wherever possible. It helps us verify your identity and protect your account.
17. Additional information for California residents
This section provides the additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, "CCPA"). It supplements the rest of this policy and applies only to California residents.
17.1 Categories of personal information we collect
| CCPA category | Examples we collect | Sources |
|---|---|---|
| Identifiers | Username, email address, user ID, IP address, device identifiers | You; automatic collection; service providers |
| Customer records (Cal. Civ. Code § 1798.80(e)) | Billing country, partial payment card details (via Stripe) | You; Stripe |
| Internet or other electronic network activity | Pages visited, features used, session timestamps, crash reports, browser type, OS | Automatic collection |
| Geolocation data | Approximate location (city/region/country) derived from IP address | Automatic collection |
| Audio, electronic, visual, or similar information | Voice and video communications (where supported), uploaded images and files | You |
| Inferences | Approximate region for eligibility checks, spam/abuse risk signals | Automatic collection |
We don't collect biometric information, professional or employment-related information, or education information.
17.2 Sensitive personal information
Of the CCPA's "sensitive personal information" categories, we collect account log-in credentials (email address combined with password) for the purpose of providing the service and securing your account. Additionally, as of 1 January 2026, the CPRA classifies personal information of consumers under 16 as sensitive personal information. Because Fluxer permits account creation by users aged 13 and older (depending on jurisdiction), we may collect and process personal information that falls within this category. We don't use or disclose sensitive personal information beyond what's necessary to provide the service.
17.3 Business purposes for collection
We collect and use personal information for the purposes described in Section 3: providing the service, securing accounts, preventing abuse, processing payments, improving reliability, and complying with legal obligations.
17.4 Categories disclosed for a business purpose
| CCPA category | Recipients | Purpose |
|---|---|---|
| Identifiers | Infrastructure providers (OVHcloud, Vultr, Hetzner, Backblaze, Bunny.net); error monitoring (Better Stack); payment (Stripe); communications (Sweego, Twilio); support (Intercom) | Hosting, delivery, payments, support, error diagnostics |
| Customer records | Stripe | Payment processing |
| Internet or electronic network activity | Better Stack; Cloudflare; hCaptcha | Error diagnostics, bot prevention |
| Geolocation data | Cloudflare (via Worker we control) | Regional access eligibility |
| Audio, electronic, visual, or similar information | Arachnid Shield API (C3P); Bunny.net | CSAM detection, content delivery |
17.5 Sale and sharing of personal information
We don't sell personal information. We don't "sell" or "share" (as the CCPA defines those terms) personal information for cross-context behavioural advertising or any other purpose. This applies to all consumers, including those under 16.
17.6 Retention
We keep each category of personal information for the periods described in Section 7.
17.7 Your California rights
California residents have the rights listed in Section 10, including the rights to know, delete, correct, opt out of sale/sharing (we don't sell or share), and not be discriminated against. You can exercise these rights by contacting us at privacy@fluxer.app or through the privacy controls described in Section 8. You can also designate an authorised agent.
17.8 Opt-out preference signals
We honour Global Privacy Control (GPC) and similar signals as described in Section 12.6.