fluxerapp/fluxer
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor progress

Browse Source
This commit is contained in:
Hampus Kraft
2026-02-17 12:22:36 +00:00
parent cb31608523
commit d5abd1a7e4
8257 changed files with 1190207 additions and 761040 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
packages/marketing/src/content/help/Metadata.tsx Normal file
View File

@@ -0,0 +1,115 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
/** @jsxRuntime automatic */
/** @jsxImportSource hono/jsx */
export interface HelpArticleMetadata {
slug: string;
title: string;
description: string;
category: string;
lastUpdated: string;
}
export const HELP_ARTICLE_METADATA: ReadonlyArray<HelpArticleMetadata> = [
{
slug: 'regional-restrictions',
title: 'Regional restrictions',
description:
'How regional age verification laws affect your access to Fluxer, which regions are currently affected, and what restrictions apply.',
category: 'Platform',
lastUpdated: '2026-02-16',
},
{
slug: 'attachment-expiry',
title: 'How attachment expiry works',
description: 'How we set attachment expiry, how access can extend it, and what to do before a file is removed.',
category: 'Files',
lastUpdated: '2026-02-16',
},
{
slug: 'delete-account',
title: 'How to delete or disable your account',
description: 'How to permanently delete or temporarily disable your Fluxer account, and what happens to your data.',
category: 'Account',
lastUpdated: '2026-02-16',
},
{
slug: 'data-deletion',
title: 'Requesting data deletion',
description: 'How to delete your messages and other data from Fluxer.',
category: 'Account',
lastUpdated: '2026-02-16',
},
{
slug: 'data-export',
title: 'Exporting your account data',
description: 'How to request and download a complete export of your Fluxer data.',
category: 'Account',
lastUpdated: '2026-02-16',
},
{
slug: 'change-date-of-birth',
title: 'How to change your date of birth',
description: 'How to update your date of birth on Fluxer by contacting our support team.',
category: 'Account',
lastUpdated: '2026-02-16',
},
{
slug: 'report-bug',
title: 'Reporting a bug',
description: 'How to file clear, high-quality bug reports for Fluxer Support or our GitHub.',
category: 'Support',
lastUpdated: '2026-02-16',
},
{
slug: 'copyright',
title: 'Copyright and IP policy',
description: 'How to report suspected copyright or intellectual property violations on Fluxer.',
category: 'Legal',
lastUpdated: '2026-02-16',
},
{
slug: 'data-retention',
title: 'How long Fluxer keeps your information',
description: 'How long Fluxer retains different types of information and why we keep it.',
category: 'Privacy',
lastUpdated: '2026-02-16',
},
{
slug: 'dsa-dispute-resolution',
title: 'EU DSA dispute resolution options',
description: 'How EU users covered by the Digital Services Act can exercise their rights on Fluxer.',
category: 'Legal',
lastUpdated: '2026-02-16',
},
{
slug: 'visionary',
title: 'What was Fluxer Visionary?',
description:
'Fluxer Visionary was a limited lifetime Plutonium offering that sold out in February 2026. Learn about the numbered badge and what Visionary includes.',
category: 'Premium',
lastUpdated: '2026-02-17',
},
];
export function getHelpArticleMetadata(slug: string): HelpArticleMetadata | null {
return HELP_ARTICLE_METADATA.find((article) => article.slug === slug) ?? null;
}

43
packages/marketing/src/content/help/attachment-expiry.md Normal file
View File

@@ -0,0 +1,43 @@
Fluxer automatically expires older attachments. Smaller files stay available longer; bigger ones expire sooner. If people view a message with a file when it is close to expiring, we extend it so it stays available.
## How expiry is decided
- The clock starts when you upload.
- Files **5 MB or smaller** keep links for about **3 years** (the longest window).
- Files near **500 MB** keep links for about **14 days** (the shortest window).
- Between 5 MB and 500 MB, larger files get shorter windows and smaller files get longer ones.
- Files over 500 MB are not accepted on the current plan.
## Extending availability when accessed
If a message with a file is loaded and the remaining time is inside the renewal window, we push the expiry forward. The renewal window depends on size: small files can renew up to about **30 days**; the largest files renew up to about **7 days**.
One view is enough to refresh it you don't have to click or download the file. Multiple views inside the same window don't stack. The total lifetime is capped to the size-based budget, so repeated renewals can't keep a file available indefinitely.
## What happens after expiry
We regularly sweep expired attachments and delete them from our CDN and storage. There can be a short delay after the expiry time before removal.
## Why we expire attachments
- **Storage fairness**: Large media is costly to keep forever; expiring it keeps things fair for everyone.
- **Safety and privacy**: Clearing out long-lived uploads reduces the chance that old sensitive files linger.
- **Predictable limits**: Clear timeframes help you download what you need to keep.
## Keeping important files
Download attachments you need before they expire. For full account exports (including attachment URLs), see [Exporting your account data](/help/data-export).
## Frequently asked questions
**Does Plutonium extend file expiry?**
Not at this time. All users are subject to the same limits.
**Do I need to click or download a file to keep it available?**
No. Viewing the message in chat or search is enough.
**What about Saved Media?**
Saved Media lets you keep up to **50** files (or **500** with Plutonium). Saved Media is **not** subject to attachment expiry.
**Can I hide the expiry indicator?**
Yes. Go to User Settings > Messages & Media > Media and toggle off "Show Attachment Expiry Indicator".

17
packages/marketing/src/content/help/change-date-of-birth.md Normal file
View File

@@ -0,0 +1,17 @@
Your date of birth can't be edited directly in the app. If it's wrong, our support team can update it for you.
## What you'll need
- A valid government-issued ID
- The correct date of birth
- A short explanation of why it needs to change (for example, a typo during sign-up)
## How to request a change
Email support@fluxer.app from the email address linked to your Fluxer account. Include the correct date of birth, a brief reason, and a clear photo of your ID.
## Things to know
- **One change per account**: For security reasons, we generally allow only one date of birth change.
- **Feature access**: If the new date of birth changes your eligibility for age-restricted features, your access will be updated to match.
- **ID handling**: Any ID you send is handled securely and deleted after verification is complete.

30
packages/marketing/src/content/help/copyright.md Normal file
View File

@@ -0,0 +1,30 @@
Fluxer respects the intellectual property of every creator and expects the same from the whole community.
## Filing a copyright complaint
Use our report form at <% app report %> and choose the copyright or intellectual property option, or email **dmca@fluxer.app** with the subject line "DMCA Takedown Request." Your notice should include:
- A description of the copyrighted work you believe has been infringed.
- The precise location of the infringing material on Fluxer (message links, channel IDs, etc.).
- A good faith statement that the disputed use is not authorised by you, your agent, or the law, and that the information in the notice is accurate.
- A statement under penalty of perjury that you are the rights holder or authorised to act on their behalf.
- Your contact information (mailing address, telephone number, and/or email).
- Your physical or electronic signature.
Do not file false or malicious reports, submit duplicates, or ask others to report the same content. Repeated violations may lead to account penalties.
## Counter-notices
If you believe content was removed by mistake, send a counter-notice to **dmca@fluxer.app** containing:
- Identification of the removed content and its location before removal (message links, channel IDs, etc.).
- A good faith statement that it was removed because of a mistake or misidentification.
- Your contact information (mailing address, telephone number, and/or email).
- A statement consenting to the jurisdiction of the Federal District Court for your district (or the Northern District of California if outside the US), and that you will accept service of process from the original complainant.
- Your physical or electronic signature.
Counter-notices with missing elements cannot be processed. Once we receive a valid counter-notice, we forward it to the complainant. Unless they file a court action, we may restore the material 1014 business days later at our discretion.
## Consequences
Repeat copyright or IP infringers may have their accounts terminated, and in serious cases we may take stronger enforcement actions.

