1. Who this policy applies to
This policy applies to people who install, access, browse, create an account, sign in, upload content, view content, send messages, join calls or live sessions, use discovery features, interact with creator or monetization features, contact support, or otherwise use Fluxx. It also applies to visitors of fluxx.social and related public policy pages.
- The operator of Fluxx is SC BLUE HORIZON CAPITAL SRL.
- This policy covers data handled directly by Fluxx and data processed by service providers that support Fluxx features.
- Some third-party platforms, app stores, authentication providers, payment processors, or device operating systems may also process information under their own policies.
This is the official Privacy Policy for Fluxx and the Android package com.social.fluxx.
2. Information users provide
Users may provide information directly when they create or update an account, set up a profile, upload or send content, communicate with others, request support, report content, request verification, participate in creator or monetization features, or submit privacy and deletion requests.
- Account and profile information, such as email address, username, display name, profile photo, bio, birthday or age-gate information, country or language preferences, account settings, and verification or support status.
- User-generated content, such as posts, photos, videos, captions, stories, comments, live stream content, profile information, messages, attachments, reactions, reports, blocked-user choices, and support messages.
- Commercial or monetization information, such as purchase status, virtual item or entitlement records, creator or advertiser workflow state, payout or onboarding status, invoices, refunds, chargebacks, fraud-review context, and payment provider references where applicable.
- Privacy, trust, and safety requests, including account deletion, data access, correction, appeal, moderation, abuse, impersonation, child-safety, or security reports.
3. Information collected automatically
Fluxx may collect technical, security, and activity information automatically when the app or website is used. This helps the service authenticate users, deliver content, prevent abuse, maintain reliability, and understand whether features are working correctly.
- Device and app information, such as device identifiers, operating system, device model, app version, locale, time zone, notification state, and network-related signals.
- Authentication and session information, such as login method, token state, account ID, provider identifiers from sign-in services, device binding, and session recovery events.
- Usage and interaction information, such as feature activity, feed and media playback events, live participation, messages sent or received, reports submitted, moderation actions, blocked relationships, and support activity.
- Security and diagnostic information, such as IP address or IP-derived country, request logs, crash or error signals, rate-limit events, fraud-prevention signals, abuse indicators, and operational logs.
4. Store privacy data categories
For Google Play Data safety, App Store privacy, and similar store disclosures, Fluxx may process the following broad categories when the relevant feature is used, enabled, or required for safety, security, payments, or legal compliance.
- Personal identifiers and contact information, such as account ID, username, display name, email address, authentication provider ID, profile photo, language, country, and support contact details.
- User content and communications, such as photos, videos, posts, comments, stories, live streams, captions, messages, attachments, reactions, reports, and support submissions.
- Location and approximate region signals, such as GPS location when granted, IP-derived country or region, distance context, and location-based discovery preferences.
- App activity and product interaction data, such as viewed or created content, follows, likes, comments, messages, live participation, search, discovery actions, reports, blocks, purchases, entitlements, and notification interactions.
- Device, diagnostics, and identifiers, such as app version, operating system, device model, crash or error signals, push tokens, session identifiers, fraud-prevention signals, and request logs.
- Purchase, monetization, and payout data where applicable, such as subscription or entitlement status, virtual item records, campaign checkout references, creator onboarding state, payout provider identifiers, invoices, refunds, disputes, and tax or accounting records.
Not every user will generate every category of data. The data used depends on the account status, permissions granted, country, app version, and features opened by the user.
5. App permissions and sensitive features
Fluxx asks for device permissions only when a feature needs them. Users can grant, deny, or later change these permissions in Android or iOS settings. If a permission is denied, the related feature may not work, but other parts of Fluxx may still be available.
- Camera access may be used to capture photos or videos, create posts or stories, join video calls, start or join live sessions, scan or create visual content, and apply camera effects. Camera frames may be processed locally for preview and effects, and media is uploaded only when the user chooses to publish, send, save, or stream it.
- Microphone access may be used for video recording, audio recording, calls, live sessions, voice-related features, and media capture chosen by the user.
- Location access may be used for nearby discovery, local recommendations, maps, distance or country context, safety checks, and features that depend on approximate or precise location. Precise location is used only when the user grants permission and activates a location-based feature.
- Photo, video, or file access may be used when the user selects media or files to upload, edit, attach, or send. Fluxx does not need to import the entire library for normal use.
