Privacy Policy
Effective Date: April 13, 2025
Fluxyr ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you use our platform for building and managing AI agents (“Synthetic Workers”).
1. Information We Collect
a. Account and Contact Data
- Name, email, company name, job title, authentication credentials.
b. Usage Data
- Access logs, device information, browser type, IP address, and interactions with the platform.
c. Integration Data
- Metadata and tokens from third-party tools (e.g., CRMs, spreadsheets, messaging APIs).
2. Legal Bases for Processing
We process personal data under the following legal bases:
- GDPR (EU) – Consent, contract performance, legal obligation, and legitimate interest.
- LGPD (Brazil) – Consent, contractual necessity, legal obligation, and legitimate interest.
- HIPAA (US) – If handling Protected Health Information (PHI), we comply with HIPAA as a Business Associate when applicable.
3. How We Use Your Data
- To provide and maintain the platform and its features.
- To personalize user experience.
- To process payments and manage accounts.
- To detect and prevent security issues and abuse.
- To comply with legal obligations.
4. Sharing and Disclosure
We do not sell personal data. We may share it with:
- Service providers under strict data processing agreements (e.g., AWS, analytics tools).
- Legal authorities when required by law.
- Other platforms only with your explicit consent (e.g., integrations).
5. Subprocessors
We use subprocessors to help provide services. Each is bound by confidentiality and security obligations. A full list is available on request.
6. International Data Transfers
We comply with international frameworks including:
- Standard Contractual Clauses (SCCs) for EU/EEA transfers.
- LGPD cross-border mechanisms.
- HIPAA safeguards for PHI in the US.
7. Data Retention
We retain personal data only as long as necessary:
- While your account is active.
- As needed to comply with legal, regulatory, or contractual obligations.
8. Your Rights
Depending on your location, you may have the right to:
- Access and review your data.
- Correct inaccurate or outdated data.
- Request deletion (right to be forgotten).
- Object to or restrict processing.
- Data portability.
- Withdraw consent at any time.
To exercise any rights, email: privacy@fluxyr.com
9. Security Measures
We implement best-practice safeguards:
- TLS encryption
- Encrypted storage
- Access controls and audit logs
- Breach detection and incident response policies
If we become aware of a data breach, we will notify affected parties promptly.
10. Third-Party Services
Fluxyr may include links or integrations with external services. These are governed by their own privacy policies, not this one.
11. Children’s Privacy
Fluxyr is not intended for use by individuals under the age of 18.
12. Data Processing Addendum (DPA)
a. Roles
- Customer is the Data Controller.
- Fluxyr is the Data Processor.
b. Scope
Fluxyr processes data solely to provide services, under documented instructions from the Customer.
c. Security & Confidentiality
We follow ISO 27001-aligned standards and ensure all personnel are trained and bound by confidentiality.
d. Data Subject Requests
Fluxyr assists in fulfilling requests under GDPR, LGPD, and HIPAA.
e. Breach Notification
We will notify the Customer of any breach involving personal data without undue delay.
f. Return or Deletion
Upon termination of services, Fluxyr will return or delete Customer data unless legally required to retain it.
g. Audit Rights
Customers may request documentation or audits with reasonable notice and scope.
13. Updates to This Policy
We may update this Privacy Policy to reflect legal or operational changes. We will notify users of material changes and update the effective date.
14. Contact Us
For privacy-related questions, reach out to:
Data Protection Officer (DPO)
Email: privacy@fluxyr.com
For HIPAA matters: hipaa@fluxyr.com
For legal requests: legal@fluxyr.com