21
packages/marketing/src/content/help/data-deletion.md Normal file
View File

@@ -0,0 +1,21 @@
You can delete your messages and other content at any time through the Privacy Dashboard or by contacting our privacy team.
## Delete all messages
1. Log in at <% app login %>.
2. Open Settings (cogwheel, bottom left).
3. Go to **Privacy Dashboard**.
4. Select the **Data Deletion** tab.
5. Click **Delete all my messages**.
Mass-deletion runs in the background and completes as soon as possible relative to the volume of messages you've sent.
## Delete specific data
Email **privacy@fluxer.app** from your account's registered email address with details of what you'd like removed.
## Before you delete
- Deleting a message also deletes its attachments. If you want to keep them, [export your data](/help/data-export) first.
- You cannot delete messages after your account is deleted. Handle your data before initiating [account deletion](/help/delete-account).
- Attachments expire based on size regardless of deletion; see [How attachment expiry works](/help/attachment-expiry).

25
packages/marketing/src/content/help/data-export.md Normal file
View File

@@ -0,0 +1,25 @@
You can request a complete export of your account data, including all messages and attachment URLs.
## How to request an export
1. Log in at <% app login %>.
2. Open Settings (cogwheel, bottom left).
3. Go to **Privacy Dashboard**.
4. Select the **Data Export** tab.
5. Click **Request Data Export**.
You can request an export once every **7 days**.
## What's included
- All your user account information
- All messages you've sent
- URLs to download any attachments from your messages
## Receiving your export
When ready, you'll receive an email with a download link to a zip file. The link is valid for **7 days**.
## Before you delete anything
The export includes URLs for downloading your attachments, but deleting a message also deletes its attachments. Download what you need before deleting messages or [deleting your account](/help/delete-account). Attachments also expire based on size; see [How attachment expiry works](/help/attachment-expiry).

36
packages/marketing/src/content/help/data-retention.md Normal file
View File

@@ -0,0 +1,36 @@
Our [Privacy Policy](/privacy) covers what we collect and how we use it. This article explains how long we keep different kinds of data.
## What we always keep
We keep the information needed to run your account and comply with the law: your username, email address, phone number, and basic usage data. Everything else is optional and you can remove it.
## What you can delete yourself
You can remove anything you've posted while you still have access to the space where you posted it:
- Delete individual messages or attachments directly inside Fluxer.
- Bulk delete via the Privacy Dashboard. See [Requesting data deletion](/help/data-deletion).
- For the full account deletion flow, see [How to delete or disable your account](/help/delete-account).
Deleted content is no longer visible to other users, though cached copies may take a short time to clear. For help deleting specific content, email **privacy@fluxer.app**.
## Retention until account deletion
Most personal information stays for as long as your account is active. Inactive accounts may be deleted after two years.
Account deletion completes after a **14-day** waiting period. During that time you can log in to cancel. After 14 days, we delete identifying information and anonymise the rest. Identifying data in backups can take up to 45 days to clear.
## Specific retention periods
- **Age verification IDs:** Deleted within 60 days after the appeal closes.
- **Backups:** 3045 days, then deleted.
- **Tax and legal records:** Kept for the period required by law.
- **Contact details after deletion:** 180 days for trust and safety. Up to two years if the account was flagged for Terms of Service violations.
- **Support conversations about data:** Up to five years after the ticket closes, for legal purposes.
- **Shared content:** Content you shared with others may remain visible after your account is deleted, but is no longer linked to you. Delete it before removing your account, or ask privacy@fluxer.app for help.
We keep aggregated or anonymised information (which can no longer identify you) indefinitely to understand platform trends.
## Your rights
Every user can manage their data inside Fluxer or by contacting **privacy@fluxer.app**. EU users have additional rights under the GDPR (access, rectification, erasure, restriction, portability, and objection), which you can exercise through your account or by emailing us.

33
packages/marketing/src/content/help/delete-account.md Normal file
View File

@@ -0,0 +1,33 @@
You can either disable or delete your account from your account settings.
## How to get there
1. Log in at <% app login %>.
2. Open Settings (cogwheel, bottom left).
3. Go to **Security & Login**.
4. Choose **Delete account** or **Disable account**.
## Deleting your account
Deleting schedules permanent removal in **14 days**. During that period you can cancel by logging in again. After the 14 days, your account and data are permanently removed.
Inactive accounts are automatically deleted after 2 years.
### Messages
Your messages remain on the platform unless you delete them first:
- **Bulk delete**: Use the Privacy Dashboard to delete all messages at once. See [Requesting data deletion](/help/data-deletion).
- **Export first**: Export your data before deleting anything. See [Exporting your account data](/help/data-export).
- **Specific deletion**: Email **privacy@fluxer.app** from your registered address to request deletion of specific data.
You cannot delete your messages after your account is deleted handle your data first.
## Disabling your account
Disabling logs you out of all devices. Your account stays on the platform but is inaccessible until you log in again.
## At a glance
- **Disable**: Logs you out of all devices. Log in again any time to re-enable.
- **Delete**: Permanent removal after 14 days. Log in within that window to cancel.

22
packages/marketing/src/content/help/dsa-dispute-resolution.md Normal file
View File

@@ -0,0 +1,22 @@
This article explains how EU users covered by the European Union's Digital Services Act (DSA) can exercise certain rights. Parts of the DSA only apply to online platforms and to specific types of decisions, so not every report or action on Fluxer is eligible for DSA handling.
## Reporting illegal content under the DSA
We work hard to remove violative content and bad actors from Fluxer. The easiest way to report content that violates our Terms of Service or Community Guidelines is through our in-app reporting surfaces inside Fluxer. Certain EU users also have the option to flag illegal content under the DSA through our web form at <% app report %>.
## DSA appeals rights
If the DSA applies to you and you disagree with one of the decisions listed below, you have six months from the date of the violation notice to appeal through our internal appeals process. You can find the link to appeal on the notice itself.
The DSA appeals mechanisms only apply to decisions that are based on a finding that the information provided is illegal or violates our Terms of Service, such as:
- removing or disabling access to content, or restricting its visibility;
- suspending or terminating access to Fluxer (either in whole or in part);
- suspending or terminating a user's Fluxer account;
- suspending, terminating, or restricting a user's ability to monetize their Fluxer activity.
## Out-of-court dispute settlement
You may also have the option of choosing an out-of-court settlement body that has been certified by a Digital Services Coordinator in an EU Member State to help resolve a dispute related to any of the decisions listed above. [The European Commission](https://commission.europa.eu/index) maintains a website that lists those settlement bodies as they become certified.
Fluxer will cooperate with such a settlement body when required by law, but we are not bound by the decisions they issue. We also reserve the right not to engage with an out-of-court settlement body if the same dispute (same information and grounds) has already been resolved.