- Notification permission may be used to send account, chat, live, safety, creator, transaction, or product notifications according to settings and platform rules.
- Foreground service behavior may be used for active real-time features such as calls, media, live sessions, or notifications that need continuity while the user is using the feature.
- Fluxx does not require access to the device address book or contacts list for normal use.
Fluxx does not use hidden camera or microphone recording. Camera and microphone access are tied to visible user actions such as capture, call, recording, or live-session features.
6. Face Data, TrueDepth API, and Camera Effects
On supported iOS devices, Fluxx may use Apple ARKit face tracking, including TrueDepth API capabilities, only when the user opens optional camera, live, beauty, or augmented-reality effects. The information processed for those effects may include temporary camera frames, face mesh or facial geometry, facial landmarks, blend shape values, face position, face orientation, transform data, and other technical signals needed to place or render the selected effect on the user's face in real time.
- Purpose of use: Fluxx uses this information only to provide the camera preview, skin-smoothing controls, teeth-whitening controls, face-localized visual effects, augmented-reality effects, live-camera effects, and the final photo, video, story, post, message, or live stream that the user chooses to capture, send, publish, save, or stream.
- No identification use: Fluxx does not use TrueDepth or face-related camera data for Face ID, account authentication, identity verification, facial recognition, face matching, biometric identification, advertising profiling, analytics profiling, or to determine who the user is.
- Storage and retention: the underlying TrueDepth, ARKit, face mesh, landmark, blend shape, and face-tracking data is processed locally on the user's device in memory for the active camera session. Fluxx does not upload this underlying face data to Fluxx servers, does not store it in the user's account, and does not retain it after the effect or camera session ends.
- Disclosure and sharing: Fluxx does not sell or share underlying TrueDepth, ARKit, face mesh, landmark, blend shape, or face-tracking data with advertisers, analytics providers, data brokers, or other third parties.
- User-generated final media: if the user chooses to capture, publish, send, save, or stream media, the resulting photo, video, message, story, post, or live stream may include the user's face or the visual effect selected by the user. That final media is handled as user-generated content under this Privacy Policy, the user's visibility settings, and the feature used; the underlying TrueDepth or ARKit face data used to render the effect remains local, transient, and not separately stored or shared.
This section is intended to disclose the collection, use, disclosure, sharing, storage, and retention practices for face-related data processed through TrueDepth API or ARKit camera-effect features.
7. Personal and sensitive user data
Some information handled by Fluxx can be personal or sensitive depending on the user, context, country, and applicable law. Fluxx limits sensitive handling to product, user-directed, safety, security, payment, compliance, and legal purposes.
- Location, camera, microphone, media, payment, payout, age-gate, identity, moderation, report, and child-safety information may be sensitive and is handled with additional care.
- Fluxx does not ask users to post special-category information such as health, religion, political opinions, government identity documents, biometric identifiers, or financial account details in public content unless a specific lawful verification, payment, payout, safety, or compliance flow requires relevant information.
- If users voluntarily include sensitive information in profiles, posts, messages, live streams, reports, or support requests, Fluxx may process it to provide the feature, show it to intended recipients, moderate content, protect users, respond to the request, or comply with law.
- Payment card details, bank details, tax documents, and payout verification details are generally handled by payment or payout providers rather than stored directly by Fluxx unless a limited reference, status, or compliance record is needed.
8. Legal bases and consent
Where privacy law requires a legal basis, Fluxx relies on the basis that matches the feature and context. The exact basis may depend on the user's country, the feature used, and the type of data involved.
- Contract and service necessity may apply when Fluxx needs data to create an account, authenticate users, deliver content, send messages, enable calls or live sessions, process purchases, provide support, and operate account controls.
- Consent may apply to optional permissions, optional analytics or personalization where used, marketing choices, precise location, camera, microphone, notifications, media access, and other features that require user permission or opt-in.
- Legitimate interests may apply to security, fraud prevention, abuse detection, service improvement, diagnostics, safety, moderation, reliability, and protection of users and the Fluxx service.
- Legal obligation may apply to tax, accounting, payment records, app-store compliance, consumer protection, law-enforcement requests, age-safety obligations, and regulatory requirements.
- Vital interests or public interest may apply in urgent safety situations, emergency harm prevention, exploitation investigations, or serious abuse reports where applicable law allows it.
Users can withdraw consent for many permission-based features through device settings or in-app controls, but withdrawal may limit the related feature.
9. How Fluxx uses information
Fluxx uses information only for purposes connected to providing, protecting, supporting, measuring, improving, and legally operating the service.
- To create accounts, authenticate users, maintain sessions, prevent unauthorized access, and keep account settings synchronized.
- To deliver feeds, profiles, posts, media, stories, comments, messages, calls, live streams, notifications, discovery, search, recommendations, creator tools, gifts, wallets, subscriptions, ads, and related product features.
- To upload, process, transcode, store, cache, display, personalize, rank, recommend, and moderate media and user-generated content.
- To process purchases, virtual items, subscription or entitlement status, creator monetization, advertiser flows, payouts, refunds, disputes, taxes, fraud checks, and store-compliance records where applicable.
- To detect spam, fraud, abuse, impersonation, illegal content, security incidents, underage risk, harassment, and policy violations.
- To respond to support, privacy, deletion, law-enforcement, safety, intellectual property, account-access, billing, and compliance requests.
- To analyze reliability, diagnose errors, improve performance, test features, localize content, maintain infrastructure, and protect the integrity of Fluxx.
10. Sharing, disclosure, and third-party providers
Fluxx does not sell personal information. Fluxx may share information only when needed to operate the service, fulfill user-directed actions, comply with law, protect users, process payments or store distribution, support safety and moderation, or work with trusted service providers.
- Other users may see public profile details, public posts, comments, live participation, reactions, follower relationships, and other information intentionally made visible through app features and privacy settings.
- Service providers may support cloud hosting, media storage and delivery, authentication, notifications, analytics, diagnostics, customer support, email, translation, live and calling infrastructure, fraud prevention, payment processing, store distribution, moderation workflows, and security operations.
- Authentication and platform providers such as Google, Apple, Facebook, Yahoo, Firebase, app stores, payment processors, and purchase-management providers may process information needed for sign-in, app distribution, purchases, subscriptions, refunds, entitlements, or provider compliance.
- Infrastructure and delivery providers, including cloud, CDN, storage, worker, database, media-processing, notification, email, and security vendors, may process technical data needed to make Fluxx fast, available, secure, and reliable.
- Fluxx may disclose information when required by law, valid legal process, regulatory obligations, emergency safety concerns, fraud prevention, protection of rights, enforcement of terms, or investigation of abuse.
- If Fluxx is involved in a merger, acquisition, financing, restructuring, or transfer of business assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and continuity protections.
11. SDKs, third-party code, and provider roles
Fluxx may include third-party SDKs or service integrations to provide core app features. These providers are expected to process data only for disclosed service, security, payment, analytics, infrastructure, store, or compliance purposes, subject to their own terms and privacy policies where applicable.
- Firebase and Google services may support authentication, messaging, push notification delivery, device or app identifiers, app infrastructure, and account security.
- Google, Apple, Facebook, and Yahoo sign-in may be used when a user chooses that login method. The chosen provider may process identifiers, authentication tokens, email or profile information, and security signals needed for login.
- RevenueCat and app stores may process purchase, subscription, refund, transaction, entitlement, and device/store identifiers needed for in-app purchase functionality and subscription validation.
- Stripe or other payment providers may process advertiser, creator, checkout, payout, tax, fraud, dispute, and compliance information for monetization, ads, creator earnings, and payment flows where enabled.
- Cloud, CDN, media, realtime, email, support, moderation, and security providers may process content, technical logs, metadata, diagnostics, and routing information needed to operate Fluxx.
Fluxx is responsible for keeping its store disclosures and privacy policy consistent with the third-party code and providers used in the app.
12. Public content, messages, and user-generated content
Fluxx is a social and user-generated-content service. Some information is meant to be visible to other users or recipients depending on the feature used, account settings, and the user's own choices.
- Public or semi-public content may include profile details, posts, videos, stories, comments, live streams, reactions, follower/following relationships, creator or business surfaces, and public interaction signals.
- Messages, calls, private interactions, blocked-user choices, reports, and account controls are treated according to their feature context, but they may still be processed to deliver the feature, protect users, investigate abuse, or comply with law.
- When users delete content or accounts, removal from active surfaces may occur before all backups, logs, moderation records, payment records, or legal records expire.
