Logo

Privacy Policy

Understand how we handle your data and protect your privacy.

Last updated: january 9, 2026

Privacy Policy

This website is operated by Flux Theme. We are committed to protecting your privacy while collecting only what is necessary to improve our services and your experience.

What We Collect — Analytics Data

We use PostHog for privacy-friendly, cookie-free analytics. No cookies, no personally identifiable information, and no IP addresses are stored. We collect only anonymous metrics such as page views, session duration, and device type.

What We Collect — Account & Payment Data

Account and payment data are handled securely by Polar.sh in accordance with their Privacy Policy. Flux Theme does not store, process, or have access to your payment information.

Why We Collect It

Analytics help us understand how visitors use flux-theme.online, improve site performance and user experience, and make data-driven decisions based on legitimate business interest — never for advertising or resale.

Who Has Access

PostHog processes anonymous analytics data on our behalf. Polar.sh handles all customer and payment data independently. No personal data is sold, shared, or transferred to any third party for commercial purposes.

Data Retention

Analytics data is aggregated and fully anonymized — no personal data is stored. Account data is retained for as long as you maintain an active account or as required by applicable law.

Your Rights Under GDPR

You have the right to access, rectify, or delete your data; object to processing; and request data portability. To exercise any of these rights, contact us at contact@flux-theme.online.

Opting Out of Analytics

Because PostHog does not use cookies or store personal data, no opt-out mechanism is required. If you wish to verify or request deletion of any account-related data, contact us directly.

International Data Transfers

Analytics data may be processed on PostHog servers located in the EU or US, with appropriate safeguards in place. Payment and account data is handled by Polar.sh with full data protection compliance.

Contact Us

Questions or concerns about this Privacy Policy? Reach us at contact@flux-theme.online. We aim to respond within 2 business days.

Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with the updated date. Continued use of flux-theme.online after changes are posted constitutes acceptance of the updated policy.

Enterprise Privacy Overview

This policy covers Enterprise engagements with Flux Theme — custom builds, dedicated support, and white-label licensing. It supplements our general Privacy Policy and applies to information exchanged during scoping, development, and post-launch support.

Information We Collect

During an Enterprise engagement we may receive project briefs, brand assets, API credentials, staging environment access, and contact details for stakeholders. We only collect what is necessary to scope, build, and deliver the project.

Credentials & Access

When you share access to third-party systems (Stripe, Supabase, Vercel, Clerk, PostHog, etc.) we use short-lived tokens or scoped service accounts wherever possible. Credentials are stored in an encrypted secrets manager and revoked at handoff.

Client Data & Confidentiality

All project materials — code, designs, customer data, business plans — are treated as confidential. We do not use your data to train models, share it with third parties, or reference it in public case studies without written consent.

Subprocessors

We may use vetted subprocessors for hosting (Vercel), payments (Polar.sh), analytics (PostHog), and transactional email (Resend). A current list is available on request and will be disclosed before any Enterprise engagement begins.

Data Retention & Handoff

At project handoff you receive full ownership of the codebase, assets, and any data migrated during the engagement. Our working copies of source code and credentials are archived for 90 days for warranty support, then permanently deleted.

Security Practices

All laptops are full-disk encrypted with auto-lock enabled. Code is stored in private GitHub repositories with 2FA enforced. Staging environments are password-protected or IP-restricted. No client data is stored on personal devices.

Incident Response

If we become aware of a data incident affecting your engagement, we will notify your primary contact within 24 hours with known scope, affected systems, and mitigation steps. A written post-mortem follows within 7 days.

NDAs & Custom DPAs

We're happy to sign your NDA or Data Processing Agreement before the discovery call. If you need a custom MSA or SOW with specific data protection clauses, mention it in your quote request and we'll accommodate standard enterprise terms.

Enterprise GDPR & International Transfers

For EU-based clients we act as a data processor under GDPR. Any personal data processed during the engagement remains on EU infrastructure unless you explicitly approve transfer. Standard Contractual Clauses are available on request.

Enterprise Client Rights

You retain full rights over all data shared with us during the engagement. You may request access, correction, export, or deletion at any time by emailing contact@flux-theme.online..

Enterprise Contact

For Enterprise privacy, security, or compliance questions, reach us at contact@flux-theme.online.. We aim to respond within 1 business day for active engagements and 2 business days for prospects.

I cook delicious web design for startup founders

Discover how I can create tasty landing pages, engaging visitor into customer

Get in touch