Privacy Policy

Effective Date: 25th March 2025

Welcome to Flux Manager!

This Privacy Policy explains how Flux Manager ("we", "us", or "our") collects, uses, stores, and protects your information when you use our web application at app.fluxmanager.com and related services. By using Flux Manager, you agree to the practices described in this policy.

1. Information We Collect

Flux Manager collects only the data necessary to provide its core functionality. This includes:

1.1 Account & Employee Information

  • Name, email address, and role within your company
  • Company name and subscription details
  • Login credentials (passwords are hashed and never stored in plain text)

1.2 Business Operations Data

  • Expense records: category, amount, date, and notes
  • Quotations, tasks, projects, and related business records you create
  • Client and contact information you add to the system

1.3 Email Integration Data (Gmail & Outlook)

When you connect your Gmail or Outlook account to Flux Manager for email integration, we collect the following data from your mailbox:
  • Email metadata: Subject line, sender address, recipient address, received date and time
  • Email body: The full text content of emails, used to auto-create quotations and tasks
  • Attachments: File name, file type, file size, and attachment content where relevant to business operations
  • OAuth tokens: Access tokens and refresh tokens issued by Google or Microsoft, encrypted and stored securely to maintain your connection

We access your email only to the extent necessary to provide the features you have enabled. We do not read emails for advertising, profiling, or any purpose outside of the functionality you requested.

2. How We Use Your Information

2.1 Core Application Features

  • Record, organize, and display expense and business data for your organization
  • Enable quotation creation, task management, and project tracking
  • Provide reporting and analytics for your business operations

2.2 Email Integration Features

  • Automatically detect incoming client emails and suggest or create quotations
  • Parse email content to extract relevant business data (client name, items, amounts)
  • Notify your team of new client enquiries in real time via webhooks
  • Store email history linked to client records for reference

2.3 What We Do NOT Do

  • We do not sell your data or email content to any third party
  • We do not use your emails for advertising or marketing profiling
  • We do not share your email data with any party outside your organization
  • We do not train AI or machine learning models on your email content

3. Data Storage and Security

  • All data is stored on our secure servers hosted on Amazon Web Services (AWS)
  • OAuth tokens (Gmail and Outlook) are encrypted at rest using AES-128-CBC with HMAC-SHA256 (Fernet encryption) before being written to the database
  • Email content is stored in an encrypted database with access restricted to your company's account only
  • All data in transit is protected using TLS (HTTPS)
  • Only authorized Flux Manager personnel have access to server infrastructure, and only for maintenance purposes
  • Users are encouraged to use strong passwords and keep login credentials confidential

4. Third-Party Services & OAuth Integrations

4.1 Google (Gmail Integration)

When you connect your Gmail account, Flux Manager uses Google OAuth 2.0. We request the following Google API scopes:

  • gmail.readonly — to read your emails
  • gmail.modify — to mark emails as read

Flux Manager's use of Google user data is governed by Google API Services User Data Policy, including the Limited Use requirements. We only use Gmail data to provide and improve the email integration features within Flux Manager.

4.2 Microsoft (Outlook Integration)

When you connect your Outlook or Microsoft 365 account, Flux Manager uses Microsoft OAuth 2.0 (Azure AD). We request the following Microsoft Graph API permissions:

  • Mail.Read — to read your emails and attachments
  • Mail.ReadWrite — to mark emails as read
  • User.Read — to retrieve your account email address and display name

For Microsoft 365 / Office 365 work accounts, an IT administrator must grant consent on behalf of the organization before any user in that organization can connect.

4.3 No Other Third-Party Integrations

Flux Manager does not integrate with third-party advertising services, payment gateways that store financial credentials, or in-app purchase systems. Any future third-party integrations will be communicated in an updated Privacy Policy.

5. User Rights

You have the right to:

  • Access: View all data recorded for your account
  • Correction: Request corrections to incorrect or incomplete data
  • Deletion: Request deletion of your account and all associated data
  • Revoke Email Access: Disconnect your Gmail or Outlook account at any time from app.fluxmanager.com → Settings → Email Integration → Disconnect. Revoking access removes your stored OAuth tokens and stops all email syncing immediately.
  • Data Portability: Request an export of your business data

To exercise any of these rights, contact us at [email protected].

6. Data Retention

  • Business data is retained as long as your subscriber account is active
  • Email integration data (synced emails, attachments, OAuth tokens) is retained as long as the email connection is active
  • When you disconnect an email account, OAuth tokens are deleted immediately
  • Upon account deactivation or termination, all associated data will be permanently deleted within 30 days
  • You may request immediate deletion by contacting support

7. Cookies

Flux Manager uses essential session cookies to keep you logged in. We do not use advertising or tracking cookies. No third-party analytics cookies are set on our application pages.

8. Children's Privacy

Flux Manager is a business application and is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will notify you of any significant changes via email or in-app notification. The "Effective Date" at the top indicates the latest version.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: