Legal

Privacy Policy

Effective date: April 8, 2025  ·  Last updated: April 8, 2025

1. Overview

FluxText ("we," "us," or "our") operates the FluxText desktop application for macOS and Windows and its associated backend service (collectively, the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights regarding that information.

By downloading or using FluxText, you agree to the collection and use of information described in this policy. If you do not agree, please do not use the Service.

Key principle: FluxText is designed with minimal data collection. The text you translate is sent to our AI processor for translation and is never stored permanently on our servers.

2. Data We Collect

2.1 Data Collected Automatically

When you install and use FluxText, we automatically collect:

DataDescriptionPurpose
Device Fingerprint A one-way hash (64-character hex string) derived from hardware identifiers. This is anonymous and cannot be reversed to identify your device model or hardware details. Quota tracking, license binding, session management
Usage Records Number of characters translated per billing period, associated with your device fingerprint. Enforcing plan quotas, billing accuracy
Session Tokens Short-lived authentication tokens (UUID format, stored in encrypted storage on your device and our KV cache). Authenticating API requests
IP Address Your IP address as seen by our Cloudflare-hosted backend. Stored temporarily in a rate-limit cache. Abuse prevention and rate limiting

2.2 Data You Provide (Paid Plans)

If you purchase a paid subscription, we (via Paddle) collect:

  • Email address — used to deliver your license key, send billing notifications, and provide account support.
  • Payment information — credit/debit card details are handled exclusively by Paddle and are never transmitted to or stored on FluxText servers.
  • License key — a generated key (format FLUX-XXXX-XXXX-XXXX-XXXX) bound to your device.

2.3 Text Content

When you trigger a translation, the selected or typed text is sent over HTTPS to our backend, which forwards it to the Anthropic AI API for processing. This text is used solely to produce a translation result and is not stored in any database, log, or cache on our servers. Anthropic's data handling is governed by Anthropic's Privacy Policy.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Providing the Service — routing translation requests, enforcing quota limits, managing license activations and sessions.
  • Billing and subscription management — processing payments via Paddle, sending license keys and receipts via email.
  • Abuse prevention — IP-based rate limiting to prevent credential stuffing and automated abuse of our API.
  • Service improvement — aggregate, anonymized usage statistics (e.g. total translations per day). No individual text content is used for this purpose.
  • Legal compliance — retaining records as required by applicable laws.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Third-Party Services

FluxText relies on the following third-party processors to operate. Each processor is bound by a Data Processing Agreement and applicable data protection law:

ProviderPurposeData Shared
Anthropic AI translation processing Text to be translated (transient, not stored by us)
Paddle Payment processing, subscription management, and Merchant of Record (handles tax, compliance, and refunds) Email address, payment information
Resend Transactional email delivery (license keys, receipts) Email address, license key
Cloudflare Backend infrastructure (Workers, KV storage, DDoS protection) All API requests, IP addresses, session tokens
Neon (PostgreSQL) Primary database (usage records, device registry, license keys) Device fingerprint, usage records, license data, email (paid users)

We do not integrate any advertising networks, social media trackers, or analytics SDKs into the FluxText application or website.

5. Data Retention

DataRetention Period
Translated text Not retained. Discarded immediately after translation is returned.
Session tokens 24 hours from creation (automatic expiry in Cloudflare KV).
Rate-limit counters Up to 2 hours (automatic expiry in Cloudflare KV).
Usage records Retained for the duration of your account plus 90 days after account deletion, to resolve billing disputes.
License & subscription records Retained for 7 years from the date of the last transaction, as required by financial regulations.
Email address Retained while you have an active or recently cancelled paid subscription. Deleted upon request after account closure.

6. Security

We implement multiple layers of protection to safeguard your data:

  • Transport encryption: All data transmitted between the FluxText app and our backend is encrypted using TLS 1.2 or higher (HTTPS).
  • On-device credential storage: On macOS, session tokens and license keys are stored in the system Keychain. On Windows, they are stored in the Windows Credential Manager. Neither is stored in plain UserDefaults or the Registry.
  • No permanent text storage: Translated text is never written to disk, a database, or any log.
  • Rate limiting: Activation endpoints enforce per-IP rate limits and exponential back-off to prevent brute-force attacks.
  • Minimal data collection: We collect the least amount of data necessary to provide the Service.

No method of electronic transmission or storage is 100% secure. If you believe your account or license key has been compromised, contact us immediately at [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 For All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data, subject to retention obligations (e.g. financial records).
  • Deactivation: Unbind your license key from your device at any time via Settings → Activate → Deactivate, allowing transfer to another device.

7.2 EEA / UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you additionally have the right to:

  • Object to or restrict processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Lodge a complaint with your local supervisory authority.

Our lawful bases for processing are: performance of a contract (providing the Service you purchased), legitimate interests (security, abuse prevention), and legal obligation (financial record retention).

7.3 California Residents (CCPA / CPRA)

California residents have the right to know what personal information we collect and sell (we do not sell personal information), to delete personal information, and to opt out of sale (not applicable). To exercise your rights, contact us at [email protected].

To exercise any of the above rights, email us at [email protected]. We will respond within 30 days.

8. Children's Privacy

FluxText is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will delete it promptly.

9. International Data Transfers

FluxText operates globally. Your data may be processed and stored in the United States, the European Union, or other countries where our service providers maintain infrastructure. When we transfer personal data from the EEA or UK to a third country, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • An adequacy decision by the European Commission for the destination country.

Cloudflare, Anthropic, Paddle, and Resend each maintain their own cross-border transfer mechanisms as described in their respective privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, if the changes are material, notify paid users by email. Continued use of the Service after any update constitutes your acceptance of the revised policy.

We recommend reviewing this page periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 5 business days.