Privacy Policy

1. Introduction

FluxyOS ("we," "our," or "us") operates an online financial operations platform accessible at fluxyos.com and through related services. We respect the privacy of our users ("you") and are committed to protecting the personal information and business data you share with us.

This policy applies to all users of FluxyOS, including account holders, team members, and visitors to our website. By using FluxyOS, you acknowledge that you have read and understood this policy.

This document represents a general first-version policy. It will be updated as FluxyOS adds new features, as applicable laws change, or as our data practices evolve. We encourage you to review it periodically.

2. Information We Collect

We collect information you provide directly, information generated by your use of the platform, and limited technical data from your device and browser.

Account information

When you create an account or sign in, we collect:

• Your name and email address
• Login method (email/password or Google sign-in)
• Authentication identifiers assigned by Firebase Authentication

Business profile information

During onboarding and in your settings, you may provide:

• Company name, entity label, and business type
• Your role within the business
• Country of operation
• Answers to onboarding setup questions (e.g. team size, revenue range, primary goals)
• Preferred WhatsApp number (used only for in-product notifications if you connect WhatsApp)

Financial operation data

The core purpose of FluxyOS is to help you manage financial operations. To do this, we store:

• Transactions: revenue records, expenses, transfers, refunds, and pending receivables or payables
• Bills and payment schedules, including amounts, due dates, vendors, and payment status
• Subscriptions and recurring payments
• Operating budgets and category-level allocation data
• Transaction categories, vendor names, and related metadata
• Bank account names and balances (manually entered or from uploaded statements)
• Accounting mappings and income statement preview data

All monetary amounts are stored as raw integers. FluxyOS does not store bank login credentials, full bank account numbers, card numbers, CVCs, OTPs, or any sensitive financial credentials.

Uploaded documents

You may choose to upload files to FluxyOS, including:

• Receipts, invoices, and payment proofs
• Bank statements in PDF, CSV, XLS, or XLSX format
• Revenue proof documents and other finance-related files

Uploaded files are stored in Firebase Storage under your user-scoped storage path. We store file name, type, size, upload status, and a reference to the document in your Firestore records.

Usage and technical data

We automatically collect certain technical information when you use FluxyOS:

• Device and browser type, operating system, and language settings
• IP address and approximate geographic location
• Pages visited, features used, and actions taken within the product
• Timestamps, session duration, and navigation paths
• Error logs and performance data
• Analytics events (via Google Analytics)

Communication data

If you contact us for support or provide feedback, we collect:

• The content of your support messages
• Product feedback you submit
• WhatsApp connection settings and business display name, if you choose to connect WhatsApp in the future

Payment and subscription data

When you subscribe to a paid plan, we collect and store:

• Your selected billing plan, billing frequency, and subscription status
• Trial start and end dates
• Payment method type and payment status
• Invoice and payment request metadata
• Proof of payment files you choose to upload for manual verification

FluxyOS does not store full card numbers, CVCs, bank account login credentials, or other sensitive payment credentials.

3. How We Use Information

We use the information we collect to provide and improve FluxyOS. Specifically:

• To provide, operate, and maintain the FluxyOS platform and all its features
• To authenticate users and protect account security
• To display your financial dashboards, ledger records, reports, bills, subscriptions, budgets, and cash flow data
• To process uploaded documents and help extract or organize financial information within your account
• To provide AI-assisted finance explanations, document classification, field extraction, record summaries, and suggested next steps — based only on your own FluxyOS data
• To generate and export financial reports and income statement previews
• To manage billing, subscription status, and trial access
• To improve product reliability, performance, and security
• To provide customer support and communicate product updates, service notices, and policy changes
• To comply with legal, tax, regulatory, security, and audit obligations
• To detect fraud, prevent abuse, and enforce our Terms of Service

We do not use your financial data for advertising targeting, profiling for third-party sale, or any purpose unrelated to providing the FluxyOS service.

4. AI and Financial Data

FluxyOS may use AI features to help you work with your financial data. These features may include:

• Answering finance questions based on your ledger and reports
• Classifying uploaded documents (receipts, invoices, bank statements)
• Extracting field values from scanned documents
• Summarizing transaction records and financial periods
• Suggesting next steps for data cleanup or financial operations

AI is not professional advice. Outputs from FluxyOS AI features should not be treated as accounting, tax, legal, investment, or financial advice. You remain responsible for verifying AI-generated outputs and consulting qualified professionals where required.

Your data is not used to train public AI models. FluxyOS does not intentionally use your customer financial data to train public or third-party AI models unless we explicitly state this and obtain your permission.

AI write actions require your confirmation. Any AI-suggested action that would create or modify data in your account requires your explicit confirmation before it is saved. AI suggestions alone do not write to your records.

AI features process your data through service providers as described in Section 5. We apply reasonable access controls to limit which data is sent to AI providers and for what purpose.

5. How We Share Information

FluxyOS does not sell your personal information. We share data only as described below.

Service providers

We use third-party service providers to operate FluxyOS. These providers may process your data on our behalf and are subject to appropriate data protection agreements. Categories include:

• Hosting and content delivery (Netlify)
• Database, authentication, and storage (Google Firebase / Firestore / Firebase Storage)
• Analytics (Google Analytics)
• AI and language model service providers (used to process your in-product AI requests)
• Email and notification providers (for service communication)
• Payment processing and billing infrastructure providers

Legal obligations

We may disclose your information when required by applicable law, regulation, court order, or a valid request from a government authority or law enforcement agency.