- Users should not share sensitive personal information in public content unless they understand that it may be visible to others.
13. Private messages, calls, and live sessions
Fluxx provides communication features that may include messages, attachments, calls, live sessions, reactions, and related metadata. These features require technical processing so communications can be delivered, synchronized, protected, and supported.
- Messages and attachments may be processed to deliver them to recipients, show conversation history, enable notifications, support reporting, enforce safety rules, investigate abuse, and comply with law.
- Call and live-session data may include participants, room identifiers, timestamps, device and network signals, moderation context, and technical signaling needed to establish or maintain the session.
- Fluxx may process reports, blocked-user choices, moderation actions, abuse signals, and safety escalations related to private or live communication.
- Unless a specific feature explicitly says otherwise, users should not assume every communication feature is end-to-end encrypted.
14. Discovery, recommendations, ads, and monetization
Fluxx may use account, content, activity, location, language, safety, and commercial signals to operate discovery, recommendations, creator tools, promoted content, ads workflows, purchases, subscriptions, gifts, wallets, and monetization features.
- Discovery and recommendations may use profile information, content signals, interactions, follows, blocks, reports, location preferences, language, app activity, and safety signals to rank or suggest people, content, live sessions, or communities.
- Promoted content or ad campaign tools, where available, may use advertiser-provided settings, campaign targeting, budget, checkout status, review status, impression/click or performance metrics, and fraud-prevention signals.
- Private messages are not sold to advertisers and are not used as a standalone source for third-party advertising.
- Creator and wallet features may use purchase, entitlement, gift, points, payout, verification, tax, chargeback, refund, and compliance data needed to operate commercial features.
- Aggregated, de-identified, or limited campaign metrics may be provided to creators, businesses, advertisers, app stores, payment processors, or partners where needed for product operation and reporting.
15. Children, teens, and safety
Fluxx is not intended for children under the minimum age required by applicable law. Where teen users are allowed, Fluxx may use age-gate information, moderation tools, reporting paths, safety controls, and policy enforcement to reduce risk.
- Users should not create an account if they are below the minimum age required in their country or region.
- Fluxx may process reports, account signals, content signals, and safety context to investigate underage use, exploitation, harassment, grooming, illegal content, or other serious harm.
- Parents, guardians, or authorities can report child-safety or underage concerns through trust@fluxx.social or the public Child Safety page where available.
- When Fluxx learns that data was collected from a child in a way that should not have happened, Fluxx may restrict, delete, or investigate the account and associated data as appropriate.
16. Security and integrity
Fluxx uses reasonable technical and operational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. No online service can guarantee perfect security, but Fluxx works to reduce risk through layered controls.
- Security controls may include encrypted transport, authentication checks, token validation, device and session signals, rate limits, access controls, logging, backups, monitoring, abuse detection, and operational review.
- Access to personal information is limited based on role, business need, trust-and-safety need, support need, and legal or compliance obligations.
- Sensitive operational actions may require additional authentication, account checks, fraud review, provider verification, audit logs, or manual review.
- Fluxx may preserve security logs and abuse evidence where needed to prevent repeated fraud, spam, platform manipulation, exploitation, or unauthorized access.
- Users should keep their login credentials secure, avoid sharing verification codes, and report suspicious access or impersonation concerns promptly.
17. Retention and deletion
Fluxx keeps information for as long as needed to provide the service, maintain security, comply with law, resolve disputes, process payments, investigate abuse, prevent fraud, maintain backups, and protect legal rights. Retention periods vary by data category and context.
- Account and profile data is generally retained while the account remains active or as needed for service, security, compliance, or support.
- User content is generally retained while it remains published, sent, saved, cached, reported, or otherwise needed for feature delivery, safety, disputes, or legal obligations.
- Operational logs, diagnostics, security records, login events, moderation records, payment or entitlement records, fraud signals, and legal records may be retained longer when needed for safety, compliance, accounting, chargebacks, enforcement, or defense of rights.
- Account deletion can be requested in the app, through deletedata@fluxx.social, or through the public deletion information page at https://fluxx.social/delete-data.
- After a valid deletion request, Fluxx begins removing or de-identifying account data from active systems where deletion is technically possible and legally required.
- Some information may remain in backups, restricted logs, moderation records, payment records, provider systems, or legal records for a limited period where technically necessary or legally permitted.