67
packages/marketing/src/content/help/regional-restrictions.md Normal file
View File

@@ -0,0 +1,67 @@
Some regions have enacted laws that require online platforms to verify users' ages using methods we are either unable or unwilling to implement, such as government-issued ID uploads, biometric scans, or mandatory third-party age verification services. Rather than implement these methods, we restrict access to Fluxer from affected regions.
Fluxer is a communication platform, not a social media service or an adult content website. Many age verification laws define those terms in ways that do not cover a platform like ours. We assess each law individually and only apply restrictions where we believe the law genuinely applies to Fluxer.
## How we determine your region
We use IP geolocation (MaxMind data via a Cloudflare Worker we control) to determine your approximate location when you connect. This check is used solely for regional access eligibility. See [Section 3.2 of our Privacy Policy](/privacy#32-ip-address-geolocation) for details.
IP geolocation is not perfect. If you are travelling, using a VPN, or your IP address does not reflect your actual location, you may be affected by restrictions that do not apply to your home region.
## Currently affected regions
If a region is not listed here, no restriction applies.
### Mississippi (United States)
**Restriction:** Full platform you cannot register, sign in, or access Fluxer from this region.
Mississippi's HB 1126 (Walker Montgomery Protecting Children Online Act) applies to services that allow users to socially interact, create profiles, and post content viewable by others including in chat rooms. In our reading, this is broad enough to cover Fluxer. The law's messaging exemption only covers services that facilitate "only" email or direct messaging, which does not apply to a platform with communities and channels. The law requires age verification for all users and parental consent for users under 18.
The law was initially blocked by a district court, but the Fifth Circuit reversed that decision in April 2025, and in August 2025 the Supreme Court declined to re-block it. The constitutional challenge is ongoing, but the law is enforceable while litigation continues.
If you have an existing account, your data remains intact. If the restriction is lifted or you access Fluxer from an unrestricted region, your account will be available as normal.
### United Kingdom
**Restriction:** Age-restricted content you can use Fluxer normally, but NSFW channels and communities are hidden and inaccessible.
The Online Safety Act 2023 regulates "user-to-user services" broadly, any internet service where content from one user can be encountered by another. Unlike many US laws, it does not use "social media" as a legal category. The Act exempts email, SMS, and one-to-one phone calls, but not messaging or group communication platforms. In our reading, Fluxer falls under Part 3 of the Act, which requires age assurance for specific harmful content rather than age-gating the entire platform. Because Fluxer's purpose is communication, not hosting pornographic content, we restrict access to NSFW content only.
Enforceable since 25 July 2025.
## Laws that do not apply to Fluxer
Several US states have enacted age verification laws whose definitions do not cover Fluxer. We do not restrict access in these states.
**Social media laws:** These laws typically define "social media platform" using criteria like algorithmic content feeds, public profiles, or public social connection lists. Fluxer displays messages chronologically (no algorithmic feed), keeps friend lists private, and is primarily a communication tool not a content publishing or social networking platform.
- **Tennessee** (HB 1891): The law targets services where users communicate "through posts" made available for others to "consume." We read "consume" as implying passive content viewing, not active conversation. The law does not mention chat rooms or messaging, and its title, framing, and litigation all focus on traditional social media.
- **Florida** (HB 3): Requires platforms to employ algorithms that analyse user data to select content. Fluxer does not do this.
- **Virginia** (SB 854): Requires users to populate a public list of social connections. Fluxer's friend lists are private.
**Adult content laws:** These laws target websites whose business involves hosting adult content. Fluxer's business is providing communication tools. We do not create, market, or profit from adult content. NSFW content on Fluxer is optional, user-generated, and a small fraction of platform activity.
- **South Dakota** (HB 1053), **Wyoming** (HB 43): "Regular course of business" standard hosting adult content is not part of ours.
- **Ohio** (ORC 1349.10 via HB 96): "Significant or substantial portion" threshold NSFW content is a small fraction of Fluxer's content. The law also exempts interactive computer services under Section 230.
- **Arizona** (HB 2112): One-third content threshold well above Fluxer's NSFW content fraction.
**Social media laws blocked by courts:** Louisiana (HB 440), Arkansas (SB 396 (Act 689)), Ohio (HB 33), Georgia (SB 351), Utah (SB 194/HB 464), and Texas (HB 18) have all been enjoined. We will reassess if any take effect.
## Why we take this approach
Implementing invasive age verification requires collecting sensitive personal data including government IDs from every user, in places such as Mississippi. For a small, independent platform, this is not feasible without significant resources and without introducing new privacy and security risks. We believe these systems are disproportionate and create new attack surfaces for data breaches.
Where we can comply with a law by restricting specific content rather than collecting invasive data, we do so. Where the law does not leave us that option, we restrict access entirely. Where a law does not cover a platform like Fluxer, we do not restrict access unnecessarily.
We monitor legislative developments and court decisions, and we update this page whenever we add, change, or remove a restriction.
## What to do if you think a restriction is wrong
If you believe your access has been restricted incorrectly for example, because you are travelling or using a VPN contact us at privacy@fluxer.app with your username and a description of the issue.
Under applicable data protection laws (such as GDPR), you may have the right to obtain human review of automated decisions that significantly affect you. We honour those rights as described in [Section 10 of our Privacy Policy](/privacy#10-your-privacy-rights).
## Contact
For questions about regional restrictions, contact privacy@fluxer.app. For general information about how we handle your data, see our [Privacy Policy](/privacy).

28
packages/marketing/src/content/help/report-bug.md Normal file
View File

@@ -0,0 +1,28 @@
Use this guide to file a clear report so we can reproduce and fix the bug quickly. Screenshots, short screen recordings, and relevant logs or files speed up diagnosis.
## Bug report template
**Title:** Be specific, e.g., Media upload stalls at 95%.
**Steps to reproduce:**
1. Step one (include exact clicks/taps, inputs, or shortcuts).
2. Step two.
3. Step three (note timing or ordering details).
**Expected result:** What you expected to happen.
**Actual result:** What happened instead (include exact errors or on-screen messages).
**System and client settings:** In User Settings, tap your client info at the bottom of the sidebar to copy it, then paste it here.
## Add evidence
Include anything that shows the issue screenshots, short videos, logs, or sample files/exports. More detail means faster help.
## Submit your report
Email support@fluxer.app with the filled template. A concise yet descriptive subject helps us triage faster. If you prefer GitHub, feel free to file issues in the [Fluxer GitHub repository](https://github.com/fluxerapp/fluxer).
## Security issues
If you believe the issue is security-related, visit our [Security Bug Bounty page](/security) instead of emailing Support. Follow the guidance there, include clear steps, why you think it is a security risk, and any impact you see. We respond quickly to assess, coordinate a fix, and discuss disclosure expectations.

