Legal
Privacy Policy
Last updated: March 24, 2026 · Effective immediately upon use
Your privacy matters. We only collect what we need to run FluxCybers, we never sell your data, and we protect everything with AES-256-GCM encryption.
1. What Data We Collect
| Category |
Data Points |
| Account Information |
Name, email address, password (hashed), account creation date, role |
| Server Connections |
Hostnames, IP addresses, SSH credentials and API tokens (encrypted at rest with AES-256-GCM — never stored in plaintext) |
| Usage Analytics |
Pages visited, features used, session duration, browser type, approximate geolocation (country/region) |
| Chat & Command History |
AI chat messages, commands executed, execution results and logs, approval/rejection decisions |
| Payment Information |
Billing details (processed by Stripe — we do not store full card numbers), subscription status, transaction history |
| Technical Data |
IP addresses, log files, error reports, performance metrics |
2. How We Use Your Data
We use your data exclusively for the following purposes:
- Service delivery: Connecting to your servers, executing approved commands, storing execution history
- Security monitoring: Detecting unauthorized access, preventing abuse, audit logging
- Platform improvement: Analyzing usage patterns to improve features and performance
- Communication: Sending important service updates, security notifications, and support responses
- Billing: Processing payments and managing subscription status
We do not use your data for advertising, profiling, or selling to third parties.
3. Data Storage & Security
We take data security seriously:
- Encryption at rest: All server credentials and sensitive tokens are encrypted using AES-256-GCM
- Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2+
- Plaintext policy: Server credentials are never stored in plaintext under any circumstances
- Access controls: Strict internal access controls with audit logging on all data access
- Infrastructure: Hosted on ISO-certified cloud infrastructure with regular security reviews
4. Third-Party Sharing
We do not sell your data. Period.
We may share minimal necessary data with the following categories of service providers, strictly for service delivery:
- Hosting providers: Cloud infrastructure for running FluxCybers servers
- Payment processors: Stripe for processing subscription payments
- Email delivery: Transactional email (account notifications, password resets)
- Error monitoring: Crash reporting to improve platform stability
All third-party providers are contractually bound to protect your data and may not use it for their own purposes.
We may disclose data if required by law, court order, or to protect against fraud or imminent harm.
5. Data Retention
- Account data is retained for as long as your account is active
- Execution logs are retained for up to 90 days, then automatically purged
- Upon account closure: all personal data is deleted within 30 days upon written request to fluxcybers@polsia.app
- Certain anonymized analytics data may be retained indefinitely for aggregate reporting
- Legal obligations may require us to retain some records longer (e.g., billing records for tax purposes)
6. Cookies
- Session cookies: Required for authentication — automatically deleted when you close your browser
- Preference cookies: Remember your settings (e.g., language, theme preferences)
- Analytics cookies (optional): Help us understand how users interact with FluxCybers; can be declined without affecting core functionality
We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.
7. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Request your data in a machine-readable format
- Objection: Object to certain types of processing
To exercise any of these rights, contact us at fluxcybers@polsia.app. We will respond within 30 days.
8. Security Measures
Our technical and organizational security measures include:
- AES-256-GCM encryption for all server credentials and sensitive tokens
- Two-factor authentication (2FA) available for all accounts
- Brute-force protection with rate limiting on all authentication endpoints
- Immutable audit logs for all user actions and data access events
- Regular security assessments and penetration testing
- Principle of least privilege for all internal systems access
9. Breach Notification
In the event of a confirmed data breach affecting your personal data, we will notify affected users within 72 hours of discovery via email to the address on file. The notification will include the nature of the breach, data affected, and steps we have taken to address it.
10. GDPR & CCPA Compliance
FluxCybers respects applicable data protection regulations, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
- GDPR (EU users): You may request data export or deletion by contacting us. We process data based on legitimate interest, contract performance, or consent as appropriate.
- CCPA (California residents): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information (we do not sell personal information).
For data protection inquiries, contact: fluxcybers@polsia.app
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent changes. Material changes will be communicated via email. Continued use of FluxCybers after changes constitutes acceptance.
12. Contact
For any privacy-related questions or to exercise your rights, contact us at fluxcybers@polsia.app.