Back to Home

Flux23 Privacy Policy

Last Updated: November 17, 2025

Introduction

Flux23 Works Ltd ("Flux23", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Flux23 mobile application and related services (the "Service").

This Privacy Policy is designed to comply with:

  • The EU General Data Protection Regulation (GDPR)
  • Irish Data Protection Act 2018
  • Other applicable data protection laws worldwide

Please read this Privacy Policy carefully. By using Flux23, you acknowledge that you have read and understood how we handle your personal data.

Company Details:

  • Data Controller: Flux23 Works Ltd
  • Registered in: Ireland
  • Contact: info@flux23.io
  • St Anne's
  • New Quay
  • Clonmel
  • Ireland

1. Information We Collect

1.1 Personal Information You Provide

Email Address

  • Purpose: Account creation, authentication, and essential service communications
  • Collection method: Provided by you during registration
  • Required: Yes (cannot use Service without it)

Recovery Journey Data

You choose to provide this information through using the Service:

  • Progress tracking data: Days in recovery, milestone achievements, streaks
  • Journal entries: Personal notes and reflections you write
  • Trigger logs: Information about situations, people, or emotions that challenge your recovery
  • Check-in responses: Daily mood and wellness check-ins
  • Goals and commitments: Personal recovery goals you set

AI Chat Conversations

  • All messages you send to and receive from the AI chat feature
  • Stored anonymously (separated from your identifiable account information)
  • Used to improve the Service quality

1.2 Automatically Collected Information

Usage Data

  • App interactions: Features used, screens viewed, time spent
  • Session information: When you log in and use the app
  • Device information: Device type, operating system, app version
  • Error logs: Technical information when issues occur

We Do NOT Collect:

  • Location data
  • Contacts or address book
  • Camera or microphone access (unless you explicitly grant for specific features)
  • Precise geolocation tracking
  • Data from other apps on your device
  • Biometric data
  • Social media information

1.3 Special Category Data

Important: Information about addiction and recovery is considered "special category" personal data under GDPR, requiring additional protections. By using Flux23, you explicitly consent to our processing of this health-related data as described in this Privacy Policy.

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

2.1 Consent (GDPR Article 6(1)(a) and 9(2)(a))

You provide explicit consent to:

  • Process your email for account management
  • Process health-related recovery data
  • Store and analyze chat conversations (anonymously) to improve the Service
  • Send service-related communications

You may withdraw consent at any time by deleting your account.

2.2 Contract Performance (GDPR Article 6(1)(b))

Processing necessary to provide the Service you've subscribed to:

  • Account authentication and management
  • Delivering app features and functionality
  • Processing subscription payments (through app stores)

2.3 Legitimate Interests (GDPR Article 6(1)(f))

Where proportionate and not overriding your rights:

  • Improving Service quality and user experience
  • Detecting and preventing fraud or abuse
  • Analyzing usage patterns to enhance features
  • Ensuring Service security and stability

3. How We Use Your Information

3.1 Primary Purposes

To Provide the Service:

  • Create and manage your account
  • Authenticate your identity
  • Track your recovery progress
  • Provide AI chat support
  • Store your journal entries and personal notes
  • Send milestone celebrations and reminders
  • Deliver push notifications (with your permission)

To Improve the Service:

  • Analyze anonymized usage patterns
  • Improve AI chat responses and accuracy
  • Develop new features based on user needs
  • Fix bugs and technical issues
  • Understand how features are used

To Communicate with You:

  • Send service updates and important notifications
  • Respond to your support requests
  • Notify you of subscription changes
  • Provide critical safety information

3.2 What We Do NOT Do

We will NEVER:

  • Sell your personal data to third parties
  • Use your data for advertising purposes
  • Share your recovery information with anyone without your consent
  • Train AI models on your identifiable personal conversations
  • Contact you for marketing unless you opt in
  • Share data with insurance companies or employers
  • Provide your information to law enforcement without legal obligation

4. How We Share Your Information

4.1 We Do Not Share Your Personal Data

Your recovery journey is private. We do not share your identifiable personal information with third parties, except in the very limited circumstances described below.

