Privacy Policy

1. INTRODUCTION

This Privacy Policy describes how Fluxentra ("Service," "we," "us," or "our") collects, uses, stores, and protects personal information when you use our Software-as-a-Service (SaaS) platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) - European Union
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Other applicable privacy and data protection regulations

By using Fluxentra, you consent to the data practices described in this Privacy Policy.

2. DATA CONTROLLER

The Service Operator acts as the data controller for personal information collected through the Service.

Contact Information:

Email: [Contact email to be provided]

Website: https://fluxentra.finance

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Subscription and Account Information:

• Email address (optional, for account notifications and subscription management)
• Payment information (processed and stored by Stripe, Inc. - see Section 6)
• Subscription plan selection and billing preferences
• Communication preferences

Support and Communication:

• Information provided when contacting customer support
• Feedback, survey responses, or other voluntary communications

3.2 Information Collected Automatically

Wallet Information:

• Cryptocurrency wallet address (public blockchain address)
• Wallet connection metadata (wallet type, connection timestamp)

IMPORTANT: We do NOT collect, store, or have access to:

• Private keys or seed phrases
• Wallet passwords or authentication credentials
• Funds or digital assets held in your wallet

Usage and Analytics Data:

• IP address
• Browser type and version
• Device information (operating system, device type)
• Pages visited and features used
• Time and date of access
• Referral source
• Session duration and interaction patterns

Technical Data:

• Cookies and similar tracking technologies (see Section 4)
• Log files and error reports
• Performance and diagnostic data

3.3 Blockchain Data

Public Blockchain Information:

When you use the Service to view portfolio analytics or interact with decentralized protocols, we may access publicly available blockchain data associated with your wallet address, including:

• Transaction history
• Token balances and holdings
• Liquidity positions
• Smart contract interactions
• On-chain activity and timestamps

IMPORTANT: This information is:

• Publicly available on the blockchain
• NOT controlled, stored, or owned by Fluxentra
• Accessible to anyone with your wallet address
• Immutable and permanent on the blockchain

We do NOT:

• Control or modify blockchain data
• Have custody of your funds or assets
• Store private blockchain data on our servers
• Share blockchain data beyond what is already public

5. HOW WE USE YOUR INFORMATION

5.1 Primary Uses

We use collected information to:

Provide and Maintain the Service:

• Authenticate users and manage sessions
• Process subscription payments and billing
• Display portfolio analytics and on-chain data
• Provide access to premium features based on subscription tier
• Maintain Service security and prevent fraud

Improve the Service:

• Analyze usage patterns and user behavior
• Identify and fix technical issues
• Develop new features and enhancements
• Optimize performance and user experience

Communicate with Users:

• Send subscription confirmations and billing notifications
• Provide customer support and respond to inquiries
• Send important Service updates and security alerts
• Deliver marketing communications (with consent, where required)

Comply with Legal Obligations:

• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our rights and prevent fraud or abuse
• Comply with tax and financial reporting requirements

5.2 Legal Basis for Processing (GDPR/LGPD)

We process personal information based on the following legal grounds:

• Contractual Necessity: To provide the Service and fulfill our obligations under the Terms of Service
• Legitimate Interest: To improve the Service, prevent fraud, and maintain security
• Consent: For marketing communications and optional features (where required)
• Legal Obligation: To comply with applicable laws and regulations

3. Data Storage

Your data is stored in:

• PostgreSQL database
• Stripe servers
• Server logs (temporary)
• Security cache (temporary)

We never store:

• private keys
• seed phrases
• wallet secrets

All blockchain interactions occur client-side.

6. DATA SHARING AND DISCLOSURE

6.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist in operating the Service:

Stripe, Inc. (Payment Processing):

• Processes subscription payments on our behalf
• Stores payment card information securely
• Subject to Stripe's Terms of Service and Privacy Policy
• IMPORTANT: Stripe does NOT have access to, control, or process blockchain transactions or cryptocurrency funds

Infrastructure and Hosting Providers:

• Cloud hosting services (e.g., AWS, Render, Vercel)
• Database services (e.g., Supabase, PostgreSQL)
• Content delivery networks (CDNs)

Analytics and Monitoring:

• Analytics platforms (e.g., Google Analytics)
• Error tracking and performance monitoring services

Blockchain Infrastructure:

• RPC providers (e.g., Alchemy, Infura)
• Blockchain data indexing services

IMPORTANT: These providers:

• Access only the minimum data necessary to perform their functions
• Are contractually obligated to protect your information
• May NOT use your data for their own purposes
• Are subject to their own privacy policies

6.2 Blockchain Transactions

No Intermediation:

When you interact with decentralized protocols through the Service:

• Transactions occur directly between your wallet and the blockchain protocol
• We do NOT intermediate, route, or process these transactions
• We do NOT share your transaction data with third parties (beyond what is already public on the blockchain)
• All transaction data is publicly visible on the blockchain and accessible to anyone

6.3 Legal Requirements

We may disclose information if required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Fluxentra, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred to the acquiring entity. Users will be notified of any such change via email or prominent notice on the Service.