28
packages/marketing/src/content/help/visionary.md Normal file
View File

@@ -0,0 +1,28 @@
Fluxer Visionary was a limited, one-time lifetime Plutonium offering available from **25 October 2025 to 17 February 2026**. Once roughly 1,000 copies sold out, the offer closed permanently it won't return.
Each Visionary purchase cost **$299** and grants the same benefits as a Plutonium subscription, with no ongoing payments required.
## Numbered badge
Every Visionary is assigned a sequence number based on when they purchased. You can choose to display a numbered badge on your public profile, letting others see how early you supported Fluxer. The badge is optional you can toggle it in **User Settings → Profile**.
## Benefits
Visionary grants all current and future [Plutonium](/plutonium) benefits for as long as Fluxer runs. There are no renewals and no expiry.
## Frequently asked questions
**Can I still buy a Visionary slot?**
No. Visionary sold out on 17 February 2026 and is not available for purchase.
**Does Visionary expire?**
No. It is a lifetime entitlement you will never be charged again.
**Can I gift or transfer a Visionary slot?**
No. Visionary was non-transferable and non-giftable during its sale window, and no new slots are available.
**What if I delete my account?**
Your Visionary entitlement is tied to your account. Deleting your account removes the benefit permanently with no refund.
**Is Visionary the same as Plutonium?**
Visionary is lifetime Plutonium. You get everything a Plutonium subscriber gets, plus the exclusive numbered Visionary badge.

74
packages/marketing/src/content/policies/Metadata.tsx Normal file
View File

@@ -0,0 +1,74 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
/** @jsxRuntime automatic */
/** @jsxImportSource hono/jsx */
export interface PolicyMetadata {
slug: string;
title: string;
description: string;
category: string | null;
lastUpdated: string;
}
export const POLICY_METADATA: ReadonlyArray<PolicyMetadata> = [
{
slug: 'terms',
title: 'Terms of Service',
description: 'The legal agreement between you and Fluxer that governs your use of our platform and services.',
category: 'Legal',
lastUpdated: '2026-02-13',
},
{
slug: 'privacy',
title: 'Privacy Policy',
description:
'How we collect, use, and protect your personal information when you use Fluxer. Your privacy matters to us.',
category: 'Legal',
lastUpdated: '2026-02-13',
},
{
slug: 'guidelines',
title: 'Community Guidelines',
description:
'The rules and expectations for participating in the Fluxer community. Help us keep Fluxer safe and welcoming.',
category: 'Community',
lastUpdated: '2026-02-13',
},
{
slug: 'security',
title: 'Security Bug Bounty',
description:
'Information about responsible disclosure and our security bug bounty program. Help us keep Fluxer secure.',
category: 'Security',
lastUpdated: '2026-02-13',
},
{
slug: 'company-information',
title: 'Company Information',
description: 'Legal information about Fluxer Platform AB, including our registered address and contact details.',
category: 'Legal',
lastUpdated: '2026-02-13',
},
];
export function getPolicyMetadata(slug: string): PolicyMetadata | null {
return POLICY_METADATA.find((policy) => policy.slug === slug) ?? null;
}

41
packages/marketing/src/content/policies/company-information.md Normal file
View File

@@ -0,0 +1,41 @@
Fluxer Platform AB is a Swedish limited liability company registered with the Swedish Companies Registration Office (Bolagsverket) under the laws of Sweden.
### Company Registration
**Organization Number:** 559537-3993
**VAT ID:** SE559537399301
### Registered Address
Fluxer Platform AB
Norra Kronans Gata 430
136 76 Brandbergen
Stockholm County, Sweden
### Contact Information
**Email:** support@fluxer.app (for account-related matters, please contact us from the email address associated with your Fluxer account where possible)
**Website:** [https://fluxer.app](https://fluxer.app)
### Authorized Representative
Hampus Kraft, Founder & CEO
### Specialized Contact Information
- **General Inquiries:** support@fluxer.app
- **Press & Media:** press@fluxer.app
- **Privacy & Data Protection:** privacy@fluxer.app (primary contact for privacy and data protection questions; we have not formally appointed a Data Protection Officer under GDPR)
- **Security Vulnerabilities:** See our [Security Bug Bounty page](/security) for disclosure guidance and contact information.
- **Copyright (DMCA):** dmca@fluxer.app
- **Trust & Safety:** safety@fluxer.app
- **Legal Requests:** legal@fluxer.app
- **Partnership Inquiries:** partners@fluxer.app
- **Accessibility:** accessibility@fluxer.app
- **Account Appeals:** appeals@fluxer.app
For information about how we handle legal and law-enforcement requests for user data, please see the "Law Enforcement and Legal Requests" section of our [Privacy Policy](/privacy).
For all account-related inquiries and support requests, we normally provide assistance only when you contact us from the email address associated with your Fluxer account. This is our primary method of verifying your identity and ensuring secure communication. If you no longer have access to that email address, we may require additional verification and might not always be able to help with account changes or recovery.
Fluxer will never request your password, complete payment card details, or other sensitive security credentials via email. All official Fluxer emails and communications originate from email addresses ending in `@fluxer.app` or `@m.fluxer.app`. Please be vigilant against phishing attempts using similar-looking domains or requesting sensitive information.

