Privacy Policy

1. Introduction

FluxSerp ("we", "us", or "our"), operated by EVIA SOFTWARE SRL, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This policy applies to all information collected through our website, applications, and any related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly when using our Service:

• Account Information: Name, email address, username, password
• Payment Information: Billing address, payment method details (processed securely by Stripe)
• Profile Information: Company name, website URL, job title, preferences
• Communication Data: Messages, feedback, and support requests sent through our platform
• Website Analysis Data: URLs, domains, and keywords you submit for analysis

2.2 Automatically Collected Information

We automatically collect certain information when you visit or use our Service:

• Usage Data: Pages viewed, features accessed, time spent, click patterns, navigation paths
• Device Information: Browser type and version, operating system, device type, screen resolution
• Location Data: IP address, approximate geographic location (country/city level)
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies (see Cookie Policy)
• Log Data: Server logs, error reports, API requests, timestamps

2.3 Website Analysis Data

When you analyze a website using our Service, we collect:

• Crawl data from publicly accessible web pages
• Meta tags, headings, and structural elements
• Keywords, backlinks, and SEO metrics
• Competitor analysis results

Note: We only analyze publicly available information and do not access password-protected or private content.

2.4 Third-Party Data

We may receive information about you from third-party services:

• Authentication Providers: Clerk (for user authentication and session management)
• Payment Processors: Stripe (for subscription billing and payment processing)
• Analytics Services: Vercel Analytics (for performance monitoring)

3. How We Use Your Information

We use the collected information for various purposes:

3.1 Service Provision

• Create and manage your account
• Process website analyses and generate reports
• Provide customer support and respond to inquiries
• Process payments and manage subscriptions
• Deliver features like AI chat, keyword suggestions, and export functions

3.2 Service Improvement

• Analyze usage patterns to improve features and user experience
• Develop new products and services
• Conduct research and analytics
• Test new features and functionality

3.3 Communication

• Send transactional emails (account updates, report notifications, billing alerts)
• Provide customer support and technical assistance
• Send marketing communications (with your consent, opt-out available)
• Announce product updates, new features, and important changes

3.4 Security and Compliance

• Detect and prevent fraud, spam, and abuse
• Ensure platform security and integrity
• Comply with legal obligations and regulations
• Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide the Service you've requested
• Legitimate Interests: Improving our Service, security measures, analytics
• Consent: Marketing communications, optional cookies (you can withdraw consent anytime)
• Legal Obligation: Compliance with laws, regulations, and legal processes

5. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

• Authentication: Clerk (user authentication and identity management)
• Payments: Stripe (payment processing and billing)
• Infrastructure: Vercel, Convex (hosting and database services)
• Analytics: Vercel Analytics (performance and usage analytics)
• Email: Resend (transactional email delivery)

All third-party providers are contractually required to protect your data and use it only for specified purposes.

5.2 Business Transfers

If FluxSerp is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or legal processes
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Respond to government or regulatory requests

5.4 With Your Consent

We may share your information for purposes not described in this policy with your explicit consent.

6. Data Storage and Security

6.1 Data Location

Your data is primarily stored on servers located in the United States and European Union. We use cloud infrastructure providers with industry-leading security standards.

6.2 Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication for staff
• Monitoring: 24/7 security monitoring, intrusion detection systems
• Audits: Regular security audits and vulnerability assessments
• Backups: Automated backups with encrypted storage

6.3 Data Retention

We retain your information as long as necessary to provide the Service and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Most data deleted within 90 days of account closure
• Financial Records: Retained for 7 years (tax and legal compliance)
• Aggregated Data: Anonymized data may be retained indefinitely for analytics

6.4 Security Limitations

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Access your personal data we hold about you
• Request a copy of your data in a portable format (JSON/CSV)
• Export your reports and analysis results

7.2 Correction and Update

You can:

• Update your account information through your profile settings
• Request correction of inaccurate or incomplete data

7.3 Deletion (Right to be Forgotten)

You can request deletion of your personal data by:

• Deleting your account through account settings
• Contacting us at contact@fluxserp.com

Note: Some information may be retained for legal compliance (e.g., financial records, fraud prevention).

7.4 Opt-Out and Consent Withdrawal

You can:

• Unsubscribe from marketing emails using the link in any email
• Manage cookie preferences through our cookie consent tool
• Disable analytics cookies in your browser settings
• Withdraw consent for data processing (may limit Service functionality)

7.5 Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transfer it to another service provider (where technically feasible).

7.6 Object to Processing

You can object to processing of your personal data based on legitimate interests. We will honor such requests unless we have compelling legitimate grounds.

7.7 Lodge a Complaint

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with:

• European Users: Your local data protection authority
• Romanian Users: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

7.8 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: contact@fluxserp.com
• Subject Line: "Privacy Rights Request"

We will respond to requests within 30 days. Identity verification may be required.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@fluxserp.com.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

FluxSerp is based in Romania, and we process and store data in the European Union and United States. If you access our Service from outside these regions, your information may be transferred to and processed in countries with different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions (where applicable)
• Compliance with GDPR requirements for cross-border transfers

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use, their purposes, and how to control them, please see our Cookie Policy.

11. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you visit.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about personal information we've collected, disclosed, or sold
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so opt-out is not applicable
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at contact@fluxserp.com with "CCPA Request" in the subject line.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to your registered email address
• Displaying a notification when you log in to the Service

The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us: