Privacy Notice for Fluix Service

Effective date: 10 July 2025 (view archived versions).

Key Changes

At Fluix, we care about our users, and, as Fluix evolves, we amend our Privacy Notice accordingly.

In a nutshell, we:

  • clarified processing of logs; and
  • revised the list of processed data to improve clarity.

We encourage you to carefully review the full text of the Privacy Notice for Fluix Service. The changes become effective as of the publication date above.

Intro

Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our Web application Fluix, the iOS applications Fluix Docs and Fluix Tasks, and the Android application Fluix Tasks (“Service”) under the Terms of Service.

This Privacy Notice describes which of your personal data the Service collects, how stores, processes, and uses it, and what happens when you use the Service.

We collect your personal data according to this Privacy Notice when you use the Service. When you use our website, available following the link fluix.io (“Website”), your personal data is processed in accordance with the Privacy Notice for Fluix Website.

We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards by certifying our product with ISO 27001, attesting to SOC 2 Report, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other applicable privacy laws.

Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.

Table of Contents

About Us

NameFluix Limited
Registration number630284
AddressFitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland
Emailsupport@fluix.io – for general inquiries
dpo-fluix@fluix.io – for privacy inquiries
Data Protection Officer (DPO)Privacity GmbH
Neuer Wall 50, 20354 Hamburg, Germany

About You

When you register in our Service, or your teammate registers you, you become our user. Our users can have different types of access and rights in the company’s account.

Userany user who registers by himself/herself or is registered by a teammate in the Service.
Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us.

Personal Data

Sources of Data

We receive data about you and your team when you register in our Service (via the Service or with our help) and interact with it, depending on your actions in the Service.We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.

To process your personal data, we rely on the following legal bases:

  • performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (for example, the Terms of Service) with you;
  • legal obligation — for the processing of data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
  • legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
  • consent — for additional processing for specific purposes.

Personal Data at Fluix

Technical Data

When you use our Service, we may collect some data in logs or automatically.

Type of dataReasons for processingLegal basisData storage
Device info (device type, local time, other characteristics).Improvement of our Service.Legitimate interest.Stored for 2 years after the account deletion or expiration of the trial, or until the objection whichever happens earlier.
Data that a certain User enters into a document.Improvement of our Service.Legitimate interest.Stored for 30 days after the deletion of the account or expiration of the trial.
IP-addressApplying relevant country settings.Performance of contract.Stored for up to 1 year after the account deletion or expiration of the trial, or until the objection whichever happens earlier.
Ensuring security.Legitimate interest.
Interactions with the Service (e.g., activation and use of the features)Improvement of our Service.Legitimate interest.Stored for 2 years after the account deletion or expiration of the trial, or until the objection whichever happens earlier.

Registration Data

When you register in the Service, you leave certain data about you, your teammates, and your company. We may also use the data you leave in the “Book a demo” or “Get Started” or “Create your Fluix account” form to register you as a User of the Service.

We also create a company ID once a new company is registered in Service and assign new Users to these IDs.

Type of dataReasons for processingLegal basisData storage
First and last name.To identify Users.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
User IDTo identify Users.Performance of the contract.Stored until the deletion of the account or expiration of the trial and 2 years after.
To analyze and improve the Service.Legitimate interest.
Company name.To identify the registered companies and connect Users in teams.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
To analyze and improve the Service.Legitimate interest.
Company ID.To identify the registered companies and connect Users in teams.Performance of the contract.Stored until the deletion of the account or expiration of the trial and 2 years after.
To create more relevant messaging and analyze and improve the Service.Legitimate interest.
Email.To identify Users and contact concerning the use of the Service.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
Hashed emails in logs are stored for thirty (30) days from the log date.
To ask for the feedback or suggest participation in the users’ surveys or company’s events.Legitimate interest.
To send marketing mailing.Consent.
Phone number.To identify Users and contact concerning the use of the Service.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
Country.To apply the relevant settings and type of payment process.Performance of the contract.
Time and date for the activation call.To help you to set up the Service.Performance of the contract.
Password.To protect your account.Performance of the contract.Stored until the deletion of the account or expiration of the trial.
Job title.To create more relevant messaging, analyze and improve the Service.Legitimate interest.Stored for 30 days after the deletion of the account or expiration of the trial, unless objected earlier.

Email Interaction Data

When, after filling out the registration form, you receive a registration email from us, we may collect the data about you and your interaction with the email.

To obtain that data, we use a third-party service provider.