371
packages/marketing/src/content/policies/guidelines.md Normal file
View File

@@ -0,0 +1,371 @@
## Welcome to Fluxer
Fluxer is a platform designed for communication, connection, and community building. These community guidelines help ensure that everyone can use the platform safely and respectfully. They form an integral part of our Terms of Service, and violations may result in warnings, content removal, restrictions, or account suspension or termination.
These guidelines apply to all users of Fluxer without exception. They govern all interactions on the platform, including (but not limited to):
- direct messages;
- community communications;
- voice and video chats;
- user profiles and statuses; and
- any other areas where users interact with one another or share content.
Individual Communities may adopt their own rules, but those rules must always be consistent with these guidelines and our Terms of Service. Where there is a conflict, these guidelines and our Terms of Service take precedence.
## The Golden Rule
**Treat others with respect and consideration. If you would not want something done or said to you, do not do or say it to someone else.**
Fluxer is built for real people. Behind every username is a person who deserves to be treated with basic dignity.
## Positive Participation
We want Fluxer to be safe, welcoming, and constructive. You can help by:
- **Assuming good intent:** When something is unclear, ask for clarification before reacting.
- **Using content warnings and age markings where appropriate:** If you discuss potentially distressing, graphic, or adult topics, label them clearly and place them in age-appropriate spaces.
- **Setting and following clear community rules:** If you run a Community:
- make your rules clear, accessible, and easy to find;
- ensure they align with these guidelines and local law;
- enforce them fairly and consistently.
- **Onboarding new members kindly:** Help new members understand your Community rules. Avoid dogpiling or retaliation. Use your moderation tools instead.
- **Protecting privacy (yours and others'):** Share only what is necessary, and be cautious about exposing personal information that could affect safety.
- **Disagreeing constructively:** Challenge ideas, not people. It is fine to disagree, but personal attacks, harassment, or demeaning behavior are not acceptable.
- **Keeping safety in mind:** If you see behavior that looks dangerous, abusive, or clearly inappropriate, please report it rather than amplify it.
## Prohibited Conduct
These rules apply platform-wide. Communities can set stricter rules, but never more permissive ones.
The following behaviors are strictly prohibited on Fluxer and may result in enforcement action, including content removal, account restrictions, or bans.
### 1. Harassment and Bullying
Do not engage in harassment, bullying, or threatening behavior toward any person or group. This includes, but is not limited to:
- sustained harassment or coordinated attacks against individuals or groups;
- threats of any kind, whether direct or implied;
- doxxing (sharing someone's personal or identifying information without their explicit consent);
- targeted harassment, including repeated unwanted contact after being asked to stop;
- sexual harassment of any nature, including unwanted sexual comments, advances, or innuendo; and
- encouraging others to engage in harmful behavior toward someone.
We consider factors such as frequency, severity, power imbalances, and whether someone has clearly asked you to stop.
### 2. Hate Speech and Discrimination
We do not tolerate hate speech or discrimination based on any protected characteristics, including:
- race, ethnicity, or national origin;
- religious beliefs or practices;
- gender, gender identity, or gender expression;
- sexual orientation;
- disability or medical condition;
- age or generational status;
- immigration or citizenship status; or
- any other characteristic protected under applicable law.
This prohibition includes, for example:
- hate symbols and imagery used in a praising or celebratory way;
- derogatory slurs or dehumanizing language about protected groups;
- content that promotes or glorifies hateful ideologies; and
- calls for violence, segregation, or exclusion of protected groups.
Context matters (for example, historical discussion or condemnation of hate). However, we may remove content even when intent is ambiguous if it uses slurs, symbols, or narratives that are commonly understood as hateful.
### 3. Violence and Graphic Content
Do not share or promote:
- real-world graphic depictions of violence, gore, mutilation, or animal cruelty (including photographs, videos, or realistic recordings);
- content that promotes, encourages, or provides instructions for self-harm or suicide;
- detailed instructions or encouragement for violence or illegal activities; or
- content that glorifies, celebrates, or promotes violence, violent extremism, or acts of terrorism.
This restriction targets real-world media. Media presented as real-world, even if generated or edited, is treated the same as real-world footage. Fictional or artistic depictions of violence (for example, drawings, animation, games, or horror) are allowed in age-gated spaces with clear content warnings, provided they are not presented as real-world footage and are not used to glorify violence or target someone.
Non-graphic discussion of difficult topics is allowed only in appropriate contexts (for example, news or educational content), must include clear content warnings, and must be restricted to age-gated spaces when likely to be distressing.
### 4. Sexual Content and Protection of Minors
We have a zero-tolerance stance on child sexual exploitation.
- **Users under 18:** If you are under 18, you must not engage with, share, or distribute any sexual or sexually suggestive content.
- **Content involving minors (real or fictional):** No user may share, distribute, request, or possess sexual or sexually suggestive content involving minors (whether real, fictional, or simulated). This includes "age play" or any portrayal that sexualizes minors.
- **Child sexual abuse material (CSAM):** CSAM is strictly prohibited and will be reported to law enforcement authorities as required by law. We use automated tools and safety systems to detect and prevent CSAM in media where technically feasible and take immediate action when we identify it.
- **Adult content restrictions:** Adult content is only permitted in clearly marked 18+ spaces. Communities must apply an age restriction to the Community as a whole, to individual channels, or both. We may restrict or remove Communities that fail to enforce these requirements.
- **Non-consensual intimate media:** Never share intimate images, videos, or recordings of any person without their explicit consent. This includes "deepfakes", edited or simulated content that depicts someone in an intimate context without their permission.
- **Revenge porn and sexual exploitation:** Sharing intimate media to shame, coerce, or harm someone, or to obtain money, favors, or other benefits, is strictly prohibited.
### 5. Illegal Activities
Do not use Fluxer to facilitate, promote, or engage in illegal activities. This includes, but is not limited to:
- distribution or promotion of malware, viruses, or harmful software;
- fraud, scams, or deceptive practices (including phishing, impersonation, and financial scams);
- sale, distribution, or promotion of illegal goods, services, or controlled substances;
- copyright infringement or other intellectual property violations at scale or in a clearly abusive way;
- hacking, unauthorized access, or cyberattacks;
- money laundering, terrorist financing, or similar activities;
- evasion of lawful blocks or sanctions using the service (for example, using Fluxer where export control or sanctions laws prohibit it); or
- any other activity that violates applicable local, national, or international law.
We may cooperate with law enforcement where required by law or where we believe it is necessary to protect individuals from serious harm.
### 6. Spam and Platform Abuse
Do not abuse or misuse the Fluxer platform in the following ways:
- sending spam, bulk messages, or unsolicited commercial content;
- creating fake accounts or impersonating other individuals or entities;
- artificially inflating community member counts, engagement metrics, or reactions;
- buying, selling, renting, or trading Fluxer accounts or Communities;
- abusing our free tier as unlimited cloud storage rather than for legitimate communication;
- initiating fraudulent chargebacks or payment disputes to obtain free services or benefits; or
- using automation, bots, scrapers, or scripts to:
- evade limits;
- scrape or harvest data;
- mass-create accounts; or
- disrupt normal user experiences.
Limited automation that complies with our policies and applicable law may be allowed where explicitly permitted by Fluxer. Otherwise, automated abuse is prohibited.
### 7. Harmful Misinformation
Do not deliberately spread harmful misinformation that could:
- endanger public health or safety;
- interfere with democratic processes or civic participation;
- cause direct physical harm to individuals or communities; or
- damage critical infrastructure or essential services.
Examples include:
- false medical "cures" that could lead someone to avoid necessary treatment;
- calls to disable public safety systems or emergency services; or
- fabricated election procedures intended to confuse or disenfranchise voters.
We may remove or limit the reach of content that is demonstrably false and likely to cause harm. When assessing content, we consider context, source credibility, intent, and potential real-world impact.
### 8. Privacy Violations
Respect the privacy rights of all users. Do not:
- record voice or video communications without consent where legally required;
- circumvent, bypass, or attempt to defeat privacy settings, user blocks, or safety features; or
- engage in stalking, doxxing, surveillance, or other invasive monitoring of users on or off the platform in connection with their use of Fluxer.
If you are unsure whether something violates someone's privacy, err on the side of caution and do not share it.
## Reporting Violations
If you observe conduct or content that appears to violate these guidelines or our Terms of Service, please report it. You can:
- use the in-app reporting features available throughout the platform; and/or
- email our safety team at safety@fluxer.app.
When possible, please include:
- relevant screenshots or message excerpts;
- direct links to the content, message, or Community;
- user IDs or usernames; and
- a brief description of what is happening and why it concerns you.
Please do not engage in "vigilante justice". Do not harass, threaten, or doxx others in response to violations. Report issues to us and allow our moderation team to handle them appropriately.
