Privacy Notice for Fluix Service
Effective date: 10 July 2025 (view archived versions).
Key Changes
At Fluix, we care about our users, and, as Fluix evolves, we amend our Privacy Notice accordingly.
In a nutshell, we:
- clarified processing of logs; and
- revised the list of processed data to improve clarity.
We encourage you to carefully review the full text of the Privacy Notice for Fluix Service. The changes become effective as of the publication date above.
Intro
Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our Web application Fluix, the iOS applications Fluix Docs and Fluix Tasks, and the Android application Fluix Tasks (“Service”) under the Terms of Service.
This Privacy Notice describes which of your personal data the Service collects, how stores, processes, and uses it, and what happens when you use the Service.
We collect your personal data according to this Privacy Notice when you use the Service. When you use our website, available following the link fluix.io (“Website”), your personal data is processed in accordance with the Privacy Notice for Fluix Website.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards by certifying our product with ISO 27001, attesting to SOC 2 Report, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other applicable privacy laws.
Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.
Table of Contents
- About Us
- About You
- Personal Data
- Personal Data at Fluix
- Data Sharing with Third Parties
- Data Transfer Outside the European Economic Area
- Security Measures
- Data Subjects Rights
- Privacy Notice Updates
About Us
Name | Fluix Limited |
Registration number | 630284 |
Address | Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland |
support@fluix.io – for general inquiries dpo-fluix@fluix.io – for privacy inquiries | |
Data Protection Officer (DPO) | Privacity GmbH Neuer Wall 50, 20354 Hamburg, Germany |
About You
When you register in our Service, or your teammate registers you, you become our user. Our users can have different types of access and rights in the company’s account.
User | any user who registers by himself/herself or is registered by a teammate in the Service. |
Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us. |
Personal Data
Sources of Data
We receive data about you and your team when you register in our Service (via the Service or with our help) and interact with it, depending on your actions in the Service.We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
Legal Basis for Processing
To process your personal data, we rely on the following legal bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (for example, the Terms of Service) with you;
- legal obligation — for the processing of data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
- legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
- consent — for additional processing for specific purposes.
Personal Data at Fluix
Technical Data
When you use our Service, we may collect some data in logs or automatically.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
Device info (device type, local time, other characteristics). | Improvement of our Service. | Legitimate interest. | Stored for 2 years after the account deletion or expiration of the trial, or until the objection whichever happens earlier. |
Data that a certain User enters into a document. | Improvement of our Service. | Legitimate interest. | Stored for 30 days after the deletion of the account or expiration of the trial. |
IP-address | Applying relevant country settings. | Performance of contract. | Stored for up to 1 year after the account deletion or expiration of the trial, or until the objection whichever happens earlier. |
Ensuring security. | Legitimate interest. | ||
Interactions with the Service (e.g., activation and use of the features) | Improvement of our Service. | Legitimate interest. | Stored for 2 years after the account deletion or expiration of the trial, or until the objection whichever happens earlier. |
Registration Data
When you register in the Service, you leave certain data about you, your teammates, and your company. We may also use the data you leave in the “Book a demo” or “Get Started” or “Create your Fluix account” form to register you as a User of the Service.
We also create a company ID once a new company is registered in Service and assign new Users to these IDs.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
First and last name. | To identify Users. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
User ID | To identify Users. | Performance of the contract. | Stored until the deletion of the account or expiration of the trial and 2 years after. |
To analyze and improve the Service. | Legitimate interest. | ||
Company name. | To identify the registered companies and connect Users in teams. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
To analyze and improve the Service. | Legitimate interest. | ||
Company ID. | To identify the registered companies and connect Users in teams. | Performance of the contract. | Stored until the deletion of the account or expiration of the trial and 2 years after. |
To create more relevant messaging and analyze and improve the Service. | Legitimate interest. | ||
Email. | To identify Users and contact concerning the use of the Service. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. Hashed emails in logs are stored for thirty (30) days from the log date. |
To ask for the feedback or suggest participation in the users’ surveys or company’s events. | Legitimate interest. | ||
To send marketing mailing. | Consent. | ||
Phone number. | To identify Users and contact concerning the use of the Service. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
Country. | To apply the relevant settings and type of payment process. | Performance of the contract. | |
Time and date for the activation call. | To help you to set up the Service. | Performance of the contract. | |
Password. | To protect your account. | Performance of the contract. | Stored until the deletion of the account or expiration of the trial. |
Job title. | To create more relevant messaging, analyze and improve the Service. | Legitimate interest. | Stored for 30 days after the deletion of the account or expiration of the trial, unless objected earlier. |
Email Interaction Data
When, after filling out the registration form, you receive a registration email from us, we may collect the data about you and your interaction with the email.
To obtain that data, we use a third-party service provider.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
When you open a registration email. | |||
Region of the User. | To track the possible problems of the User and improve the Service. | Legitimate interest. | Stored for 45 days after the collection. |
Operating system information. | |||
Browser information. | |||
Device and platform used to read the email. | |||
When you click on the link in the registration email. | |||
IP. | To track the possible problems of the User and improve the Service. | Legitimate interest. | Stored for 45 days after the collection. |
User-Agent. | |||
Link ID. | |||
Timestamp. |
Settings Data
Admin of the account can adjust the settings of the account, which are connected to each of the Users of that account.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
Company email domain. | To let you log in using Single Sign-On (“SSO”). | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
SSO URL. | To redirect the User to the SSO flow. | ||
USER ID ATTRIBUTE. | To verify the email of the User logging in with SSO. |
Functionality Data
When you use our Service, you can provide us with data about you or other Users, which we use to provide you with the Service, improve the Service and ensure the security of the information systems.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
Time of the last login in the Service. | To show the other Users the periods of your last activity. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
Group membership. | To let you manage permission and access. | Performance of the contract. | |
Role in the account. | To let you manage permission and access. | Performance of the contract. | |
To create more relevant messaging and improve the Service. | Legitimate interest. | ||
Information on the processes and tasks assigned. | To provide you with the Service functionality. | Performance of the contract. | |
To create more relevant messaging and analyze and improve the Service. | Legitimate interest. | ||
Files uploaded. | To provide you with the Service functionality. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. If files constitute a security threat, they are processed up to ninety (90) days, unless longer is required by law. |
To ensure the security of the information systems. | Legitimate interest. | ||
Device info. | To let your admins see your device info for security reasons. | Performance of the contract. | Stored for 30 days after the deletion of the account or expiration of the trial. |
Logs | To provide you with the Service functionality. | Performance of the contract. | Stored for 30 days from the date of the log. |
To ensure the security of the information systems. | Legitimate interest. |
Billing Info
We obtain this information when you pay for the use of the Service or when we invoice you.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
Payment method. | To process the payment. | Performance of the contract. | Stored for 30 days after the deletion of the account. |
Payment term. | To process the payment. | ||
Choice of the plan. | To provide you with the requested functionality. | ||
Company name. | To identify the company you pay for. | ||
First and last name of the paying User. | To identify the payer. | ||
Email of the paying User. | To process the payment. | ||
Phone of the paying User. | To contact in case of any questions about the payment. | ||
Country of the company. | To comply with applicable legislation. | Legal obligation. | Stored for 6 years after the deletion of the account. |
Postal code of the company. | |||
City of the company. | |||
Address of the company. | |||
VAT number. | |||
Name on the card. | To process the payment. | Performance of the contract. | Stored for 30 days after the deletion of the account. |
Card number. | |||
Expiry date. | |||
Secure code. | |||
Invoices. | To provide you with the info about the payment to make. | Legal obligation. | Stored for 6 years after the deletion of the account. |
Invoices. | To store the invoices in the Service. | Legal obligation. |
Support Request Data
When you address your request to the support in the Service, we collect some information to help you.
Type of data | Reasons for processing | Legal basis | Data storage |
---|---|---|---|
Email. | To respond to your request. | Performance of a contract. | Stored for 3 years after the end of the communication on the issue. |
Phone. | |||
Text of the request. | To fulfill your support request. | ||
Attached files. | |||
Logs. | |||
Feedback. | To improve our services. | Legitimate interest. |
Data Received from Third Parties
We may receive some personal data from third parties. Mainly, the received data is the same as indicated in this Privacy Notice, provided not by the User, but by the representative of the purchaser of the Service.
The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties. To get a detailed list of social networks, contact us.
Data Sharing with Third Parties
We may share your personal data with the service providers and contractors to the extent necessary to provide services, technical and customer support, and ensure security of our Service.
To share your data, we rely on the following lawful bases, such as consent, compliance with the law, and performance of a contract, depending on the specific circumstances.
Third Party | Description |
---|---|
Analytics tools | We use analytics tools to understand and promote our business. |
Contractors | We cooperate with contractors to operate, develop, and improve the features and functionality of the App, fulfill your support requests, etc. We sign data processing agreements with them and impose various security measures to ensure your data is safe. |
Services Fluix uses | We use third-party services to provide you with the functionality of the Service. |
Services our team uses | We use CRM systems, messengers, and other services in our organization to provide you with our services. |
State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies: – to comply with a government request, court order, or applicable law; – to prevent unlawful use of the App; – to protect against claims of third parties; – to help prevent or investigate fraud. |
To get a detailed list of the third-party recipients of your personal data, contact us. |
Data Transfer Outside the European Economic Area
The personal data we collect is stored on servers in the USA, which participate in the Data Privacy Framework, and European Economic Area (“EEA”) servers, which fall under the General Data Protection Regulation.
We may share personal data with the recipients in the USA and other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation. For example, we share some data with our contractors in Ukraine.
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more about measures implemented to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.
Security Measures
We are regularly certified by ISO 27001 Standard and hold the SOC 2 Type 1 report.
We routinely conduct Data Protection Impact Assessments to guarantee the implementation of adequate technical and organizational measures. These measures aim to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
To enhance the protection of your personal data, we employ HTTPS and encryption, establish segmented group and individual access (as necessary), utilize an alarm system, implement a corporate VPN, and adhere to formally approved internal policies, including those for password management and physical access.
Furthermore, we consistently monitor the state of the art of our technologies and diligently maintain the backups. Additionally, all our contractors are bound by contractual obligations that comply with GDPR requirements.
You can contact us in case of any questions regarding the security issues.
Here you can find information about the steps we mentioned above:
Physical measures | |
---|---|
Limited access to premises | We use logically separate databases to prevent unauthorized persons from accidentally reading data to separate data. |
Access to the data is also restricted because employees use services (applications) that control access. |
Policies and instructions Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length Monitoring and physical access policy Contractual obligations and corporate VPN Internal security policy Access control policy | Transfer protection Data protection agreements Data transfer agreements Standard contractual clauses |
Agreements Non-disclosure agreements Data protection agreements | |
Contractor and staff training | Privacy protection: Implementation of privacy by design and privacy by default Internal procedures for GDPR compliance Data protection impact assessments |
Regular access and policy review Code review |
Technical measures | |
---|---|
Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys | Backup We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system. |
Two-factor authentication | |
Static Analysis | Quality Assurance |
Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
Stress-tests | Internal pan-testing |
Data Subjects Rights
As a data subject, you have the right to access, manage, and control your data either directly or by submitting a request to us. This section outlines these rights and explains how you can exercise them based on your place of residence.
European Economic Area Residents
Right | Description |
---|---|
Right to access | You can request an explanation of the processing of your personal data. |
Right to rectification | You can change the data if it is inaccurate or incomplete. |
Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
Right to restriction the processing | You may partially or completely prohibit us from processing your personal data. |
Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
Right to object | You may object to the processing of your personal data. |
Right to withdraw consent | You can withdraw your consent at any time. |
Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. |
United States Residents
Your rights may vary depending on the state of your residence, as indicated below:
Right | Description | Area | |
---|---|---|---|
Right to access | You can request an explanation of the processing of your personal data. | California Virginia Ohio Colorado Nevada Massachusetts | Minnesota New York North Carolina Pennsylvania Delaware Utah |
Right to rectification | You can change the information if it is inaccurate or incomplete. | California Virginia Colorado Nevada Delaware | Massachusetts Minnesota New York North Carolina |
Right to deletion | You can send us a request to delete your personal data from our systems. | California Virginia Ohio Colorado Massachusetts | Minnesota New York North Carolina Pennsylvania Utah |
Right to restriction | You may partially or completely prohibit us from processing your personal data. | California Massachusetts | New York |
Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. | California Virginia Ohio Colorado Massachusetts | Minnesota New York North Carolina Utah |
Right to Opt-Out | The right to prohibit the sharing or selling of your data. | California Virginia Ohio Nevada Massachusetts Minnesota | New York North Carolina Pennsylvania Delaware Colorado Utah |
Right Against Automated Decision Making | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. | California Virginia Colorado Massachusetts | Minnesota North Carolina New York |
Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. | by default | |
To exercise your rights, contact us. | |||
We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission. | |||
Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. |
Do Not Sell My Personal Information
California residents, under the California Consumer Privacy Act (“CCPA”), possess the right to opt out of the “sale” of their personal information by entities governed by CCPA.
Fluix does not sell your personal information to anyone, nor use your data as a business model.
We adhere to the CCPA by allowing California residents to opt out of any potential future sale of their personal information. If you wish to register your preference that we do not sell your data in the future, please contact us.
Do-Not-Track Requests
California residents visiting our Service have the option to request that we do not automatically collect and track information related to their online browsing activities across the Internet.
These requests can usually be made via web browser settings that manage signals or other mechanisms enabling consumers to express their preferences concerning the collection of personal data about their online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. However, we may update this Privacy Notice as our capabilities evolve.
Privacy Notice Updates
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Please note that laws and requirements for processing personal data can evolve. In the event of changes, we will release an updated version of the Privacy Notice to reflect these changes.
If we make substantial changes to the Privacy Notice or the Service that affect your data privacy rights, we will notify you by email or display information in the Service and ask you to read it. You will be notified in advance, and if you continue to use the Service after these changes take effect, it will be considered that you have consented to and accepted the revised Privacy Notice.