4.2 Service Providers

We share minimal data with trusted service providers who help us operate:

Supabase (Database and Cloud Storage)

  • Location: Europe (GDPR-compliant servers)
  • Purpose: Secure data storage and authentication
  • Access: Only to data necessary for infrastructure services
  • Safeguards: Data Processing Agreement, encryption, EU-based servers

App Store Providers (Apple, Google)

  • Purpose: Process subscription payments, manage app distribution
  • Information shared: Email, subscription status, payment information
  • Governed by: Apple App Store and Google Play Store privacy policies

These providers are contractually obligated to:

  • Use data only for specified purposes
  • Maintain appropriate security measures
  • Comply with GDPR and data protection laws
  • Not share data with others

4.3 Legal Requirements

We may disclose your information if required by law:

  • To comply with legal obligations (court orders, subpoenas)
  • To protect rights, property, or safety of Flux23, users, or public
  • To prevent fraud or security threats
  • To respond to lawful requests by public authorities

Even in these cases, we will:

  • Disclose only the minimum information necessary
  • Notify you when legally permitted
  • Challenge overbroad or inappropriate requests

4.4 Business Transfers

If Flux23 is acquired or merged, your data may transfer to the successor. We will:

  • Notify you before transfer
  • Ensure the successor honors this Privacy Policy
  • Give you options regarding your data

4.5 With Your Consent

We may share information with your explicit consent for specific purposes you authorize.

5. How We Protect Your Information

5.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encryption of data at rest on our servers
  • Secure authentication protocols
  • Regular security audits and updates
  • Access controls and authentication requirements
  • Secure cloud infrastructure (Supabase, EU servers)

Organizational Safeguards:

  • Limited employee access to personal data
  • Confidentiality agreements for staff
  • Security training for team members
  • Data breach response procedures
  • Regular review of security practices

5.2 Anonymization of Chat Data

AI chat conversations are stored anonymously:

  • Separated from your account identifiers
  • Cannot be traced back to individual users
  • Used only in aggregate for Service improvement
  • Additional layer of privacy protection

5.3 Limitations

No system is 100% secure. While we use reasonable measures to protect your data, we cannot guarantee absolute security against:

  • Unauthorized access or hacking attempts
  • Data breaches beyond our control
  • Device-level security compromises

You can help protect your data by:

  • Using a strong, unique password
  • Not sharing your account credentials
  • Keeping your device secure
  • Logging out on shared devices
  • Updating the app regularly

5.4 Data Breach Notification

If a data breach occurs that poses a risk to your rights:

  • We will notify you within 72 hours of becoming aware
  • We will notify relevant supervisory authorities (GDPR requirement)
  • We will provide information about the breach and steps we're taking
  • We will advise you on protective measures

6. Data Retention

6.1 Retention Period

We retain your data only as long as necessary:

  • Account data: Until you delete your account
  • Recovery tracking data: Until you delete your account
  • Journal entries and notes: Until you delete them or your account
  • Chat conversations (anonymized): May be retained for Service improvement
  • Usage analytics: Aggregated data retained indefinitely (cannot identify individuals)

6.2 Account Deletion

When you delete your account:

  • Your personal data is permanently deleted from our systems
  • Anonymized chat data may remain (cannot identify you)
  • Aggregated analytics cannot be deleted (no individual identifiers)
  • Deletion occurs within 30 days
  • Some data may persist in backups for up to 90 days, then is permanently deleted

6.3 Legal Retention

We may retain data longer if:

  • Required by law (e.g., financial records for tax purposes)
  • Necessary for legal claims or disputes
  • You explicitly request preservation

7. Your Rights Under GDPR

As an EU resident (or under similar laws), you have the following rights:

7.1 Right to Access (Article 15)

You can request:

  • Confirmation of what personal data we hold about you
  • A copy of your personal data
  • Information about how we use your data

7.2 Right to Rectification (Article 16)

You can:

  • Correct inaccurate personal data
  • Update incomplete information
  • Edit your profile in the app settings

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data:

  • Through in-app account deletion
  • By contacting us directly
  • Immediate effect (with up to 30-day processing time)

Exceptions apply if we must retain data for legal obligations.

7.4 Right to Restrict Processing (Article 18)

You can request we limit how we use your data while:

  • You contest the accuracy of data
  • We assess whether you have grounds for erasure
  • You need data for legal claims

7.5 Right to Data Portability (Article 20)

You can request:

  • Your personal data in a structured, machine-readable format
  • Transfer of data to another service provider (where technically feasible)

7.6 Right to Object (Article 21)

You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.