We may not always be able to share the outcome of our actions with you, but we review reports in good faith and prioritize situations that present higher risk of harm.
## Enforcement Actions
When we identify violations of these community guidelines or our Terms of Service, we may take one or more of the following enforcement actions, depending on severity, context, and risk:
- issuing informal or formal warnings to the account holder;
- removing or restricting access to violating content;
- temporarily limiting or disabling specific features (for example, messaging or community creation);
- temporarily suspending account access;
- permanently banning accounts from the platform;
- restricting the ability to create, own, or manage Communities;
- deleting Communities that repeatedly or seriously violate our guidelines;
- restricting access to specific cosmetic items, premium services, or subscriptions; and/or
- reporting illegal content or serious threats to appropriate law enforcement or relevant organizations.
### How We Decide
When deciding on enforcement, we consider factors such as:
- the **severity** of the violation and the potential or actual harm caused;
- the **intent** of the user (for example, malicious vs. accidental);
- the user's **prior history** of violations or warnings;
- the **risk of future harm** if no action is taken;
- whether the content affects minors or vulnerable individuals; and
- whether applicable law requires us to act in a particular way.
General principles:
- We typically start with less severe measures (warnings, content removal, temporary restrictions) for minor or first-time violations.
- We may act immediately and permanently for egregious violations, such as:
- child sexual exploitation or CSAM;
- credible threats of serious violence; or
- large-scale or clearly malicious abuse, fraud, or hacking.
Automated tools may flag content or behavior for review, but enforcement decisions are made by humans, except in limited cases where we must automatically block certain content (for example, known CSAM hashes) or where automated integrity systems limit access as described in our [Privacy Policy](/privacy).
Some safety and integrity protections operate automatically. CSAM detection happens in real time during upload matching content is immediately rejected and not delivered to any user. Where required or permitted by law, we may preserve matched media and related records for reporting, legal compliance, and evidence preservation. Other automated protections (such as spam defenses and regional access restrictions based on IP geolocation) also operate automatically. These systems are designed to comply with applicable law, including any rights you may have in relation to automated decision-making as described in our [Privacy Policy](/privacy).
No moderation system is perfect. We may make mistakes, and that is why we provide an appeals process.
## Appeals Process
If you believe we made an error in enforcing these guidelines against your account or content, you may appeal our decision.
To appeal:
1. Send an email to appeals@fluxer.app from the email address associated with your Fluxer account.
2. Clearly state:
- the enforcement action you are appealing (for example, "7-day suspension on [date]" or "Community deletion"); and
- why you believe the decision was incorrect, incomplete, or disproportionate.
3. Include any relevant context or evidence (for example, message IDs, timestamps, or clarifications).
For security and verification reasons:
- We can only process appeals submitted from the email address associated with the affected account.
- We cannot accept appeals submitted on behalf of another user, except where supported by law (for example, authorized legal representatives).
Additional notes:
- **One appeal per enforcement action.** Submitting multiple appeals about the same decision will not expedite review.
- **Appeal window:** Please submit your appeal within 60 days of receiving the enforcement notice.
- **During review:** Temporary actions generally remain in place while we review your appeal.
- **Response times:** We aim to review and respond to appeals within 14 days where feasible, but this may vary depending on volume and complexity.
After review, our decision on the appeal is generally final. However, we may revisit past decisions if new, material information comes to light or if we update our policies in relevant ways.
## Special Considerations
### For Teenage Users
Users must meet the **Minimum Age** to use Fluxer as described in our [Terms of Service](/terms) and [Privacy Policy](/privacy). This Minimum Age is typically 13 but may be higher in some countries.
We determine eligibility based on your approximate geographic location and applicable laws. Users who are above the Minimum Age but under the age of legal majority in their jurisdiction (for example, under 18 in many countries) are treated as younger users for safety purposes.
- We may enable enhanced safety features by default for users we identify as under 18 (for example, stricter privacy defaults or restricted access to certain features).
- Certain types of content or Communities may be restricted based on age (for example, 18+ spaces and adult content).
- Communities focused on dating or romantic relationships between minors, or that sexualize minors in any way, are strictly prohibited.
- We maintain heightened vigilance regarding the safety of underage users and may take swift action in response to reports involving minors.
If you are under 18, please be especially cautious about sharing personal information, and do not meet people from Fluxer in person without involving a trusted adult and ensuring your safety.
### For Community Owners
If you own, create, or administer a Community:
- You are responsible for the content and behavior within your Community, including user-generated content and moderation practices.
- Use available tools to keep your Community safe and compliant, such as:
- moderation roles and permissions;
- content and membership controls; and
- age gates, labels, and clear descriptions for 18+ or sensitive spaces.
- Set clear, visible rules that are aligned with these guidelines and with the law, and enforce them fairly.
- You may set stricter rules than Fluxer's baseline, but not more permissive ones.
- Failure to moderate or address serious, repeated violations can lead to:
- restrictions on your Community;
- removal of your Community; and/or
- enforcement action against your account.
If you are unsure how to handle a safety issue that affects your Community, you can always report it to us or contact safety@fluxer.app for guidance.
### For Parents and Guardians
We understand that online safety is especially important for younger users.
- We provide safety resources and guidance on our website to help parents and guardians understand how Fluxer works and how to support young users.
- If you have concerns about your teenager's account, you can contact our support team. We may need to verify your relationship to the user before we can discuss or take action on a specific account.
- We take child safety extremely seriously and maintain strict policies to protect young users, including zero tolerance for child sexual exploitation and grooming.
If you believe a child is in immediate danger, please contact local emergency services first, then notify us.
### Self-Harm and Crisis Content
- Do not glorify, encourage, or provide instructions for self-harm, suicide, or eating disorders.
- Supportive, empathetic conversations about mental health are allowed, but they must not:
- provide instructions, methods, or planning details for self-harm, suicide, or eating-disorder behaviors;
- encourage or pressure anyone to harm themselves; or
- shame, harass, or attack people who are struggling.
- If you see content that suggests someone may be at imminent risk of self-harm or harm to others:
- report it via in-app tools or email safety@fluxer.app; and
- if you know the person and can safely do so, encourage them to seek professional support or contact local emergency services.
Fluxer is not a substitute for professional mental health care or emergency services.
## Updates to These Guidelines
We may update these community guidelines from time to time as:
- new features are introduced;
- community norms evolve; or
- laws and regulations change.
If we make significant changes:
- we will provide at least 30 days' notice where reasonably practicable, for example via email or in-app notifications; and
- we will maintain a changelog or archive of prior versions for reference.
Your continued use of Fluxer after updated guidelines take effect constitutes your acceptance of those changes. If you do not agree with updated guidelines, you should stop using Fluxer and may delete your account.
## Final Thoughts
The vast majority of Fluxer users engage with our platform responsibly and never have any issues with these guidelines.
If you:
- treat others with respect;
- use common sense and good judgment; and
- remember that there is a real person on the other side of every interaction,
you are very unlikely to experience any enforcement action from us.
Thank you for helping us keep Fluxer a safe, welcoming, and enjoyable place to connect and communicate.
## Need Help?
### General Questions
- **Email:** support@fluxer.app
### Safety Concerns
- **Email:** safety@fluxer.app
If you are unsure whether something violates these guidelines, you can ask our support or safety teams for clarification.
## Law Enforcement Requests
We recognize that law enforcement and other authorities may, in some circumstances, require information from us.
For more detailed information about how we handle such requests, please see the "Law Enforcement and Legal Requests" section of our [Privacy Policy](/privacy).
- Direct lawful process and urgent preservation requests to legal@fluxer.app.
- Requests must clearly identify the requesting authority, the legal basis, and the specific data requested.
- We may notify affected users of requests when permitted by law and where doing so would not pose a risk to safety, security, or legal obligations.
- We may reject or narrow overbroad, unsupported, or non-compliant requests.
- We handle all such requests in accordance with applicable law and our Privacy Policy.
## Safety and Crisis Resources
- If you or someone else is in **immediate danger**, contact your local emergency services first.
- For other urgent safety concerns on Fluxer (for example, threats, self-harm indications, or serious harassment), please:
- use in-app reporting tools; and/or
- email safety@fluxer.app with as much detail as possible so we can review quickly.
Fluxer cannot provide medical, psychological, or legal advice. However, we will do our best to respond to safety-related reports promptly and, where appropriate, may work with relevant services or authorities consistent with applicable law.

