Privacy Policy

FluxDiagram LLC ("FluxDiagram," "we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding your data.

This policy applies to all users of fluxdiagram.app, fluxdiagram.com, fluxdiagram.dev, and any related services (collectively, the "Service").

For questions or to exercise your rights, contact us at legal@fluxdiagram.com.

Account data: When you register, we collect your email address and (if applicable) OAuth profile data from your sign-in provider (e.g., Google, GitHub). We do not collect your name unless you voluntarily provide it.

Payment data: We use Stripe to process payments. FluxDiagram does not store your full card number, CVV, or bank account details. Stripe stores and processes payment information in accordance with PCI-DSS standards. We receive and store your Stripe customer ID, subscription status, billing tier, and billing cycle.

Animation descriptions (inputs): When you describe an animated visual, we send your input to an AI model (Anthropic, OpenAI, or Google, depending on your tier) to generate the corresponding code. We store the input description alongside the generated Output associated with your account.

Generated Outputs: The animated visual files (MP4, GIF, WebM, animated SVG) you generate are stored on Cloudflare R2 and associated with your account, subject to tier-based retention periods.

Usage logs: We collect server logs and usage events including: pages visited, features used, generation timestamps, export actions, and error events. This data is used for service improvement and is processed by PostHog (our analytics provider).

Technical data: IP address, browser type, operating system, and device type, collected automatically for security and service delivery purposes.

Communications: If you contact us by email, we retain the correspondence to resolve your inquiry.

Marketing consent: If you opt in to marketing emails, we store your consent record and deliver emails via Resend.

We use your data to:

• Provide, operate, and improve the FluxDiagram service
• Authenticate your account and maintain session security
• Process payments and manage your subscription
• Generate animated visuals in response to your descriptions
• Store and deliver your exported files
• Send transactional emails (receipts, export notifications, security alerts) via Resend
• Send marketing emails if you have opted in
• Detect and prevent fraud, abuse, and security incidents
• Produce anonymized, aggregated analytics about service usage
• Comply with legal obligations

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, we process your personal data under the following lawful bases:

• Contract performance (Art. 6(1)(b) GDPR): Account data, payment data, animation inputs/Outputs, and transactional emails are processed to perform the contract you have with us.
• Legitimate interests (Art. 6(1)(f) GDPR): Usage logs, technical data, and fraud prevention are processed based on our legitimate interest in operating a secure, reliable service, balanced against your rights.
• Consent (Art. 6(1)(a) GDPR): Marketing emails and analytics cookies are processed only where you have given explicit consent, which you can withdraw at any time.
• Legal obligation (Art. 6(1)(c) GDPR): Some financial and compliance records are retained to meet legal requirements.

We share your data with the following sub-processors to deliver the service. Each is bound by a data processing agreement and appropriate security standards:

• Supabase: Authentication, database, and backend infrastructure. Data hosted in the EU (eu-central-1) or US depending on your region. Privacy: supabase.com/privacy
• Stripe: Payment processing and subscription management. PCI-DSS Level 1 certified. Privacy: stripe.com/privacy
• Cloudflare R2: Object storage for exported animated visual files. Privacy: cloudflare.com/privacypolicy
• PostHog: Product analytics and usage event tracking. EU hosting available. Privacy: posthog.com/privacy
• Resend: Transactional and marketing email delivery. Privacy: resend.com/legal/privacy-policy
• Anthropic (Claude):AI model for Premium animated visual generation. Your animation descriptions are sent to Anthropic's API for processing. Anthropic does not use your data to train its models under our API agreement. Privacy: anthropic.com/privacy
• OpenAI (GPT):AI model for Standard animated visual generation. Your animation descriptions are sent to OpenAI's API. OpenAI does not train on API data under their enterprise terms. Privacy: openai.com/policies/privacy-policy
• Google (Gemini): AI model for Premium animated visual generation (where applicable). Privacy: policies.google.com/privacy
• Sentry: Error monitoring and crash reporting. Privacy: sentry.io/privacy

We do not sell your personal data to third parties. We do not share your data with advertising networks.

We retain your data for the following periods:

• Account data (email, settings): Retained while your account is active and for 90 days after deletion, then permanently purged.
• Animation inputs and Outputs: Retained for the tier-based storage period (7 / 30 / 90 days from generation date). Account deletion triggers deletion within 30 days.
• Payment records: Retained for 7 years to comply with financial record-keeping laws (even after account deletion).
• Usage logs: Retained for 12 months in identifiable form, then anonymized or deleted.
• Marketing consent records: Retained until you withdraw consent, plus 3 years for audit purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any right, contact us at legal@fluxdiagram.com. We will respond within 30 days (or within the timeframe required by applicable law).

• Right of access: Request a copy of the personal data we hold about you.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
• Right to portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to restriction: Request that we restrict processing of your data in certain circumstances.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to rectification: Request correction of inaccurate personal data.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
• Right to lodge a complaint: Lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or the relevant EU supervisory authority).

You can delete your account and request data erasure directly from your account Settings page, or by emailing us.

We use cookies and similar technologies. Please see our Cookie Policy for full details. In summary: we use essential cookies for authentication, analytics cookies (PostHog, opt-out available), and no advertising cookies.

FluxDiagram is based in the United States. If you access the service from outside the US, your data may be transferred to and processed in the US and other jurisdictions. Where required (e.g., EU/UK GDPR), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our sub-processors.

FluxDiagram is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at legal@fluxdiagram.com and we will delete it promptly.

Users between 13 and 18 should use FluxDiagram only with parental or guardian consent.

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted storage, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

In the event of a personal data breach affecting your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law (within 72 hours of becoming aware, where mandated by GDPR).

For privacy-related inquiries, data subject requests, or complaints:

Email: legal@fluxdiagram.com
Company: FluxDiagram LLC, Delaware, United States

If you are located in the EU/UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.