Privacy Policy
1. Introduction
FluxSoft Technologies, LLC ("Company", "we", "us") operates FluxVector, a vector search API. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
2. Information We Collect
2.1 Account Information
Email address, hashed password (bcrypt). We never store plaintext passwords.
2.2 API Keys
Stored as SHA-256 hashes. We cannot recover your API key after initial generation. The key prefix (first 8 characters) is stored for identification purposes only.
2.3 Vector Data
Text content, embedding vectors, and metadata that you upload through the API. This is your data — we process it solely to provide search functionality.
2.4 Usage Data
API endpoint accessed, request timestamps, response latency, vector and embedding counts per request, IP address, and plan tier. Used for rate limiting, billing, and service improvement.
2.5 Billing Data
Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVV codes, or full card details. We receive only a Stripe customer ID and subscription status.
3. How We Use Your Information
- Provide and maintain the Service (contract performance)
- Process billing and subscriptions (contract performance)
- Enforce rate limits and plan quotas (legitimate interest)
- Monitor and improve service reliability (legitimate interest)
- Send transactional emails: account confirmation, billing receipts, security alerts (contract performance)
- Respond to support requests (legitimate interest)
We do NOT use your data for: advertising, profiling, selling to third parties, training AI models, or any purpose beyond providing the Service.
4. Embedding Processing
Your text is converted to vector embeddings using open-source models (intfloat/multilingual-e5-large) running locally on our servers.
No data is transmitted to third-party AI services. No OpenAI, no Google, no Anthropic, no external API receives your text. Embedding generation happens entirely within our infrastructure.
5. Data Storage and Location
All data is stored in PostgreSQL databases hosted on Hetzner servers located in Germany (European Union). Data is encrypted in transit via TLS 1.2+. Database access is restricted to application-level connections only.
6. Data Retention
Your data is retained for as long as your account is active. Upon account deletion (available via API or console), all associated data is permanently deleted: account information, API keys, collections, vectors, metadata, and usage logs. Deletion is immediate and irreversible.
Stripe retains billing records per their own retention policy for legal and financial compliance.
7. Third-Party Services
We share data only with:
- Stripe (stripe.com): Payment processing. Receives email for customer creation and billing. Subject to Stripe's Privacy Policy.
- Hetzner (hetzner.com): Infrastructure hosting. Provides servers where data is stored. Subject to Hetzner's Data Processing Agreement.
- Cloudflare (cloudflare.com): DNS and DDoS protection. May process IP addresses and request metadata in transit.
We do NOT sell, rent, or share your data with any other third party.
8. Cookies and Tracking
FluxVector does not use tracking cookies, analytics pixels, or third-party tracking scripts. Authentication uses JWT session tokens stored in your browser's local storage. No third-party cookies are set.
9. Your Rights
You have the right to:
- Access: Retrieve all your data via the API (
GET /v1/collections,GET /v1/vectors/fetch) - Delete: Delete your account and all data (
DELETE /v1/auth/account) - Export: Export your vectors and metadata via the API at any time
- Rectify: Update your email or password via the API
- Object: Contact us to object to specific processing activities
EU Residents (GDPR)
You have additional rights including data portability and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is contract performance (providing the Service) and legitimate interest (security, service improvement).
California Residents (CCPA)
We do not sell personal information. You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights.
10. Security Measures
- Passwords hashed with bcrypt (adaptive cost factor)
- API keys hashed with SHA-256 (never stored in plaintext)
- All traffic encrypted with TLS 1.2+
- Security headers: HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff
- Database access restricted to application layer
- No third-party AI data transmission
11. Children
FluxVector is not intended for use by anyone under the age of 13. We do not knowingly collect information from children under 13.
12. International Data Transfers
Data is stored in the EU (Germany). If you access the Service from outside the EU, your data is transferred to and processed in Germany. For transfers subject to GDPR, we rely on Standard Contractual Clauses where applicable.
13. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, in compliance with GDPR requirements.
14. Changes to This Policy
We may update this Privacy Policy with 30 days notice via email. The "Effective Date" at the top will be updated. Continued use after the notice period constitutes acceptance.
15. Contact
FluxSoft Technologies, LLC
Email: [email protected]
Website: https://fluxsoftlabs.com
For privacy-specific inquiries: [email protected] with subject line "Privacy Request"