7.7 Right to Withdraw Consent (Article 7)

You can withdraw consent at any time:

  • By deleting your account
  • By contacting us
  • Without affecting prior processing based on consent

7.8 Right to Lodge a Complaint

You have the right to complain to a supervisory authority:

  • Ireland (our location): Data Protection Commission (www.dataprotection.ie)
  • Your country: Your local data protection authority
  • This does not affect your right to judicial remedy

7.9 How to Exercise Your Rights

To exercise any rights:

Email: info@flux23.io
Subject line: "Data Rights Request"
Include: Your registered email address and specific request

We will respond within 30 days (may extend by 60 days for complex requests with notice).

No fee for most requests (we may charge for excessive or repetitive requests).

8. International Data Transfers

8.1 Where We Store Data

Your data is primarily stored in:

  • European Union: Supabase servers located in Europe
  • This ensures GDPR compliance and EU data protection standards

8.2 Global Access

While stored in the EU, the Service is accessible globally. You can access your data from anywhere.

8.3 Transfers Outside EU

If we ever transfer data outside the EU/EEA, we will ensure:

  • Adequate safeguards under GDPR (e.g., Standard Contractual Clauses)
  • Equivalent level of data protection
  • Notice to users before such transfers

Currently, no data is transferred outside the EU/EEA for storage.

9. Children's Privacy

9.1 Age Restriction

Flux23 is not intended for use by anyone under 18 years of age.

We do not knowingly:

  • Collect personal data from individuals under 18
  • Market to minors
  • Allow account creation for those under 18

9.2 Parental Notice

If we become aware that we have collected data from someone under 18:

  • We will delete the account and data immediately
  • We will notify the user (and parent/guardian if possible)
  • We will take steps to prevent future underage access

9.3 Parent/Guardian Rights

If you believe your child under 18 has created an account:

  • Contact us immediately at info@flux23.io
  • We will promptly delete the account and all associated data

10. Cookies and Tracking Technologies

10.1 Our Use

We use minimal tracking technologies:

Essential Cookies:

  • Authentication: Keep you logged in
  • Security: Protect against fraud
  • Functionality: Remember your preferences

Analytics (if implemented):

  • Usage patterns: Understand how features are used
  • Performance: Monitor app stability
  • Anonymized: Cannot identify individual users

10.2 We Do NOT Use

  • Advertising cookies or trackers
  • Third-party marketing pixels
  • Cross-site tracking
  • Social media tracking (unless you choose to share)

10.3 Your Choices

You can control cookies through:

  • Your device settings
  • App permissions
  • Opting out of non-essential analytics (if available in settings)

Note: Disabling essential cookies may impact Service functionality.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

11.1 Right to Know

  • What personal information we collect
  • How we use it
  • Whether we sell or share it (we do not)

11.2 Right to Delete

Request deletion of personal information (with exceptions for legal obligations).

11.3 Right to Opt-Out of Sale

We do NOT sell personal information. This right is not applicable to our practices.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

11.5 How to Exercise CCPA Rights

Contact us at info@flux23.io with "California Privacy Rights" in the subject line.

We will respond within 45 days.

12. Other Jurisdictions

12.1 UK Data Protection

If you are in the UK, you have rights similar to GDPR under UK data protection law. Contact the UK Information Commissioner's Office (ICO) to file complaints.

12.2 Other Countries

We respect privacy rights under applicable local laws. Contact us regarding specific rights in your jurisdiction.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in legal requirements
  • Service updates or new features
  • Improved privacy practices
  • Clarifications based on user feedback

13.2 Notice of Changes

We will notify you of material changes by:

  • Updating the "Last Updated" date
  • In-app notification
  • Email notification (for significant changes)
  • Posting notice on our website

13.3 Continued Use

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13.4 Right to Object

If you disagree with changes:

  • You may delete your account and stop using the Service
  • Major changes may provide additional options or consent requirements

14. Third-Party Links and Services

14.1 External Resources

Flux23 may link to:

  • Crisis hotlines and support services
  • Educational resources
  • Emergency services

14.2 Not Our Responsibility

These external services:

  • Have their own privacy policies
  • Are not controlled by Flux23
  • May collect their own data

14.3 Review Their Policies

We encourage you to review the privacy policies of any third-party services you use.

