Privacy Policy

This page explains how DueFlux collects, uses and protects your data.

Data scope

Only account, billing and security data required to run DueFlux.

User controls

Export, correction and deletion requests are available from your account and support.

Legal parity

All website languages use aligned legal meaning and synchronized policy revisions.

Layered policy

Start with the summary, then open full legal text or action controls.

What we process

Identity details, billing metadata, app activity and security logs used to operate your account.

Why we process

Service delivery, payment support, fraud protection, legal compliance and product reliability.

How long we retain

Retention is category-based and minimized; inactive or expired data is deleted on schedule.

Where data is processed

Primary processing in configured regions, with safeguards for lawful transfer when required.

Data map

Each category lists source, purpose, retention and processing region.

Data category	Source	Purpose	Retention	Region
Account identity	Directly from user profile	Authentication, account ownership	While account is active	Configured service region
Billing metadata	Checkout and invoicing actions	Payment confirmation and subscription state	Legal and accounting period	Provider region with safeguards
Usage telemetry	In-app events and diagnostics	Performance, reliability and abuse detection	Short-term rolling window	Same region as account backend
Security logs	Sign-in, MFA and session events	Threat detection, incident response, auditability	Defined security retention cycle	Security processing region

Retention timeline

Retention is proportional to purpose and legal obligations.

Immediate / short-term

Session and anti-abuse events

Used for live protection and removed after operational security windows.

Active lifecycle

Profile and workspace records

Stored while your account remains active and service features are in use.

Regulated period

Billing and transaction metadata

Retained for accounting and legal requirements, then purged on schedule.

Post-request window

Deletion and export requests

Request records are kept briefly for legal proof and incident follow-up.

Compliance and security baseline

Controls listed here are deployment-level commitments and operational safeguards.

GDPR data-subject rights workflow SCC transfer safeguards where applicable Encryption in transit and at rest Incident response and breach notification process Least-privilege access model

Policy changelog

Track what changed and when, with impact notes for users and teams.

2026-02-06

Layered privacy format introduced

Added summary view, controls view, data map and retention timeline for faster legal review.

2026-01-28

Security event categories clarified

Expanded definitions for authentication logs, abuse prevention events and retention windows.

2026-01-10

Cross-language legal parity workflow

Aligned legal keys and synchronized publication across all supported website languages.

Machine-readable and official copies

Use official downloadable policy files for audits, integrations and compliance records.

Download official PDF Open JSON policy

Last official update: 2026-02-06

Multilingual legal parity

Policy meaning is synchronized across all supported site languages with version-locked legal updates.

Parity lock active for 12 languages

Need a privacy action now?

Open the right flow instantly: export, delete, or contact support.

Export data Delete account Ask privacy team Back to homepage