Privacy Policy

Last updated: April 21, 2026

Flux ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our personal finance tracking platform.

1. Information We Collect

We collect the following types of information:

• Account information: Your name and email address when you create an account.
• Financial data via Plaid: When you connect your bank accounts, we receive transaction history, account balances, and account information (account name, type, and institution) through Plaid's secure API.
• Payment information: Billing details are collected and processed by Stripe. We do not store your credit card number on our servers.
• Business workspace data (Flux Business only): If you use Flux Business, we also collect and store invoice details (amounts, line items, due dates, status), expense submissions and approvals, tax categorizations, budget definitions, and workspace settings. Data you add to a shared workspace is visible to other members of that workspace according to their role.
• Third-party contact information (Flux Business only): If you create invoices or invite team members, we store the names and email addresses of your invoice clients and pending invitees. See Section 4 below for how this information is handled.
• Usage data: Basic usage patterns to improve the product experience.

2. How We Use Your Data

Your data is used to provide core Flux functionality:

• Generating spending insights, category breakdowns, and trend analysis.
• Tracking your net worth across connected accounts.
• Powering budgets, savings goals, and financial summaries.
• Sending account-related notifications and updates.

3. Data Storage & Security

Your data is stored in Supabase and transmitted over HTTPS/TLS at all times. Plaid access tokens are encrypted at rest with AES-256-GCM before being written to the database. Authorization — the rules that determine which user can read or modify which records — is enforced at our API layer, which verifies your identity via Clerk on every request and scopes every database query to the data you are permitted to access. For Flux Business workspaces, access is further constrained by your assigned role within the workspace.

4. Third-Party Contact Information (Flux Business)

When you create an invoice in Flux Business, you may enter the name and email address of a client. When you invite someone to your workspace, we store their email address until they accept or the invite is revoked. These individuals are not Flux users and have not themselves agreed to this Privacy Policy.

We use this information solely to operate the features you requested (rendering and delivering invoices; processing workspace invitations). We do not market to these contacts, sell their information, or use it for any other purpose. You, as the workspace owner, are the controller of this data; Flux acts as a processor.

If an invoice client or invitee wishes to have their information deleted, they or you can email us at the address in Section 11 and we will remove the record. Invitee emails are deleted when the invite is accepted, revoked, or expires. Invoice client details are retained for as long as the invoice exists in your workspace, so that invoice history remains accurate, and are deleted when you delete the invoice or your workspace.

5. Other Third-Party Services

We use the following third-party services to operate Flux:

• Plaid — Securely connects to your bank accounts and retrieves financial data.
• Stripe — Processes subscription payments.
• Clerk — Handles user authentication and session management.
• Supabase — Hosts our database infrastructure.
• Vercel — Hosts the Flux web application.

Each service operates under its own privacy policy and is contractually obligated to handle your data securely.

6. We Never Sell Your Data

Flux does not sell, rent, or trade your personal or financial data to third parties. Your data is used solely to provide and improve the Flux service.

7. Data Deletion

You can delete all of your data at any time from the Settings page within Flux. This will permanently remove your account, connected bank links, transaction history, and all associated data. You may also request deletion by emailing [email protected].

8. Cookies

Flux uses session cookies managed by Clerk for authentication purposes only. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

9. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify all affected users within 72 hours via email, along with details of what data was impacted and steps being taken to resolve the issue.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice within the Flux application.

11. Contact Us