Privacy Policy

When you create an account or use the platform, we collect a limited set of categories below. Each category is processed for the specific purpose listed alongside it.

Account Information

When you create an account, we collect your name, email address, company name, and billing address. This information is necessary to provide our services and communicate with you.

Billing Information

Payment details are processed securely through our payment providers (such as Stripe). We do not store complete credit card numbers on our servers. We retain transaction records for accounting and legal purposes.

Usage Data

We collect information about how you use FluxBilling, including features accessed, actions taken, and time spent on the platform. This helps us improve our services and provide better support.

Technical Data

We automatically collect certain technical information, including your IP address, browser type, device information, and operating system. This data helps us maintain security and optimize performance.

License & Telemetry Data

If you run the Self-Hosted Edition, your instance sends limited licensing telemetry to our servers — see clause 08 for the full description of what is and is not transmitted.

We use the information we collect to:

• —Provide, maintain, and improve our services
• —Process transactions and send related information
• —Send service-related communications and updates
• —Respond to your comments, questions, and support requests
• —Monitor and analyze usage patterns and trends
• —Detect, prevent, and address technical issues and security threats
• —Detect, investigate, and act on unlicensed instances, license circumvention, and unauthorized distribution of our software
• —Comply with legal obligations and enforce our terms

We may share your information with third parties only in the following circumstances:

• —Payment Processors — to process your payments securely (e.g., Stripe, PayPal)
• —Infrastructure Providers — cloud hosting and CDN services that help deliver our platform
• —Analytics Services — to understand usage patterns and improve our services
• —Legal Requirements — when required by law, or to protect and enforce our rights, including pursuing claims against unlicensed use or unauthorized distribution of our software
• —Business Transfers — in connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties for marketing purposes.

We use a small number of cookie categories. Each is described below.

Essential Cookies

Required for the platform to function properly, including authentication and security features. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our platform. This data is aggregated and anonymous.

Preference Cookies

Remember your settings and preferences to provide a personalized experience.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

We implement industry-standard security measures to protect your information:

• —TLS 1.3 encryption for all data in transit
• —AES-256 encryption for data at rest
• —Regular security audits and penetration testing
• —Multi-factor authentication options
• —Role-based access controls
• —Continuous monitoring and intrusion detection

For more details about our security practices, please visit our Security page.

Depending on your location, you may have the following rights regarding your personal data:

• —Access — request a copy of the personal data we hold about you
• —Rectification — request correction of inaccurate or incomplete data
• —Erasure — request deletion of your personal data ("right to be forgotten")
• —Data Portability — receive your data in a structured, machine-readable format
• —Withdraw Consent — withdraw consent for data processing at any time
• —Object — object to processing of your personal data for certain purposes
• —Lodge Complaints — file a complaint with your local data protection authority

To exercise any of these rights, please contact us via a support ticket.

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy. When you close your account:

• —Account data is deleted within 30 days
• —Billing records are retained for 7 years for legal and tax purposes
• —Anonymized usage data may be retained for analytics
• —Backup data is purged according to our retention schedule

If you run the Self-Hosted Edition, the platform runs entirely on your infrastructure and the data you store in it — including your end customers’ personal data — never reaches our systems. Your instance communicates with our license servers for validation and updates, transmitting only the following:

• —License validation — your instance ID, a cryptographic signature, the bound domain, and license status, checked periodically
• —Heartbeat metrics — platform version, hostname, and aggregate counts (active clients, total users, server inventory totals), sent hourly
• —Infrastructure digest — irreversibly hashed identifiers of your own servers and network ranges, used solely to operate licensed allocation features
• —Update delivery — short-lived, per-instance credentials issued when your instance pulls software updates

This telemetry contains no personal data about your end customers — no names, email addresses, billing details, or per-customer service records are ever transmitted. We act as the data controller for this licensing data and retain validation and heartbeat logs for up to 12 months for license enforcement and audit purposes. Where telemetry indicates an unlicensed instance, license circumvention, or unauthorized distribution, we may retain the related records for longer as needed to establish, exercise, or defend legal claims (legitimate interest, Art. 6(1)(f) GDPR). For end-customer data stored on your instance, you are the sole controller and host.