Logo

Enterprise Privacy

How we handle data, credentials, and confidentiality during Enterprise engagements.

Last updated: april 17, 2026

Enterprise Privacy Overview

This policy covers Enterprise engagements with Flux Theme — custom builds, dedicated support, and white-label licensing. It supplements our general Privacy Policy and applies to information exchanged during scoping, development, and post-launch support.

Information We Collect

During an Enterprise engagement we may receive project briefs, brand assets, API credentials, staging environment access, and contact details for stakeholders. We only collect what is necessary to scope, build, and deliver the project.

Credentials & Access

When you share access to third-party systems (Stripe, Supabase, Vercel, Clerk, PostHog, etc.) we use short-lived tokens or scoped service accounts wherever possible. Credentials are stored in an encrypted secrets manager and revoked at handoff.

Client Data & Confidentiality

All project materials — code, designs, customer data, business plans — are treated as confidential. We do not use your data to train models, share it with third parties, or reference it in public case studies without written consent.

Subprocessors

We may use vetted subprocessors for hosting (Vercel), payments (Polar.sh), analytics (PostHog), and transactional email (Resend). A current list is available on request and will be disclosed before any Enterprise engagement begins.

Data Retention & Handoff

At project handoff you receive full ownership of the codebase, assets, and any data migrated during the engagement. Our working copies of source code and credentials are archived for 90 days for warranty support, then permanently deleted.

Security Practices

All laptops are full-disk encrypted with auto-lock enabled. Code is stored in private GitHub repositories with 2FA enforced. Staging environments are password-protected or IP-restricted. No client data is stored on personal devices.

Incident Response

If we become aware of a data incident affecting your engagement, we will notify your primary contact within 24 hours with known scope, affected systems, and mitigation steps. A written post-mortem follows within 7 days.

NDAs & Custom DPAs

We're happy to sign your NDA or Data Processing Agreement before the discovery call. If you need a custom MSA or SOW with specific data protection clauses, mention it in your quote request and we'll accommodate standard enterprise terms.

GDPR & International Transfers

For EU-based clients we act as a data processor under GDPR. Any personal data processed during the engagement remains on EU infrastructure unless you explicitly approve transfer. Standard Contractual Clauses are available on request.

Your Rights

You retain full rights over all data shared with us during the engagement. You may request access, correction, export, or deletion at any time by emailing enterprise@flux-theme.online.

Contact

For Enterprise privacy, security, or compliance questions, reach us at enterprise@flux-theme.online. We aim to respond within 1 business day for active engagements and 2 business days for prospects.

I cook delicious web design for startup founders

Discover how I can create tasty landing pages, engaging visitor into customer

Get in touch