Privacy Policy for Flunxx

1. About Us

This website and service are operated by The Grow Revenue Company Limited (“we”, “our”, “us”), a private limited company registered in England & Wales under company number [insert], with its registered office at 128 City Road, London EC1V 2NX, United Kingdom.

We are the data controller of personal data collected through the Flunxx platform, website, and associated applications.
 For some processing activities we act as a data processor on behalf of our business customers.

2. Scope of This Policy

This Privacy Policy explains:

●      What information we collect and why;

●      How we process, store, and secure that information;

●      Your rights under the UK GDPR and other data-protection laws;

●      How to contact us regarding your data.

This policy applies to:

●      Visitors to flunxx.com and sub-domains;

●      Customers who register for or use Flunxx;

●      End-users whose data is processed through customer accounts.

3. Data We Collect

3.1 Account and Identity Data

●      Name, business email, job title, company name;

●      Password hash or single-sign-on identifier

●      Subscription plan, billing address, tax number (where applicable).

3.2 Payment Data

Processed securely by our third-party payment provider (e.g. Stripe or Paddle). We never store full card details.

3.3 Email and Message Data (Processor Role)

When you connect an email account, Flunxx accesses:

●      Message metadata (sender, recipient, subject, timestamps);

●      Message body text for AI classification;

●      Attachments only if necessary for classification.

Email content is processed transiently or stored in encrypted form solely to deliver the filtering functionality.

3.4 Technical and Usage Data

●      IP address, browser type/version, operating system;

●      Access times, pages viewed, feature usage metrics;

●      Log files and diagnostic data for security monitoring.

3.5 Marketing & Cookies

We use essential cookies for authentication and analytics cookies (Google Analytics 4 / Plausible) to improve performance.
 You can control cookies via your browser or our on-site consent banner.

4. How We Use Your Data

We process personal data to:

1. Provide, maintain, and improve the Flunxx service;
   
   

2. Authenticate users and secure accounts;
   
   

3. Detect and prevent fraud or misuse;
   
   

4. Provide customer support;
   
   

5. Process payments and issue invoices;
   
   

6. Send product updates and service notices;
   
   

7. Conduct research, development, and statistical analysis in aggregated or anonymised form;
   
   

8. Comply with legal obligations and regulatory requests.

5. Legal Bases for Processing

We rely on one or more lawful bases under UK GDPR Article 6:

●      Contractual necessity – to provide the subscribed service;

●      Legitimate interest – to improve, secure, and market our offerings;

●      Consent – for optional marketing communications;

●      Legal obligation – to comply with accounting and data-retention laws.

6. Data Retention

Category

Retention Period

Account & billing data

6 years after contract end (HMRC requirement)

Email logs & classifications

90 days (default, configurable by client)

Support correspondence

24 months

Back-ups

Rolling 30-day encrypted backups

After expiry, data is securely deleted or anonymised.

7. Data Security

●      AES-256 encryption at rest; TLS 1.3 in transit.

●      Role-based access control and least-privilege principles.

●      Two-factor admin authentication.

●      Annual penetration testing and vulnerability scans.

●      ISO 27001-aligned security management framework.

8. International Transfers

Data may be processed in the UK, EEA, or trusted sub-processors in jurisdictions providing adequate protection.
 Where transfers occur outside these regions, we rely on Standard Contractual Clauses or other approved safeguards.

9. Sharing of Data

We share limited data with:

●      Infrastructure providers: AWS, Google Cloud (hosting).

●      Payment processors: Stripe / Paddle.

●      Analytics: Plausible / Google Analytics (aggregated).

●      Email delivery: Postmark / SendGrid.
 All third parties are bound by written Data Processing Agreements ensuring GDPR compliance.

10. Your Rights

Under UK GDPR you have rights to:

●      Access and receive a copy of your data (Art 15);

●      Rectify inaccurate data (Art 16);

●      Erase data (“right to be forgotten”) (Art 17);

●      Restrict or object to processing (Arts 18-21);

●      Data portability (Art 20);

●      Lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk).

Requests may be sent to privacy@flunxx.com and will be answered within 30 days.

11. Children’s Data

Flunxx is not directed to individuals under 18 years of age. We do not knowingly collect children’s data.

12. Automated Decision Making

Flunxx’s AI classifies emails automatically.
 No automated decision has legal or similarly significant effects on users; classifications can always be reviewed and adjusted manually.

13. Data Breach Notification

In case of a personal-data breach likely to risk individuals’ rights, we will notify affected users and the ICO within 72 hours of awareness.

14. Changes to This Policy

We may revise this policy periodically. Updates will be posted at flunxx.com/privacy with a new effective date.

15. Contact

Data Protection Officer (DPO)
 Email: privacy@flunxx.com
 Post: The Grow Revenue Company Limited, 128 City Road, London EC1V 2NX UK