537
packages/marketing/src/content/policies/privacy.md Normal file
View File

@@ -0,0 +1,537 @@
## Privacy Policy Summary
We take your privacy seriously and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have.
In summary:
- We do not sell, rent, or trade your personal data to third parties. We also do not "sell" or "share" personal information for cross-context behavioral advertising as defined by the CCPA/CPRA in relation to Fluxer. When you interact with third-party content such as embedded YouTube videos, those third parties may collect and use information under their own privacy policies, which may include advertising in their own services.
- The service is not end-to-end encrypted, but we use strong encryption for data in transit and at rest.
- We aim to collect only the minimum data necessary to provide, secure, and improve our service.
- We do not train AI models on your messages, files, or any other content you create or share on Fluxer.
- You can export, manage, and delete your data through your privacy dashboard and related tools.
- We handle personal data in line with applicable privacy laws, such as GDPR in the EEA/UK and CCPA/CPRA in California, based on your location and use of our services.
- We log limited feature usage and operational events to keep the service reliable and secure. We do not use this data for behavioral advertising or cross-site tracking.
- Where we use automated systems that significantly affect your access to Fluxer (for example, regional eligibility checks based on IP geolocation), we do so in line with applicable law and describe your rights in this policy.
This summary is provided for convenience. You should read the full policy below to understand how we handle your information.
## 1. Who We Are
We are **Fluxer Platform AB**, a Swedish limited liability company (Swedish organization number: 559537-3993). We operate the Fluxer chat platform and related services.
Fluxer Platform AB is the "data controller" for your personal data when you use Fluxer, meaning we determine how and why your personal data is processed.
As a company based in Sweden, we are subject to and comply with European Union data protection laws, including the General Data Protection Regulation (GDPR).
You can find our contact details and our privacy contact's details in [Section 16](#16-contact-us).
## 2. Information We Collect
We collect information in three main ways: (1) information you provide to us, (2) information we collect automatically, and (3) information we receive from other sources.
### 2.1 Information You Provide to Us
This includes:
- **Account information:** Email address, username, password (stored using a modern, secure password hashing algorithm, currently Argon2id), date of birth, and optionally your phone number for two-factor authentication (2FA) or account recovery where available.
- **Content and communications:** Messages, files, images, voice and video communications (where supported), community information, reactions, and profile data (such as avatar, bio, and other information you choose to display). This also includes information about Communities you create or administer.
- **Support and correspondence:** Information you provide when you contact our support team or interact with customer service, including the content of messages, attachments, and any additional details you choose to provide.
- **Payment information:** If you purchase premium features (such as Fluxer Plutonium), payment processing is handled securely by Stripe. We do not store your full payment card details. Stripe provides us with limited information necessary to record and manage your purchases (for example, billing country, partial card details, payment status, and timestamps).
We do not require you to provide special categories of personal data (such as information about your health, religion, or political beliefs). If you choose to share such information in your messages or profile, you do so at your own discretion.
### 2.2 Information We Collect Automatically
When you use Fluxer, we automatically collect certain technical and usage information, including:
- **Device and technical information:** IP address, browser type and version, operating system, device type, device identifiers, language settings, and similar technical data.
- **Usage information:** Information about how you interact with Fluxer, such as:
- pages and screens visited within the app or site;
- features used (for example, voice calls, file uploads, reactions);
- timestamps and duration of sessions;
- approximate counts and types of events (for example, messages sent, communities joined), without reading message content for analytics; and
- crash reports and performance metrics.
- **Security and operational logs:** Data generated by our systems to maintain security and reliability, such as:
- login attempts and authentication events;
- changes to account settings;
- rate limits, API errors, and system errors;
- IP-based signals related to spam, abuse, or unusual behavior.
We use this information to secure the service, detect and prevent abuse, improve performance, and understand which features are being used so we can prioritize support and improvements. We do not use this information for behavioral advertising or cross-site tracking.
### 2.3 Information From Other Sources
We may also receive information about you from:
- **Other users:** When other users mention you, add you to Communities, send you messages, share content involving you, or otherwise interact with your account.
- **Service providers:** Limited operational information from our service providers, such as transactional email records from SendGrid, account verification records from Twilio, payment confirmations from Stripe, or security-related alerts from infrastructure providers.
- **Public or third-party sources:** In some cases, we may receive information from publicly available sources or trusted partners for security, anti-fraud, or compliance purposes (for example, checking whether an IP address is associated with known abuse).
We combine this information with the information we collect directly and automatically to help operate, secure, and improve our services.
## 3. How We Use Your Information
We use your information for the following purposes:
- To provide, operate, and maintain the Fluxer platform and services.
- To create and manage your account.
- To deliver your messages, media, and other content to the intended recipients.
- To secure your account and prevent unauthorized access.
- To detect, investigate, and prevent abuse, fraud, spam, and violations of our terms or community guidelines.
- To send important service updates, security alerts, and administrative messages.
- To process payments, manage subscriptions, and handle financial transactions.
- To understand which features are used and how the service performs, so we can prioritize support, fix issues, and plan improvements.
- To comply with legal obligations and respond to lawful requests.
- To protect the safety, rights, and property of our users, the public, and Fluxer.
We do not use your messages, files, or any other content you create or share on Fluxer for targeted advertising or for training AI models.
### 3.1 Lawful Bases for Processing (GDPR)
If you are in the EEA, UK, or another jurisdiction with similar requirements, our legal bases for processing your personal data include:
- **Contract necessity:** We process data that is necessary to provide the services you have requested under our Terms of Service, such as delivering messages, operating Communities, maintaining your account, and providing support.
- **Legitimate interests:** We process data based on our legitimate interests, such as:
- securing the platform and preventing fraud and abuse;
- maintaining and improving service reliability and performance;
- understanding how features are used at an aggregate level; and
- communicating with you about changes to our services or policies.
When we rely on legitimate interests, we balance our interests against your rights and expectations and implement safeguards to protect your privacy.
- **Legal obligations:** We process data when necessary to comply with legal obligations, such as:
- accounting, tax, and record-keeping;
- child protection and CSAM reporting obligations;
- responding to lawful requests from public authorities; and
- complying with applicable data protection, security, and consumer laws.
- **Consent:** In limited cases, we may rely on your consent, for example:
- where required to send certain types of optional communications; or
- where local law requires consent for specific processing or cookie use on our marketing site.
