Flux is built for people who deserve an app that respects them. This policy explains exactly what personal data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have over it. We've written it to be read, not just checked off.
1. Who we are
Flux is developed and operated as an independent app product. You can contact us at hello@flux-app.org with any privacy-related questions or requests.
2. What personal data we collect
We collect only what's necessary to run the app. Here is every category:
- Account data: Your email address and first name, provided when you sign up. If you sign in with Apple or Google, we receive your name and email from that provider.
- Habit data: The habits you create (name, icon, size, reminder time), when you mark them complete, and any notes you add.
- Onboarding quiz answers: Your responses to the onboarding questionnaire (e.g., your main goals, challenges, energy patterns). Used to personalise habit suggestions and app content.
- Focus session data: Your session intentions, duration, and completion notes when you use the Focus Room feature.
- Daily wins and check-ins: Optional notes you write about what went well, and your daily overwhelm check-in scores (1-5 scale).
- Device and usage data: Which features you use, when, and on what device type. Used for improving the app and diagnosing crashes. This data is anonymised or pseudonymised where possible.
- Payment data: We do not store your payment card details. Subscription payments are processed entirely by Apple (App Store) or Google (Play Store). We receive only confirmation of your subscription status.
3. How we use your data
We use your data for the following purposes, and nothing else:
- Providing the Flux app and all its features to you.
- Personalising habit suggestions and app content based on your quiz answers and usage patterns.
- Generating AI-powered responses in Panic Mode and habit tips (your task description or habit name is sent to our AI provider to generate suggestions).
- Sending you habit reminder notifications, if you enable them.
- Processing and managing your subscription via RevenueCat.
- Improving the app by understanding which features are used and where crashes occur.
- Responding to your support requests.
We do not use your data for advertising, and we do not sell your data to anyone, ever.
4. Third-party services we use
We use a small number of trusted third-party services to operate Flux. Each receives only the minimum data needed for their specific function:
- Supabase (supabase.com) — Database, authentication, and backend functions. Your account data, habit data, and app data are stored on Supabase infrastructure. Privacy policy.
- Anthropic / Claude AI (anthropic.com) — Powers Panic Mode, habit suggestions, and AI tips. When you use these features, your task description or habit name is transmitted to Anthropic's API. Anthropic does not use API inputs to train their models by default. Privacy policy.
- RevenueCat (revenuecat.com) — Manages your subscription status. Receives your app user ID and subscription events from the App Store or Google Play. We use a webhook from RevenueCat to update your Pro status in our database. Privacy policy.
- PostHog (posthog.com) — Analytics for understanding how features are used. Data is pseudonymised; your Supabase user ID is used as an identifier but no directly identifying information (name, email) is sent. Privacy policy.
- Sentry (sentry.io) — Crash and error reporting. Error logs may include your device type, OS version, and app state at the time of a crash, but not your personal content (habit names, notes, etc.). Privacy policy.
- Apple / Google — Authentication (Sign in with Apple, Google Sign-In) and payment processing. Governed by their respective privacy policies.
5. Data storage and security
Your data is stored on Supabase infrastructure, which is hosted on AWS in the United States. All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by the database provider.
Access to your data within the app is protected by row-level security (RLS) policies, meaning the app can only read and write your own data, not other users'. Authentication tokens are stored securely using the device's secure enclave where available.
We take reasonable technical and organisational measures to protect your data. However, no system is completely immune to security incidents. In the event of a breach affecting your personal data, we will notify you as required by applicable law.
6. Data retention
We retain your data for as long as your account is active. Specifically:
- Account and habit data: Retained until you delete your account.
- Usage and analytics data: Retained for up to 24 months in PostHog, after which it is aggregated or deleted.
- Crash logs: Retained for up to 90 days in Sentry.
- Subscription records: RevenueCat retains subscription history per their own retention policy.
When you delete your account, all your personal data (account, habits, logs, notes, focus sessions, quiz answers, wins, check-ins) is deleted immediately and permanently from our database. This deletion is irreversible.
7. Your rights
Depending on where you are located, you have some or all of the following rights:
- Access: You can request a copy of the personal data we hold about you.
- Correction: You can correct inaccurate data directly in the app (name, habits, etc.) or by contacting us.
- Deletion: You can delete your account at any time from the Profile tab in the app. All data is deleted immediately. Or contact us at hello@flux-app.org.
- Portability: You can request an export of your personal data in a structured, machine-readable format by emailing us.
- Objection / restriction: You can object to or ask us to restrict certain processing of your data. Contact us to discuss.
- Withdraw consent: Where processing is based on consent (e.g., analytics), you can withdraw consent by contacting us.
To exercise any of these rights, email hello@flux-app.org. We will respond within 30 days (within 72 hours for urgent deletion requests).
8. EU and UK users (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, the following applies:
Legal basis for processing:
- Contract performance: processing necessary to provide the Flux service you signed up for (account data, habit data, focus sessions).
- Legitimate interests: analytics and crash reporting to improve the app, where our interest in providing a high-quality service is not overridden by your privacy interests.
- Consent: where we have obtained your explicit consent (e.g., push notifications).
If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at edpb.europa.eu.
Personal data is transferred to the United States (Supabase, Anthropic, RevenueCat). These transfers are made under standard contractual clauses or other applicable transfer mechanisms.
9. California users (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- The right to know what personal information we collect and how we use it.
- The right to delete your personal information (see section 7 above).
- The right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioural advertising.
- The right to non-discrimination for exercising your privacy rights.
To exercise your California privacy rights, email hello@flux-app.org with "California Privacy Request" in the subject line.
10. Children's privacy
Flux is not directed at children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at hello@flux-app.org and we will delete it promptly.
11. Push notifications
If you enable habit reminders, we use Expo's notification service to deliver them to your device. You can disable notifications at any time from the Profile tab in Flux, or from your device's notification settings. Disabling notifications does not affect any other app functionality.
12. Changes to this policy
We may update this privacy policy from time to time. We will update the "last updated" date at the top and, for material changes, provide notice within the app. Continued use of Flux after a change constitutes acceptance of the updated policy. We encourage you to review this page periodically.