Legal

Privacy Policy

Last updated: May 14, 2026

This policy explains how Fluxhive ("we," "our," or "us") collects, uses, and protects your personal data when you use our platform at fluxhive.app.

Table of Contents

1. Introduction

Fluxhive operates the digital marketplace at fluxhive.app, where creators sell and buyers purchase digital products including templates, e-books, prompts, software tools, and other downloadable assets.

This Privacy Policy describes what personal data we collect, why we collect it, how we use it, and the rights you have over your data. It applies to all visitors, registered users, buyers, and sellers who interact with fluxhive.app.

By using Fluxhive, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of the platform.

2. Data We Collect

2.1 Account Information

When you register an account, we collect:

  • Full name and email address
  • Password (stored as a bcrypt hash — never in plain text)
  • Optional display name or username
  • Account creation timestamp and last login timestamp
  • If you register via Google OAuth: your Google profile name, email, and profile picture URL (we do not store your Google password)

2.2 Transaction Data

When you make a purchase, we collect and retain:

  • Items purchased, purchase price, currency, and order timestamp
  • Stripe payment intent ID, charge ID, and payment status (we do not store raw card numbers or CVV codes — Stripe handles all card data under PCI-DSS compliance)
  • Download events and access timestamps per order
  • Refund request status and resolution
  • Seller payout records (for seller accounts): payout amounts, Stripe Connect account IDs, and payout timestamps

2.3 Analytics and Cookies

We automatically collect certain technical data when you visit the platform:

  • IP address and approximate geographic region (country/city level)
  • Browser type, version, and operating system
  • Referring URL, pages visited, and time spent on pages
  • Device type (desktop, mobile, tablet) and screen resolution
  • Session identifiers stored in browser cookies (see Section 6 for cookie details)
  • Aggregate usage statistics via Google Analytics (anonymized where possible)

3. How We Use Data

3.1 Service Provision

  • Create and manage your account
  • Process payments and deliver purchased digital products via secure download links
  • Enforce license terms and track download events for refund eligibility
  • Display your purchase history and enable re-downloads within the permitted window
  • Facilitate seller dashboards, product listings, and payout processing

3.2 Communication

  • Send transactional emails: order confirmations, download links, refund status updates, and account notifications
  • Send security alerts (e.g., new device login, password change)
  • Send marketing emails about new products, promotions, and platform updates — only with your explicit consent, which you may withdraw at any time
  • Respond to support tickets and customer inquiries

3.3 Fraud Prevention and Security

  • Detect and prevent fraudulent transactions, unauthorized access, and abuse of the platform
  • Enforce our Terms of Service, including detecting scraping, automated abuse, and unauthorized redistribution
  • Monitor for suspicious login patterns and apply rate limiting
  • Comply with legal obligations, respond to lawful requests, and protect Fluxhive's legal rights

3.4 Platform Improvement

  • Analyze aggregate usage patterns to improve search, product discovery, and user experience
  • Measure marketing campaign performance using anonymized analytics data
  • Debug technical issues and monitor platform health

4. Data Sharing

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes — ever.

We share data only with trusted service providers who help operate the platform:

4.1 Stripe (Payment Processing)

All payment processing is handled by Stripe, Inc. Stripe receives billing details, payment card data, and order amounts directly. Fluxhive receives only tokenized payment references and payment status. Stripe is PCI-DSS Level 1 certified. Review Stripe's privacy policy at stripe.com/privacy.

4.2 Supabase (Database and Authentication)

Our application data — including user accounts, product records, and order history — is stored in Supabase, which is hosted on AWS infrastructure. Supabase handles authentication session tokens and row-level security. Data is stored in the region configured for our project. Review Supabase's privacy policy at supabase.com/privacy.

4.3 Vercel (Hosting and Edge Functions)

The Fluxhive web application is hosted on Vercel. Vercel processes HTTP request data (including IP addresses) to serve pages and API routes. Vercel retains server logs for a limited period. Review Vercel's privacy policy at vercel.com/legal/privacy-policy.

4.4 Resend (Transactional Email)

We use Resend to deliver transactional and marketing emails. Resend processes recipient email addresses and message content on our behalf. Review Resend's privacy policy at resend.com/legal/privacy-policy.

4.5 Legal Disclosures

We may disclose personal data if required by law, court order, or government request, or when necessary to protect the rights, property, or safety of Fluxhive, our users, or the public.

5. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection legislation, you have the following rights regarding your personal data:

Right of Access

You may request a copy of all personal data we hold about you, including account details, purchase history, and any usage data linked to your identity.

Right to Rectification

You may request correction of inaccurate or incomplete personal data. You can update most account information directly via your account settings.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data. Note that we may be required to retain certain records (e.g., purchase records for tax compliance) even after account closure. See Section 8 for retention details.

Right to Data Portability

You may request an export of your personal data in a structured, machine-readable format (e.g., JSON or CSV) for transfer to another service.