- Content shared with other users may remain visible to recipients, in reports, in moderation evidence, in cache, or in backup copies for a limited time even after deletion from active profile surfaces.
A deletion request is not treated as a temporary deactivation request. Where deletion is requested and verified, Fluxx works toward account and associated data deletion subject to legal, security, payment, and safety limits.
18. User choices and rights
Users can manage many privacy choices directly in Fluxx and may also contact Fluxx for privacy rights requests where applicable by law.
- In-app choices may include profile visibility, blocks, reporting, chat and discovery controls, notification settings, account settings, language preferences, location permissions, media permissions, and deletion or export routes.
- Device-level permissions for camera, microphone, location, notifications, photos, files, and network access can be managed from Android or iOS settings.
- Depending on applicable law, users may request access, correction, deletion, export, restriction, objection, withdrawal of consent, or clarification of how their data is handled.
- Fluxx may ask for information needed to verify the account or request before completing access, correction, export, deletion, or restriction requests.
- Users in the EEA, UK, Switzerland, and other regions with privacy rights may have additional rights to object, restrict processing, lodge complaints, or request portability where applicable.
- Users can contact trust@fluxx.social for privacy rights requests and deletedata@fluxx.social for deletion-focused requests.
19. How privacy requests are handled
Fluxx reviews privacy requests through reasonable verification and routing steps so account data is not disclosed, changed, exported, or deleted for the wrong person.
- Requests should include enough information to identify the account or data request, such as username, email, user ID, device context, or the channel used to contact Fluxx.
- Fluxx may refuse, narrow, or delay requests that cannot be verified, are abusive, conflict with law, compromise other users, reveal security systems, or require retention for safety, payment, fraud, dispute, or legal reasons.
- Fluxx aims to respond within the time required by applicable law and may explain whether a request was completed, partially completed, denied, or still in progress.
- If a user made a purchase or payout through a third-party provider, some records may need to be handled directly by that provider or retained for accounting, tax, chargeback, or anti-fraud obligations.
20. International processing
Fluxx may process information in countries where Fluxx, its infrastructure, or its service providers operate. Data protection laws may differ by location, but Fluxx uses reasonable safeguards and contractual or operational controls where appropriate for cross-border processing.
- Fluxx is operated by a Romanian company and may serve users from multiple countries.
- Infrastructure, app stores, authentication providers, payment providers, content delivery systems, moderation tooling, and support providers may process data outside the user's country.
- Where required, Fluxx may rely on contractual safeguards, provider commitments, access controls, security controls, data minimization, and other appropriate measures for international processing.
21. Cookies and website preferences
The Fluxx website may use essential cookies or similar technologies to remember language, consent, security, and basic website preferences. Optional analytics or personalization tools may be used only where enabled and appropriate. Website cookie choices do not replace mobile-app privacy controls.
- Essential cookies may remember language, consent preferences, routing state, security choices, and basic website operation.
- Optional cookies or similar tools, where enabled, may help Fluxx understand performance, errors, page flows, and localization quality.
- Users can manage browser cookies through browser controls and any cookie controls shown on the website.
22. Store disclosures and policy consistency
Fluxx aims to keep this Privacy Policy, in-app disclosures, Google Play Data safety responses, App Store privacy responses, permission prompts, and account deletion information consistent with the app's actual behavior.
- If a store form, permission prompt, or in-app notice describes a data practice more specifically than this page, both should be read together.
- If Fluxx adds or removes SDKs, permissions, monetization flows, analytics, ads, location features, payment features, or safety tooling, Fluxx may update this page and store disclosures.
- If a reviewer, user, regulator, app store, or provider identifies an inconsistency, Fluxx may correct the policy, app behavior, store forms, or feature disclosures as appropriate.
This policy is designed to comprehensively disclose how Fluxx accesses, collects, uses, shares, protects, retains, and deletes user data, including data handled by third-party code and providers.
23. Changes to this policy
Fluxx may update this Privacy Policy when the product, provider stack, law, store requirements, safety practices, or data handling changes. Material updates may be shown in the app, on the website, in release notes, by email, through account notices, or through another appropriate notice.
- The updated date near the top of this page shows when this version was last revised.
- Continued use of Fluxx after an update means the new version applies from the effective date unless applicable law requires a different process.
- Older versions may be archived internally for compliance, troubleshooting, and review history.