6.5 No Sale of Personal Data

We do NOT sell, rent, or trade personal information to third parties for marketing purposes.

5. Legal Basis (GDPR)

We process data under:

• Contract necessity → subscriptions
• Legitimate interest → fraud prevention
• Legal obligation → payment records
• Consent → when user connects a wallet or enters personal information

6. Data Retention

We retain:

• Subscription data: while account is active
• Payment records: required by law (5–10 years depending on jurisdiction)
• Logs: short period for security (30–90 days)

Users may request deletion (subject to Stripe/legal requirements).

9. YOUR RIGHTS (GDPR/LGPD)

9.1 Data Subject Rights

Under GDPR and LGPD, you have the following rights regarding your personal information:

Right to Access:

• Request a copy of the personal information we hold about you
• Receive information about how your data is processed

Right to Rectification:

• Correct inaccurate or incomplete personal information

Right to Erasure ("Right to be Forgotten"):

• Request deletion of your personal information (subject to legal retention requirements)

Right to Restriction of Processing:

• Request that we limit how we use your personal information

Right to Data Portability:

• Receive your personal information in a structured, machine-readable format
• Transfer your data to another service provider

Right to Object:

• Object to processing based on legitimate interests
• Opt out of marketing communications

Right to Withdraw Consent:

• Withdraw consent for data processing at any time (where processing is based on consent)

Right to Lodge a Complaint:

• File a complaint with your local data protection authority

9.2 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: [Contact email to be provided]

We will respond to requests within:

• 30 days (GDPR)
• 15 days (LGPD)

We may require verification of your identity before processing requests.

9.3 Limitations

Certain rights may be limited by:

• Legal obligations to retain data
• Legitimate interests in fraud prevention and security
• Technical limitations (e.g., blockchain data cannot be deleted)

8. DATA SECURITY

8.1 Security Measures

We implement industry-standard security measures to protect personal information, including:

Technical Safeguards:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Secure authentication and session management
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems

Organizational Safeguards:

• Access controls and role-based permissions
• Employee training on data protection
• Confidentiality agreements with service providers
• Incident response and breach notification procedures

8.2 Limitations

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Users are responsible for:

• Maintaining the security of their wallet and private keys
• Using strong, unique passwords
• Enabling two-factor authentication (where available)
• Reporting suspicious activity immediately

8.3 Blockchain Security Disclaimer

IMPORTANT: Fluxentra does NOT:

• Custody or control user funds
• Store private keys or seed phrases
• Have the ability to recover lost or stolen cryptocurrency
• Guarantee the security of third-party wallets or blockchain protocols

Users are solely responsible for the security of their cryptocurrency wallets and digital assets.

10. INTERNATIONAL DATA TRANSFERS

10.1 Cross-Border Transfers

Fluxentra may store and process personal information in countries outside your jurisdiction. When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Other legally recognized transfer mechanisms

10.2 Data Processing Locations

Personal information may be processed in:

• United States
• European Union
• Other jurisdictions where our service providers operate

By using the Service, you consent to the transfer of your information to these jurisdictions.

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 Types of Cookies

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Remember user preferences and settings
• Analyze usage patterns and improve the Service
• Provide personalized content and features

Cookie Categories:

• Essential Cookies: Required for core functionality (wallet connection, session management)
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember user settings and choices

4.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may limit Service functionality.

4.3 Third-Party Analytics

We may use third-party analytics services (e.g., Google Analytics) to collect and analyze usage data. These services have their own privacy policies governing data collection and use.

11. CHILDREN'S PRIVACY

Fluxentra is NOT intended for users under the age of 18 (or the age of majority in your jurisdiction).

We do NOT knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it immediately.

Parents or guardians who believe their child has provided personal information should contact us immediately.

12. BLOCKCHAIN DATA DISCLAIMER

12.1 Public Nature of Blockchain

Blockchain transactions and wallet addresses are publicly visible and permanent. Once recorded on the blockchain:

• Data cannot be deleted, modified, or hidden
• Anyone can view transaction history associated with a wallet address
• Fluxentra has NO control over blockchain data

12.2 Pseudonymity vs. Anonymity

While wallet addresses are pseudonymous, they are NOT anonymous. Blockchain analysis tools can potentially link wallet addresses to real-world identities.

12.3 No Blockchain Data Control

Fluxentra:

• Does NOT control or own blockchain data
• Cannot delete or modify blockchain records
• Is NOT responsible for the public nature of blockchain information
• Cannot prevent third parties from accessing public blockchain data

Users are solely responsible for understanding the public and permanent nature of blockchain transactions.

13. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites, protocols, or services. We are NOT responsible for the privacy practices or content of these third parties.

Users should review the privacy policies of any third-party services they interact with.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features.

Notification of Changes:

• Material changes will be communicated via email (if provided) or prominent notice on the Service
• Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy
• The "Last Updated" date at the top of this policy indicates when changes were made

We encourage users to review this Privacy Policy periodically.

15. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Privacy Inquiries:
Email: [Contact email to be provided]

General Inquiries:
Email: [Contact email to be provided]
Website: https://fluxentra.finance

Data Protection Officer (if applicable):
Email: [DPO email to be provided]