Professional advisors

We may share information with legal counsel, auditors, accountants, or other professional advisors when necessary to protect our rights or comply with obligations.

Business transfers

If FluxyOS is involved in a merger, acquisition, financing, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any material change in how your information is used.

What we do not do

• We do not sell your personal information to third parties
• We do not share your financial records with other FluxyOS users
• Each user's financial data is scoped to their own account only. Access to shared workspaces, if introduced in a future team feature, will require your explicit consent and configuration

6. Data Storage and Security

FluxyOS takes reasonable measures to protect the information you entrust to us. Our approach includes:

• User-scoped database access controls — your financial data is stored under your unique user ID in Firestore and is not accessible to other users
• Firebase Security Rules that enforce ownership and prevent unauthorized reads or writes
• HTTPS encryption for all data in transit
• Technical safeguards provided by Google Firebase, Netlify, and other infrastructure providers
• Administrative controls limiting internal access to production data
• Organizational policies requiring that sensitive credentials are never stored in frontend code or Firestore documents

No system is completely secure. While we take appropriate steps to protect your data, we cannot guarantee that unauthorized parties will never access your information. We encourage you to use a strong, unique password and to protect your login credentials.

If you become aware of a security incident or suspected unauthorized access to your account, please contact us immediately at privacy@fluxyos.com.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the FluxyOS service. Specifically:

• Account and financial data is retained while your account exists and for a reasonable period following account closure
• Certain records — such as audit logs, billing history, and payment verification records — may be retained for longer periods to meet legal, accounting, fraud prevention, dispute resolution, or security requirements
• Uploaded files are retained in Firebase Storage for the duration of your account. After account closure, files may be deleted in accordance with our data deletion practices
• Analytics and usage data collected by Google Analytics is subject to Google's own retention policies

You may request deletion of your account and personal data by contacting us at privacy@fluxyos.com. We will honor deletion requests where applicable, subject to legal or operational requirements that may require us to retain certain records.

8. Your Rights

Depending on where you are located, you may have rights regarding your personal information. FluxyOS respects these rights where applicable.

Rights that may apply to you

• Access: Request a copy of the personal information we hold about you
• Correction: Ask us to correct inaccurate or incomplete information
• Deletion: Request that we delete your personal data, where applicable
• Restriction: Ask us to restrict how we process your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Portability: Request your data in a structured, machine-readable format, where technically feasible
• Withdraw consent: Where processing is based on consent, withdraw it at any time
• Complaint: Lodge a complaint with a relevant data protection authority in your jurisdiction

Regional rights

Indonesia: FluxyOS operates in accordance with the principles of Indonesia's personal data protection framework, including the right to access, correct, and request deletion of your personal data where applicable under Indonesian law.

European Economic Area (GDPR): If you are located in the EEA, you may have additional rights under the General Data Protection Regulation, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): If you are a California resident, you may have the right to know what personal information we collect, to request deletion, to opt out of the sale of personal information (which we do not engage in), and to non-discrimination for exercising these rights.

We do not make formal guarantees of full compliance with any specific regulation. We use appropriate wording ("depending on your location," "where applicable") because the applicability of specific legal frameworks depends on circumstances that vary by user location and situation.

How to submit a request

To exercise any applicable right or to ask a question about your data, contact us at privacy@fluxyos.com. We will respond within a reasonable time frame and in accordance with applicable law.

9. Cookies and Analytics

FluxyOS and its underlying service providers may use cookies, local storage, session storage, and similar browser technologies to support product functionality.

These technologies are used for purposes including:

• Maintaining your authenticated login session (Firebase Authentication)
• Security and CSRF protection
• Storing your preferences and interface settings
• Measuring product usage through Google Analytics
• Improving product performance and identifying issues

Google Analytics collects anonymized usage data including page views, session counts, geographic location (country/city level), and device type. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

You can control or clear cookies through your browser settings. Please note that disabling certain cookies or storage types may affect your ability to sign in or use core features of FluxyOS.

10. International Data Transfers

FluxyOS uses service providers — including Google Firebase, Netlify, and AI infrastructure providers — that may process or store data in countries outside your own. This includes transfers from Indonesia to the United States and potentially other regions.

Where required by applicable law, we rely on appropriate legal mechanisms for international data transfers, such as standard contractual clauses or other safeguards recognized by the relevant data protection authorities.

By using FluxyOS, you acknowledge that your information may be processed in countries with different data protection standards than your own.

11. Children's Privacy

FluxyOS is a business operations platform intended for adults and business users. It is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction).

We do not knowingly collect personal information from children. If you believe that a child has provided us with their information, please contact us at privacy@fluxyos.com and we will take steps to delete that information.

12. Third-Party Links and Services

FluxyOS may contain links to third-party websites, tools, or integration partners. These services have their own privacy policies and data practices that are independent of ours.

We encourage you to review the privacy policies of any third-party service before providing your information. FluxyOS is not responsible for the privacy practices of third-party services, even if we link to them or describe them within the product.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our product, operations, legal obligations, or industry practices.

When we update the policy, the revised version will be published at fluxyos.com/privacy with a new effective date at the top. For significant changes that materially affect how we handle your data, we will make reasonable efforts to notify you through the website, by email, or through an in-product notice.

Continued use of FluxyOS after an update to this policy constitutes your acknowledgment of the changes.

14. Contact

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:

This Privacy Policy was last updated on June 9, 2026.