15. Data Protection Officer

15.1 Contact Our DPO

For data protection concerns, you may contact our Data Protection Officer:

Email: info@flux23.io
Subject: "Data Protection Inquiry"

15.2 DPO Responsibilities

Our DPO oversees:

  • GDPR compliance
  • Data protection practices
  • Responding to data rights requests
  • Liaising with supervisory authorities

16. Your Choices and Controls

16.1 Account Settings

You control your data through:

  • In-app settings: Update email, manage data
  • Account deletion: Permanently remove all data
  • Journal/note deletion: Remove specific entries

16.2 Push Notifications

You can control notifications:

  • Through the app settings
  • Through your device settings
  • Opt in or out at any time

16.3 Email Communications

You can opt out of:

  • Non-essential emails (marketing, if any)
  • You cannot opt out of: Critical service updates, security alerts, account-related communications

16.4 Data Export

Request a copy of your data:

  • Email us at info@flux23.io
  • Receive data in machine-readable format
  • Within 30 days

17. Contact Us

17.1 Privacy Questions

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Flux23 Works Ltd
St Anne's
New Quay
Clonmel
Ireland

Email: info@flux23.io
Subject line for privacy matters: "Privacy Inquiry"

17.2 Data Rights Requests

To exercise your data rights (access, deletion, portability, etc.):

Email: info@flux23.io
Subject line: "Data Rights Request"
Include:

  • Your registered email address
  • Specific right you wish to exercise
  • Any relevant details

17.3 Response Time

We will respond to your inquiries within:

  • 30 days for most requests (GDPR requirement)
  • 45 days for CCPA requests
  • May extend by additional period for complex requests (with notice)

17.4 Support

For general support (not privacy-related):
Email: info@flux23.io

18. Additional Information for Specific Users

18.1 Healthcare Professionals

If you are a healthcare professional recommending Flux23:

  • You are responsible for your own patient data practices
  • Flux23 does not have access to your patient records
  • We do not create HIPAA business associate relationships
  • Ensure your recommendation complies with your professional obligations

18.2 Emergency Situations

Important: If you disclose information indicating immediate danger to yourself or others:

  • We may be legally obligated to disclose to authorities
  • This overrides normal confidentiality practices
  • Your safety is our priority

In practice, our AI attempts to direct you to emergency services, but we cannot guarantee response time or intervention.

19. Privacy by Design

19.1 Our Commitment

We build privacy into Flux23 from the ground up:

  • Collect only necessary data
  • Anonymize where possible
  • Limit data access internally
  • Regular privacy reviews
  • User control over their data

19.2 Minimal Data Collection

We deliberately do not collect:

  • More data than necessary
  • Sensitive data unrelated to recovery support
  • Data that can identify you beyond what's required for the Service

19.3 Transparency

We commit to:

  • Clear explanations of data practices
  • Honest communication about changes
  • Accessible privacy controls
  • Responsive to your questions and concerns

20. Accountability

20.1 Our Responsibilities

We are responsible for:

  • Complying with data protection laws
  • Protecting your personal data
  • Processing data only as described in this policy
  • Responding to your rights and requests
  • Maintaining records of processing activities

20.2 Your Responsibilities

You are responsible for:

  • Providing accurate information
  • Keeping your password secure
  • Using the Service in accordance with Terms of Service
  • Notifying us of unauthorized access
  • Seeking appropriate professional help for your recovery

21. Summary

What we collect: Email, recovery tracking data, journal entries, chat conversations (anonymized), usage data

Why we collect it: To provide the Service, improve features, support your recovery journey

How we protect it: Encryption, secure EU servers, access controls, anonymization

Who we share with: Service providers only (Supabase, app stores), never sell data

Your rights: Access, delete, correct, export, object - you control your data

How long we keep it: Until you delete your account

Your choice: You can delete your account and all data at any time

Your privacy matters. Your recovery matters. We're committed to protecting both.

This Privacy Policy was last updated on November 17, 2025.

For questions or concerns, contact us at info@flux23.io