Type of dataReasons for processingLegal basisData storage
When you open a registration email.
Region of the User.To track the possible problems of the User and improve the Service.Legitimate interest.Stored for 45 days after the collection.
Operating system information.
Browser information.
Device and platform used to read the email.
When you click on the link in the registration email.
IP.To track the possible problems of the User and improve the Service.Legitimate interest.Stored for 45 days after the collection.
User-Agent.
Link ID.
Timestamp.

Settings Data

Admin of the account can adjust the settings of the account, which are connected to each of the Users of that account.

Type of dataReasons for processingLegal basisData storage
Company email domain.To let you log in using Single Sign-On (“SSO”).Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
SSO URL.To redirect the User to the SSO flow.
USER ID ATTRIBUTE.To verify the email of the User logging in with SSO.

Functionality Data

When you use our Service, you can provide us with data about you or other Users, which we use to provide you with the Service, improve the Service and ensure the security of the information systems.

Type of dataReasons for processingLegal basisData storage
Time of the last login in the Service.To show the other Users the periods of your last activity.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
Group membership.To let you manage permission and access.Performance of the contract.
Role in the account.To let you manage permission and access.Performance of the contract.
To create more relevant messaging and improve the Service.Legitimate interest.
Information on the processes and tasks assigned.To provide you with the Service functionality.Performance of the contract.
To create more relevant messaging and analyze and improve the Service.Legitimate interest.
Files uploaded.To provide you with the Service functionality.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
If files constitute a security threat, they are processed up to ninety (90) days, unless longer is required by law.
To ensure the security of the information systems.Legitimate interest.
Device info.To let your admins see your device info for security reasons.Performance of the contract.Stored for 30 days after the deletion of the account or expiration of the trial.
LogsTo provide you with the Service functionality. Performance of the contract.Stored for 30 days from the date of the log.
To ensure the security of the information systems.Legitimate interest.

Billing Info

We obtain this information when you pay for the use of the Service or when we invoice you.

Type of dataReasons for processingLegal basisData storage
Payment method.To process the payment.Performance of the contract.Stored for 30 days after the deletion of the account.
Payment term.To process the payment.
Choice of the plan.To provide you with the requested functionality.
Company name.To identify the company you pay for.
First and last name of the paying User.To identify the payer.
Email of the paying User.To process the payment.
Phone of the paying User.To contact in case of any questions about the payment.
Country of the company.To comply with applicable legislation.Legal obligation.Stored for 6 years after the deletion of the account.
Postal code of the company.
City of the company.
Address of the company.
VAT number.
Name on the card.To process the payment.Performance of the contract.Stored for 30 days after the deletion of the account.
Card number.
Expiry date.
Secure code.
Invoices.To provide you with the info about the payment to make.Legal obligation.Stored for 6 years after the deletion of the account.
Invoices.To store the invoices in the Service.Legal obligation.

Support Request Data

When you address your request to the support in the Service, we collect some information to help you.

Type of dataReasons for processingLegal basisData storage
Email.To respond to your request.Performance of a contract.Stored for 3 years after the end of the communication on the issue.
Phone.
Text of the request.To fulfill your support request.
Attached files.
Logs.
Feedback.To improve our services.Legitimate interest.

Data Received from Third Parties

We may receive some personal data from third parties. Mainly, the received data is the same as indicated in this Privacy Notice, provided not by the User, but by the representative of the purchaser of the Service.

The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties. To get a detailed list of social networks, contact us.

Data Sharing with Third Parties

We may share your personal data with the service providers and contractors to the extent necessary to provide services, technical and customer support, and ensure security of our Service.

To share your data, we rely on the following lawful bases, such as consent, compliance with the law, and performance of a contract, depending on the specific circumstances.

Third PartyDescription
Analytics toolsWe use analytics tools to understand and promote our business.
ContractorsWe cooperate with contractors to operate, develop, and improve the features and functionality of the App, fulfill your support requests, etc.
We sign data processing agreements with them and impose various security measures to ensure your data is safe.
Services Fluix usesWe use third-party services to provide you with the functionality of the Service.
Services our team usesWe use CRM systems, messengers, and other services in our organization to provide you with our services.
State authorities, courts, law enforcement agencies, etcWe may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
– to comply with a government request, court order, or applicable law;
– to prevent unlawful use of the App;
– to protect against claims of third parties;
– to help prevent or investigate fraud.
To get a detailed list of the third-party recipients of your personal data, contact us.

Data Transfer Outside the European Economic Area

The personal data we collect is stored on servers in the USA, which participate in the Data Privacy Framework, and European Economic Area (“EEA”) servers, which fall under the General Data Protection Regulation.

We may share personal data with the recipients in the USA and other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation. For example, we share some data with our contractors in Ukraine.

To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

You can read more about measures implemented to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.

Security Measures

We are regularly certified by ISO 27001 Standard and hold the SOC 2 Type 1 report.

We routinely conduct Data Protection Impact Assessments to guarantee the implementation of adequate technical and organizational measures. These measures aim to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

To enhance the protection of your personal data, we employ HTTPS and encryption, establish segmented group and individual access (as necessary), utilize an alarm system, implement a corporate VPN, and adhere to formally approved internal policies, including those for password management and physical access.

Furthermore, we consistently monitor the state of the art of our technologies and diligently maintain the backups. Additionally, all our contractors are bound by contractual obligations that comply with GDPR requirements. 

You can contact us in case of any questions regarding the security issues.

Here you can find information about the steps we mentioned above:

Physical measures
Limited access to premisesWe use logically separate databases to prevent unauthorized persons from accidentally reading data to separate data.
Access to the data is also restricted because employees use services (applications) that control access.
Policies and instructions
Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length
Monitoring and physical access policy
Contractual obligations and corporate VPN
Internal security policy
Access control policy
Transfer protection
Data protection agreements
Data transfer agreements
Standard contractual clauses
Agreements
Non-disclosure agreements
Data protection agreements
Contractor and staff trainingPrivacy protection:
Implementation of privacy by design and privacy by default
Internal procedures for GDPR compliance
Data protection impact assessments
Regular access and policy review
Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail.
Critical services are operated redundantly in multiple data centers and controlled by a high-availability system.
Two-factor authentication
Static AnalysisQuality Assurance
Regular Patch ManagementDependency and Supply Chain
Vulnerability Check
Stress-testsInternal pan-testing

Data Subjects Rights

As a data subject, you have the right to access, manage, and control your data either directly or by submitting a request to us. This section outlines these rights and explains how you can exercise them based on your place of residence.

European Economic Area Residents

RightDescription
Right to accessYou can request an explanation of the processing of your personal data.
Right to rectificationYou can change the data if it is inaccurate or incomplete.
Right to erasureYou can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restriction the processingYou may partially or completely prohibit us from processing your personal data.
Right to data portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to objectYou may object to the processing of your personal data.
Right to withdraw consentYou can withdraw your consent at any time.
Right to file a complaintIf your request was not satisfied, you can file a complaint to the regulatory body.
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

United States Residents

Your rights may vary depending on the state of your residence, as indicated below:

RightDescriptionArea
Right to accessYou can request an explanation of the processing of your personal data.California
Virginia
Ohio
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Utah
Right to rectificationYou can change the information if it is inaccurate or incomplete.California
Virginia
Colorado
Nevada
Delaware
Massachusetts
Minnesota
New York
North Carolina
Right to deletionYou can send us a request to delete your personal data from our systems.California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Utah
Right to restrictionYou may partially or completely prohibit us from processing your personal data.California
Massachusetts
New York
Right to portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Utah
Right to Opt-OutThe right to prohibit the sharing or selling of your data.California
Virginia
Ohio
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Colorado
Utah
Right Against Automated Decision MakingYou have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way.California
Virginia
Colorado
Massachusetts
Minnesota
North Carolina
New York
Right to lodge a complaintIf your request is not satisfied, you can file a complaint to the regulatory body.by default
To exercise your rights, contact us.
We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission.
Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.

Do Not Sell My Personal Information

California residents, under the California Consumer Privacy Act (“CCPA”), possess the right to opt out of the “sale” of their personal information by entities governed by CCPA.

Fluix does not sell your personal information to anyone, nor use your data as a business model.

We adhere to the CCPA by allowing California residents to opt out of any potential future sale of their personal information. If you wish to register your preference that we do not sell your data in the future, please contact us.

Do-Not-Track Requests

California residents visiting our Service have the option to request that we do not automatically collect and track information related to their online browsing activities across the Internet.

These requests can usually be made via web browser settings that manage signals or other mechanisms enabling consumers to express their preferences concerning the collection of personal data about their online activities over time and across third-party websites or online services.

We currently do not have the ability to honor these requests. However, we may update this Privacy Notice as our capabilities evolve.

Privacy Notice Updates

The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Please note that laws and requirements for processing personal data can evolve. In the event of changes, we will release an updated version of the Privacy Notice to reflect these changes.

If we make substantial changes to the Privacy Notice or the Service that affect your data privacy rights, we will notify you by email or display information in the Service and ask you to read it. You will be notified in advance, and if you continue to use the Service after these changes take effect, it will be considered that you have consented to and accepted the revised Privacy Notice.