Privacy Policy

1. Data Controller

This Privacy Policy defines the rules for processing and protecting personal data collected from users (hereafter, "User" or "You") in connection with the purchase, installation, and usage of the "Flux" and "FluxCut" plugins (the "Plugins") and the services available at fluxstudio.store (the "Website"). The Data Controller is Flux Studio.

2. What Data We Process

We process data necessary to authenticate users, manage licenses, handle subscriptions, and provide AI-based editing services. This includes:

• Account Credentials: Email addresses and hashed passwords provided during manual registration.
• Google Profile Data: Google ID, name, email address, and profile picture URL obtained during Google Sign-in.
• Billing Information: Purchase history, plan tiers, and billing email addresses. Transactional card details and BLIK payments are processed securely and directly by Stripe, our PCI-compliant payment gateway. We do not store full credit card numbers on our servers.
• Device Identifiers (Licensing): Unique device hashes (generated using non-reversible cryptographic hashes of basic system metadata like hostname, username, and OS type) to verify and enforce active device seat quotas.
• Usage Analytics: Basic execution logs and usage statistics (e.g., number of audio seconds transcribed or cut) strictly to enforce plan quotas.

3. Google API User Data Disclosure

Flux Studio’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We request access to your Google account details (specifically email and basic profile details) solely to authenticate You and authorize your purchase in our system. Flux Studio does not read, access, or share your emails, contacts, calendar, or Google Drive files.

4. Payment Processing (Stripe)

Payments are handled entirely by Stripe, Inc.. All transactional data (including cardholder names, card numbers, BLIK authentication, and billing details) is encrypted and processed directly under Stripe's terms. We receive subscription events, payment status flags, and reference customer IDs from Stripe to provision your active licenses.

5. Sharing of Personal Data

We do not sell, rent, or distribute your personal data to third-party marketers. Your information is shared only with trusted infrastructure providers necessary to run our service (such as database hostings, email delivery services, Stripe payment gateway, and AI transcription nodes).

6. Data Retention

We retain account information and license histories for as long as your account remains active or as required to comply with financial reporting laws (e.g., invoice records). Active device fingerprints are deleted instantly when a device is deactivated by the User in the dashboard.

7. GDPR and Global Privacy Rights

Depending on your jurisdiction (such as the EEA under the General Data Protection Regulation - GDPR), You have the following rights regarding your personal data:

• The right to access and receive copies of your data.
• The right to rectify inaccurate or incomplete information.
• The right to request data erasure ("Right to be Forgotten") via the account dashboard.
• The right to withdraw consent for processing.

8. Security Measures

We implement industry-standard cryptographic practices (such as HTTPS/TLS encryption, salted password hashing, and secure session tokens) to protect your personal data from unauthorized access, modification, or exposure.