Skip to main content

Privacy Policy

Last Updated: May 20, 2026

This policy includes disclosures required under the EU/UK GDPR, California CCPA/CPRA, and other U.S. state privacy laws. It is provided for transparency and does not constitute legal advice.

1. Introduction and Scope

This Privacy Policy ("Policy") describes how TnV Creations ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use the FluxLocal website, applications, APIs, and related services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Policy.

This Policy applies to visitors, registered users, subscribers, Lifetime Deal (LTD) purchasers, affiliates, and anyone who interacts with us online or by email. It does not apply to third-party websites, social networks, or services that we do not control, even if linked from the Service.

2. Data Controller and Contact

For purposes of the EU/UK General Data Protection Regulation (GDPR), TnV Creations is the data controller responsible for your personal data processed through FluxLocal.

Business address: Grand Rapids, Michigan, USA.
Privacy inquiries: app@fluxlocal.com
General support: app@fluxlocal.com

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland and have questions about our use of your data or wish to exercise your rights, you may contact us at the email above. We will respond within the timeframes required by applicable law.

3. Information We Collect

Account and identity data: Name, email address, password (stored in hashed form), profile information, organization or newsletter name, timezone, and account preferences.

Billing and transaction data: Subscription plan, purchase history, Lifetime Deal status, billing address (where provided), and payment-related metadata. Payment card numbers and bank details are collected and processed directly by Stripe; we do not store full payment credentials on our servers.

Service usage data: Event sources you configure, aggregation rules, generated newsletters, drafts, templates, scheduling settings, API usage, feature interactions, error logs, and performance diagnostics.

Content and user-generated data: Text, images, links, audio URLs, branding assets, and other materials you upload or generate using the Service, including AI-assisted outputs you choose to save or publish.

Communications data: Support tickets, emails, chat messages, survey responses, and feedback you send to us.

Marketing and attribution data: Referral source, UTM parameters, ad campaign identifiers, affiliate codes, and similar data used to measure marketing effectiveness.

Technical and device data: IP address, browser type, operating system, device identifiers, session IDs, cookies, log files, and security-related signals (e.g., failed login attempts).

Public and third-party source data: When you use aggregation features, we process publicly available or authorized information from third-party platforms (e.g., websites, social media pages, event listings) according to your configuration. You are responsible for ensuring you have a lawful basis to collect and use such data.

4. How We Collect Information

  • Directly from you when you register, subscribe, configure sources, publish content, or contact support.
  • Automatically through cookies, analytics, logs, and similar technologies when you use the Service.
  • From payment processors (e.g., Stripe) regarding transaction status and billing events.
  • From integrated third-party services you connect or authorize.
  • From publicly available sources when you request automated aggregation.

Where GDPR or UK GDPR applies, we process personal data only when we have a valid legal basis, including:

  • Contract: Processing necessary to provide the Service, manage your account, process payments, and deliver features you request.
  • Legitimate interests: Securing the Service, preventing fraud, improving products, conducting analytics, and communicating about your account—balanced against your rights.
  • Consent: Marketing emails, non-essential cookies, and certain optional features where required by law. You may withdraw consent at any time.
  • Legal obligation: Compliance with tax, accounting, anti-fraud, and regulatory requirements.
  • Vital interests or public interest: Rarely, where required to protect individuals or comply with law enforcement requests lawfully made.

6. How We Use Your Information

  • Provide, operate, maintain, and improve the Service.
  • Create and manage your account; authenticate users.
  • Process subscriptions, Lifetime Deals, refunds, and billing.
  • Generate, store, and deliver newsletters and related content you request.
  • Send transactional messages (receipts, security alerts, product updates).
  • Send marketing communications where permitted (you may opt out).
  • Monitor usage, troubleshoot errors, and develop new features.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Enforce our Terms of Service and protect our legal rights.
  • Comply with applicable laws and respond to lawful requests.

7. AI and Automated Processing

The Service may use artificial intelligence (including third-party models such as OpenAI) to summarize, rewrite, or generate content suggestions. Outputs may be inaccurate or incomplete. You are responsible for reviewing all AI-generated content before publication. We do not use automated decision-making that produces legal or similarly significant effects solely by automated means without human involvement.

8. How We Share Information

We do not sell your personal information for money. We may share information as follows:

  • Service providers / processors: Vendors who host infrastructure, process payments, send email, provide AI, analytics, or customer support—bound by contractual confidentiality and data protection obligations.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
  • Legal and safety: When required by law, subpoena, or to protect rights, safety, and security of users and the public.
  • With your direction: When you publish newsletters, export data, or integrate third-party tools you authorize.

9. Third-Party Service Providers

We rely on reputable subprocessors that may process personal data on our behalf, including:

  • Supabase (database, authentication, storage)
  • Stripe (payments and billing)
  • Vercel or similar hosting providers
  • OpenAI and related AI providers (content generation, where enabled)
  • Resend or similar email delivery providers
  • Analytics and monitoring providers (as configured)

A current list of material subprocessors may be requested by contacting app@fluxlocal.com. We require processors to implement appropriate technical and organizational security measures.

10. International Data Transfers

TnV Creations is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored in, and processed in the United States and other countries where our providers operate.

Where required, we implement appropriate safeguards for transfers from the EEA/UK, such as Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or reliance on adequacy decisions where applicable.

11. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

  • Active account data: for the duration of your account plus a reasonable period after closure for backup, dispute resolution, and legal compliance.
  • Billing records: as required by tax and accounting laws (often 7 years or as mandated).
  • Marketing suppression lists: until you opt back in or as needed to honor opt-out requests.
  • Security logs: typically 12–24 months unless needed for an investigation.

You may request deletion subject to exceptions (e.g., ongoing disputes, legal holds, or backup cycles).

12. Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS), access controls, hashed credentials, role-based permissions, and vendor security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

If we become aware of a data breach affecting your personal information, we will notify you and regulators as required by applicable law.

13. Cookies and Tracking Technologies

We use cookies, local storage, pixels, and similar technologies to:

  • Keep you signed in and remember preferences.
  • Measure traffic, conversions, and campaign performance.
  • Protect against abuse and bot traffic.
  • Improve product experience through aggregated analytics.

Essential cookies are necessary for the Service to function. Analytics and marketing cookies may be used where permitted; where required by law (including in the EEA/UK), we will request consent before placing non-essential cookies. You can manage cookies through your browser settings and, where available, our cookie preferences tool.

14. Marketing Communications

With your consent or as permitted by law, we may send promotional emails about features, offers, and updates. You may unsubscribe using the link in any marketing email or by contacting us. Transactional and account-related messages may still be sent even if you opt out of marketing.

15. Children's Privacy

The Service is not directed to children under 16 (or under 13 in the United States, consistent with COPPA). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact app@fluxlocal.com and we will delete it promptly.

16. Your Rights Under GDPR and UK GDPR

If you are in the EEA or UK, you have the following rights, subject to limitations in law:

  • Access: Request a copy of personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion in certain circumstances ("right to be forgotten").
  • Restriction: Request limited processing in certain cases.
  • Portability: Receive data you provided in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, without affecting prior lawful processing.
  • Lodge a complaint: With your local supervisory authority (e.g., ICO in the UK, or your EU member state authority).

To exercise these rights, email app@fluxlocal.com. We may need to verify your identity. We will respond within one month, or inform you if an extension is required.

17. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

Categories collected (last 12 months): Identifiers (name, email, IP); commercial information (subscriptions, purchases); internet activity (usage logs, cookies); geolocation (approximate, from IP); professional information (newsletter/business details you provide); inferences (product preferences from usage). We do not knowingly collect sensitive personal information as defined by CPRA except as you voluntarily provide in account content.

Business purposes: Providing the Service, security, analytics, customer support, and marketing (where permitted).

Your California rights:

  • Right to know: What personal information we collect, use, disclose, and sell or share.
  • Right to delete: Request deletion of personal information we collected from you, subject to exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale/share: We do not sell personal information for monetary consideration. We may use cookies and analytics that could be considered "sharing" for cross-context behavioral advertising—California residents may opt out by contacting us or using browser "Do Not Track" / Global Privacy Control (GPC) signals where we honor them.
  • Right to limit use of sensitive personal information: Where applicable, you may limit certain uses beyond what is necessary to provide the Service.
  • Right to non-discrimination: We will not discriminate against you for exercising privacy rights.
  • Authorized agents: You may designate an authorized agent to submit requests with written permission and identity verification.

Submit California requests to app@fluxlocal.com. We will verify your identity and respond within 45 days (extendable by 45 days where permitted).

18. Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, and other states with comprehensive privacy laws may have rights similar to California residents, including access, deletion, correction, opt-out of targeted advertising, and appeal of denied requests. To exercise these rights, contact app@fluxlocal.com. If we deny your request, you may appeal by replying to our decision within the timeframe specified by your state's law.

19. Nevada Privacy Rights

Nevada residents may submit a verified request to opt out of the sale of covered information. We do not currently sell covered information as defined under Nevada law. Questions: app@fluxlocal.com.

20. Do Not Sell or Share My Personal Information

We do not sell personal information for money. Some analytics or advertising partners may receive online identifiers to measure campaigns. California and certain other state residents may opt out of such sharing by emailing app@fluxlocal.com or enabling Global Privacy Control in a supported browser.

21. Data Processed on Behalf of Your Subscribers

If you use FluxLocal to collect email subscribers or send newsletters, you may act as an independent data controller for that subscriber data. You are responsible for providing your own privacy notice, obtaining lawful consent, honoring unsubscribe requests, and complying with CAN-SPAM, GDPR, CASL, and other applicable laws. We process subscriber data you upload only as a processor according to your instructions and our agreement with you.

22. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated "Last Updated" date and, where required, notified by email or in-app notice. Continued use after changes constitutes acceptance of the revised Policy.

23. Contact Us

Questions about this Privacy Policy or our privacy practices:
app@fluxlocal.com
TnV Creations · Grand Rapids, Michigan, USA