Privacy Policy

1. Introduction

Flux Learning (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered course authoring platform and related services (collectively, the “Service”).

Please read this privacy policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name, and job title when you create an account.
• Content Data: Course content, documents, images, and other materials you upload or create using our Service.
• Payment Information: Billing address and payment details processed by our merchant of record, Lemon Squeezy. Lemon Squeezy handles all payment processing, tax collection, and related compliance.
• Communications: Information you provide when you contact us for support or feedback.
• Security Information: Multi-factor authentication settings, backup codes, and security preferences.

2.2 Automatically Collected Information

• Usage Data: Information about how you use the Service, including features accessed, pages viewed, and actions taken.
• Device Information: Browser type, operating system, device type, and unique device identifiers.
• Log Data: IP address, access times, and referring URLs.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect and store information. See our Cookie Policy for details.

2.3 Learning Analytics Data

For courses deployed through our platform, we collect anonymized learning analytics including course completion rates, quiz scores, and time spent on content. This data helps improve course effectiveness and is provided to course administrators.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the Service
• To process transactions and send related information
• To send technical notices, updates, and support messages
• To respond to your comments, questions, and support requests
• To analyze usage patterns and improve user experience
• To power AI features, including content generation and analysis
• To detect, prevent, and address technical issues and security threats
• To enforce our security measures including multi-factor authentication
• To comply with legal obligations

4. AI Processing and Content

Our Service uses artificial intelligence to help you create and enhance learning content. When you use our AI features:

• Your content is processed by our AI service providers (currently Google Gemini) to generate suggestions and improvements.
• We do not use your content to train AI models beyond what is necessary to provide the Service.
• AI-generated content suggestions are provided as tools for your review and are not automatically published.
• You retain full ownership of all content you create, whether with or without AI assistance.

5. Information Sharing

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who help us operate our Service (see our Subprocessors list).
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• Legal Requirements: When required by law or to protect our rights and safety.
• With Your Consent: When you have given us explicit permission to share your information.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication (MFA) support with TOTP-based verification
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Continuous security monitoring and incident response procedures
• Automated data retention enforcement and cleanup processes

For more details, please visit our Trust Center.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. We have implemented automated data retention processes that enforce the following retention periods:

• Account Data: Retained while your account is active and for up to 30 days after deletion request.
• Content Data: Retained until you delete it or close your account.
• Session Data: Retained for 30 days and automatically purged.
• Error Logs: Retained for 90 days for debugging purposes.
• Audit Logs: Retained for 1 year for security and compliance purposes.
• Billing Records: Retained for 7 years as required by law.
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical purposes.

Data retention cleanup runs automatically on a daily schedule to ensure compliance with these retention periods.

8. Your Rights

We provide tools for you to exercise your privacy rights directly through your account settings. You can also submit formal requests through our Privacy Request Portal.

8.1 Self-Service Privacy Controls

• Data Export: Download all your data in JSON format from Account Settings
• Account Deletion: Request permanent deletion of your account and all associated data
• Cookie Preferences: Manage cookie consent through our cookie banner
• Communication Preferences: Update your marketing and notification preferences
• MFA Settings: Enable or disable multi-factor authentication

8.2 GDPR Rights (EEA Residents)

For detailed information about your GDPR rights, please visit our GDPR Information Page.

• Access (Article 15): Request a copy of your personal data
• Rectification (Article 16): Request correction of inaccurate data
• Erasure (Article 17): Request deletion of your personal data (“Right to be Forgotten”)
• Restriction (Article 18): Request limitation of processing
• Portability (Article 20): Receive your data in a structured, machine-readable format
• Objection (Article 21): Object to processing based on legitimate interests
• Automated Decisions (Article 22): Right not to be subject to automated decision-making

8.3 CCPA Rights (California Residents)

• Know: Request disclosure of personal information collected
• Delete: Request deletion of personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: Right not to be discriminated against for exercising your rights

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer data internationally, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission. For more information about our international data transfer practices, see our GDPR Information Page.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in and remember your preferences
• Understand how you use our Service
• Improve performance and user experience

You can manage your cookie preferences using our cookie consent banner or through your browser settings. For complete information about our cookie practices, please see our Cookie Policy.

11. Account Security Features

We offer several security features to help protect your account:

• Multi-Factor Authentication (MFA): Optional TOTP-based two-factor authentication compatible with authenticator apps like Google Authenticator and Authy.
• Backup Codes: One-time use recovery codes for account access if you lose your authenticator device.
• Session Management: View and revoke active sessions from your account settings.
• Security Notifications: Email alerts for security-related account activity.

12. Children's Privacy

Our Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@fluxlearning.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For significant changes, we will also send an email notification to registered users. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: