Privacy Policy

Last updated: February 17, 2026

This Privacy Policy describes how contentFlux ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you visit our website, use our platform, or interact with our services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Services.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name — Your display name
  • Email address — Used for authentication, notifications, and communication
  • Password — Stored in hashed form; we never store or have access to your plain-text password
  • Profile image — If you provide one or sign in via Google OAuth

Workspace and Business Information

When you set up workspaces, you may provide:

  • Workspace name and timezone
  • Business description and brand voice settings
  • Brand design settings (colors, typography, visual styles)
  • Product names and descriptions
  • Content templates
  • Email sender configuration

Content You Create

We store the content you create and manage through the Services, including campaign briefs, generated content, media files (images and videos), AI-generated images and text, chat messages with the Flux AI agent, content refinement and version history, and scheduling and publishing data.

Platform Connection Data

When you connect third-party platforms, we store:

  • OAuth access tokens and refresh tokens (encrypted at rest)
  • Platform user IDs and usernames
  • Platform avatar URLs
  • Bot tokens for Discord and Telegram (encrypted at rest)
  • API keys for Brevo email service (encrypted at rest)
  • Channel and board identifiers for publishing

We never store your third-party platform passwords. All connections use OAuth or API key authentication.

Payment Information

When you make a purchase, our payment processors collect payment card numbers, billing addresses, and related financial information. We do not store complete payment card information on our servers.

Usage and Analytics Data

We automatically collect:

  • Account usage metrics — Campaigns published, AI images generated, and refinements used per billing period
  • Activity logs — Actions taken within workspaces
  • AI analytics — Aggregated data about content generation patterns and performance
  • Error data — Application errors and diagnostic information sent to our error monitoring service
  • Platform content metrics — Engagement data (views, likes, comments, shares) fetched from connected platforms for your published content
  • Device and log information — Browser type, IP address, access times, and referring URLs

Information from Third-Party Sign-In

If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

Website Import Data

If you use the "Import from Website" feature, we temporarily process publicly available content from the URL you provide to extract brand information. The URLs you submit and extracted data are stored in your workspace.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Generate content — Send your briefs, brand settings, and preferences to AI models to generate and refine content on your behalf
  • Publish content — Transmit your content to connected third-party platforms
  • Process transactions and manage your subscription
  • Send notifications about campaign status, publishing results, team activity, and important service updates
  • Enforce subscription limits and rate limits
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Respond to your support requests and troubleshoot issues
  • Comply with legal obligations

We do not use your information for:

  • Selling your personal data to third parties
  • Serving advertisements
  • Building advertising profiles

3. How We Share Your Information

We share your information only in the following circumstances:

Third-Party Service Providers

We use third-party services to operate the platform. Each receives only the data necessary to perform its function:

  • Convex — Database, authentication, and real-time backend (account data, workspace data, stored content)
  • OpenRouter — AI model routing connecting to Anthropic Claude and Google Gemini (content briefs, brand settings, content for refinement, image prompts)
  • PostForMe — Social media publishing for X, Instagram, Threads, LinkedIn, Facebook, Pinterest, and Bluesky (content to publish, media files, OAuth tokens)
  • Brevo — Email campaign delivery (email content, recipient lists, sender configuration)
  • Cloudflare R2 — Media file storage (uploaded and generated images and videos)
  • Google — OAuth authentication (authentication tokens during sign-in only)
  • Sentry — Error monitoring and diagnostics (error messages and diagnostic context; no content data)
  • Firecrawl — Website scraping for the Import from Website feature (URLs you submit)
  • Tavily — Web search for optional AI research (search queries derived from your briefs)

Connected Platforms

When you publish content through the Services, your content is transmitted to the third-party platforms you have connected. Once published, that content is governed by the respective platform's terms and privacy policy.

Team Members

If you use workspaces with multiple team members, other members of your workspace can see workspace content, campaigns, and settings based on their role permissions.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business, your information may be transferred. We will notify you of any such change.

Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4. AI and Content Processing

How AI Processes Your Data

When you use AI features (content generation, refinement, image generation, chat with Flux), we send relevant data to third-party AI model providers through OpenRouter. This includes your content brief, workspace brand voice and content preferences, existing content being refined, image prompts and source images, and web search results when enabled.

AI Model Providers

AI processing is handled by models from Anthropic (Claude) and Google (Gemini), accessed through the OpenRouter service. These providers process your data according to their respective privacy and data use policies.

AI Training

We do not use your content to train AI models. We select providers and configurations that do not use customer data for model training.

5. Data Storage and Security

Where Your Data Is Stored

  • Application data (accounts, workspaces, campaigns, content) is stored on Convex's infrastructure
  • Media files (images, videos) are stored on Cloudflare R2
  • Error logs are stored on Sentry's infrastructure

Security Measures

We implement the following security measures:

  • Encryption of sensitive tokens — All OAuth tokens, API keys, and bot tokens are encrypted at rest using AES-256 encryption
  • Password hashing — Passwords are hashed using industry-standard algorithms; we never store plain-text passwords
  • Secure authentication — Email/password and Google OAuth with secure session management
  • HTTPS — All data in transit is encrypted using TLS
  • Workspace isolation — All data queries are filtered by workspace to prevent cross-workspace data access
  • Content Security Policy — Browser-level security headers to prevent cross-site scripting and other attacks

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

6. Cookies and Local Storage

Cookies

We use a minimal number of cookies, strictly for functional purposes:

  • Authentication cookies — Maintain your login session (session duration)
  • Workspace cookie — Remember your selected workspace (1 year)

We do not use advertising cookies, tracking cookies, or third-party analytics cookies within the application. See our Cookie Policy for more information, including cookies used on our marketing website.

Local Storage

We use browser local storage to persist your selected workspace, timezone preference, and dashboard display preferences.

7. Data Retention

Active Accounts

We retain your data for as long as your account is active and as needed to provide the Services.

Cancelled Subscriptions

When you cancel a paid subscription, your account reverts to the free tier. Your data remains accessible subject to free tier limits.

Deleted Accounts

When you request account deletion:

  • Your personal information and account data will be deleted
  • Content within workspaces you own will be deleted
  • Content within shared workspaces where you are not the owner will be retained (as it belongs to the workspace)
  • Backups containing your data may persist for up to 30 days before being purged
  • Anonymized, aggregated analytics data may be retained indefinitely

Published Content

Content that has already been published to third-party platforms is not under our control after publishing. You must manage published content directly on those platforms.

8. Your Rights and Choices

Account Information

You may update, correct, or delete your account information at any time by logging into your account settings. If you wish to delete your account, please contact us at hello@contentflux.app.

Data Export

You have the right to request a copy of the personal data we hold about you. Contact hello@contentflux.app to request a data export.

Marketing Communications

You may opt out of receiving promotional emails from us by following the unsubscribe instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.

Cookies

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to remove or reject cookies. See our Cookie Policy for more information.

9. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

10. European Economic Area (EEA) and UK Residents

If you are located in the EEA or UK, you have certain rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right of Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request that we delete your personal information in certain circumstances.
  • Right to Restriction: You have the right to request that we restrict processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to processing of your personal information in certain circumstances.
  • Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw consent at any time.

To exercise these rights, please contact us at hello@contentflux.app. You also have the right to lodge a complaint with a supervisory authority.

Legal Basis for Processing: We process your personal information based on one or more of the following legal bases: performance of a contract, legitimate interests, consent, or compliance with legal obligations.

11. California Residents

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise these rights, please contact us at hello@contentflux.app. We do not sell personal information as defined by the CCPA.

12. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 18, please contact us at hello@contentflux.app.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where required by law, provide additional notice such as email notification or a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about our practices.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

contentFlux
Email: hello@contentflux.app
Phone: +855 966018350