Right to Object

You may object to the processing of your data for direct marketing purposes at any time. You may also object to processing based on our legitimate interests.

Right to Restrict Processing

You may request that we limit the processing of your data in certain circumstances, such as while a rectification request is being resolved.

To exercise any of these rights, contact us at support@fluxhive.app. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national supervisory authority in the EU).

6. Cookies

Fluxhive uses cookies and similar technologies to operate the platform, maintain session state, and understand how users interact with the site.

6.1 Essential Cookies

These cookies are strictly necessary for the platform to function. They cannot be disabled without breaking core features.

Cookie NamePurposeDuration
sb-access-tokenSupabase authentication — stores your JWT session token to keep you logged in1 hour (auto-refreshed)
sb-refresh-tokenSupabase authentication — used to silently refresh the access token without requiring re-loginUp to 7 days
cart-itemsStores your shopping cart contents locally so items persist across page navigationsSession / 30 days

6.2 Analytics Cookies

We use Google Analytics to understand how users navigate the platform. Google Analytics sets the following cookies:

Cookie NamePurposeDuration
_gaDistinguishes unique users for Google Analytics aggregate reporting2 years
_ga_*Maintains Google Analytics session state for GA4 measurement2 years

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings.

6.3 Managing Cookies

You can control and delete cookies through your browser settings. Disabling essential cookies (such as sb-access-token and sb-refresh-token) will prevent you from staying logged in.

7. Security

We take the security of your personal data seriously and implement multiple layers of protection:

  • TLS Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. HTTPS is enforced across all routes.
  • Password Hashing (bcrypt): Passwords are never stored in plain text. We use bcrypt with a strong work factor to hash all passwords before storage.
  • Row-Level Security (RBAC): Our Supabase database uses row-level security (RLS) policies to ensure users can only access their own data, and sellers can only access their own products and orders.
  • PCI-DSS Compliance via Stripe: Payment card data is handled exclusively by Stripe, a PCI-DSS Level 1 certified provider. Fluxhive never touches raw card numbers, CVV codes, or full magnetic stripe data.
  • Signed Download URLs: Digital product files are served via time-limited, signed URLs. Download links expire and cannot be shared indefinitely.
  • Access Controls: Internal access to production data is restricted to authorized personnel only, and is subject to audit logging.

Note: While we apply industry-standard security controls, no system is completely immune to breaches. In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law.

8. Data Retention

We retain different categories of data for different periods, based on business necessity and legal requirements:

Account Data

Retained for as long as your account is active. If you delete your account, your personal account data (name, email, preferences) is deleted within 30 days, subject to the exceptions below.

Until account deletion

Purchase Records and Transaction History

We retain purchase records, payment references, and order details for 7 years from the date of transaction to comply with tax, accounting, and legal obligations. This data may be retained even after account deletion.

7 years

Analytics Data

Aggregate and anonymized analytics data collected via Google Analytics is retained for 2 years, after which it is automatically deleted per Google Analytics data retention settings.

2 years

Support Communications

Support tickets and email correspondence are retained for up to 2 years to enable effective customer service and dispute resolution.

2 years

Security and Fraud Logs

Access logs, download event logs, and fraud-detection records are retained for up to 1 year or as required by applicable law.

Up to 1 year

To request early deletion of your data, contact support@fluxhive.app. Requests will be honored subject to our legal retention obligations.

9. Children's Privacy

Fluxhive is not intended for, and does not knowingly collect data from, children under the age of 13.

Our platform and digital products are designed for adults and businesses. We do not knowingly register accounts for, sell to, or market to children under 13 years of age. This policy is consistent with the Children's Online Privacy Protection Act (COPPA) in the United States, and equivalent laws in other jurisdictions.

If you believe a child under 13 has created an account or provided personal data to Fluxhive without verifiable parental consent, please contact us immediately at support@fluxhive.app. We will promptly investigate and, where confirmed, delete the child's account and all associated data.

Users between ages 13 and 18 should use the platform only with the supervision and consent of a parent or legal guardian.

10. Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post the revised policy at fluxhive.app/privacy-policy
  • For material changes that significantly affect your rights or how we process your data, notify you by email at least 14 days before the changes take effect

Your continued use of Fluxhive after the effective date of any updated policy constitutes your acceptance of those changes. If you do not agree with the updated policy, you should discontinue use of the platform and may request account deletion.

We encourage you to review this page periodically to stay informed about our data practices.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please reach out:

Privacy Inquiries:support@fluxhive.app
General Support:support@fluxhive.app
Platform:fluxhive.app
Response Time:We aim to respond to all privacy-related requests within 30 days of receipt.

For data subject requests under GDPR or CCPA (access, erasure, portability, objection), please email support@fluxhive.app with the subject line "Data Subject Request" and include your account email address so we can verify your identity.

← Back to Fluxhive
Terms of Service·Privacy Policy