Where we rely on consent, you can withdraw it at any time in your settings or by contacting us. Withdrawing consent does not affect the lawfulness of processing that took place before the withdrawal.
### 3.2 IP Address Geolocation
We may geolocate your IP address at a coarse level (city, state/region, and country) for the following purposes:
- providing security alerts when logins occur from new or unusual locations;
- showing you where your account is currently logged in for security monitoring;
- preventing fraud, detecting abuse, and protecting platform integrity;
- determining regional age requirements and access eligibility based on local laws; and
- meeting legal obligations related to export control and sanctions.
We use IP geolocation databases that run locally on our servers for internal platform functions. To determine whether you can access the platform based on your region, we also use a Cloudflare Worker that we control, which returns MaxMind geolocation data provided by Cloudflare based on your IP address. This runs on Cloudflare's infrastructure using code we control and is used solely for regional access eligibility checks.
Some regions have enacted laws that require online platforms to verify users' ages using methods we are not able or willing to implement (for example, government ID uploads or biometric scans). The type and scope of these laws vary significantly between regions. Depending on what a given law requires, we may fully restrict platform access, or restrict only age-restricted content (such as NSFW channels and communities) while leaving the rest of the platform accessible. These restrictions are enforced using automated systems that rely primarily on IP geolocation and similar signals.
For full details on how these restrictions work, which regions are currently affected, and what each restriction means in practice, see our [Regional Restrictions](/regional-restrictions) page.
We generally do not manually override these automated determinations, but you may contact us at privacy@fluxer.app if you believe your access has been restricted in error (for example, if you are travelling or using a VPN and your IP address does not reflect your actual location). Where applicable data protection laws grant you rights in relation to automated decision-making (for example, under GDPR), we will honor those rights as described in [Section 10](#10-your-privacy-rights).
## 4. Who We Share Information With
We do not sell your personal data. We share information only in the following limited circumstances:
### 4.1 When You Direct Us to Share
We share your information when you intentionally interact with others on Fluxer, for example:
- when you send messages to other users;
- when you join or participate in Communities;
- when you share content publicly or with specific groups;
- when your profile information is visible to others according to your settings; and
- when you choose to connect to or use integrations or third-party services (where available).
In these cases, other users can see the information you choose to share, and they may further share or store it outside Fluxer. We encourage you to be mindful about the content you share and with whom.
### 4.2 With Service Providers
We work with trusted third-party service providers who process data on our behalf to help us operate Fluxer. These providers include:
#### Infrastructure and Data Storage
- **OVHcloud** primary hosting of our servers in Vint Hill, Virginia, USA.
- **Backblaze** encrypted backups stored in Amsterdam, Netherlands.
- **Cloudflare** content delivery network (CDN) for delivery and caching of user-generated content on the `fluxerusercontent.com` domain.
#### Security and Safety
- **Cloudflare** limited services, including:
- Turnstile CAPTCHA for bot prevention (primary CAPTCHA provider; see also hCaptcha below); and
- a Cloudflare Worker we control that returns MaxMind geolocation data for regional platform access eligibility checks.
- **hCaptcha** backup CAPTCHA provider; users can choose hCaptcha instead of Cloudflare Turnstile for bot prevention challenges.
- **Arachnid Shield API** CSAM scanning for user-uploaded media, operated by the Canadian Centre for Child Protection (C3P), as described in [Section 5](#5-content-scanning-for-safety).
#### Third-Party Content
- **Google** YouTube embeds.
- **KLIPY** GIF search.
To protect your privacy, we route all traffic to KLIPY through our servers, whether for search queries or for embedding their media in the app. This means your IP address and device identifiers are not visible to KLIPY for either search requests or when GIFs are displayed in Fluxer. For YouTube embeds, we fetch metadata server-side and only load a YouTube iframe from your device if and when you choose to play a video.
#### Payment and Communications
- **Stripe** payment processing for subscriptions and other purchases.
- **SendGrid** transactional email services.
- **Twilio** SMS-based account verification services.
- **Fastmail** support email infrastructure.
#### Other Services
- **Porkbun** domain registration services.
Many of these providers (for example, OVHcloud, Backblaze, Cloudflare, Stripe, SendGrid, Twilio, Fastmail, and Porkbun in its role as registrar) act as processors and process personal data only on our behalf, according to our instructions.
Other providers, such as Google (for YouTube videos), Cloudflare Turnstile, and hCaptcha, may also process some data as independent controllers when you interact directly with their services (for example, when you play an embedded YouTube video or complete a CAPTCHA). In those cases, your use of those services is also governed by their own terms and privacy policies.
Where required by law, we have data processing agreements and standard contractual clauses or equivalent safeguards in place with providers that process personal data on our behalf, and we take steps to minimize the amount of personal data shared with all providers (for example, by proxying GIF searches through our servers for KLIPY, and fetching YouTube metadata server-side).
### 4.3 When Required by Law or to Protect Rights
We may disclose your information if we reasonably believe it is necessary to:
- comply with a valid legal obligation, legal process, or enforceable governmental request;
- enforce our Terms of Service or other agreements;
- protect the safety, rights, or property of our users, the public, or Fluxer; or
- detect, prevent, or otherwise address fraud, security, or technical issues.
Where legally permitted and appropriate, we will attempt to notify you before disclosing your information in response to legal requests, especially if the request concerns your account or content.
### 4.4 Business Transfers
If we are involved in a merger, acquisition, reorganization, sale of assets, or similar transaction, your information may be transferred as part of that transaction. We will continue to protect your information in accordance with this policy and will notify you of any significant changes to how your data is handled.
## 5. Content Scanning for Safety
We use automated tools and, in limited circumstances, human review to help keep Fluxer safe and compliant with the law.
### 5.1 CSAM Scanning
We use the Arachnid Shield API, operated by the Canadian Centre for Child Protection (C3P), to help identify and block child sexual abuse material (CSAM) in user-uploaded media. This scanning is performed as follows:
- **How it works:** When media is uploaded, we securely transmit the full image or video file to the Arachnid Shield API over HTTPS for analysis. The API checks the file against C3P's database of known CSAM, which contains material that has been identified and confirmed by law enforcement and child safety organizations worldwide. This scanning happens synchronously during upload if a match is detected, the upload is immediately rejected and the content is not delivered to any user. Where required or permitted by law, we may preserve a copy of the matched media and relevant account and technical information solely for reporting, legal compliance, and evidence preservation.
- **No AI or content analysis:** This process does not use artificial intelligence, machine learning, or any form of automated content analysis. It only detects exact or near-exact matches of media that has already been identified and confirmed as CSAM by law enforcement or child safety organizations. Novel content that has not been previously identified cannot be detected by this system.
- **Secure file submission:** Image and video files are securely transmitted to the Arachnid Shield API over HTTPS for scanning. Files are processed in real-time and are not retained by C3P after processing.
- **What is scanned:** All user-uploaded media (for example, avatars, emojis, stickers, and file attachments) is subject to CSAM scanning before storage.
- **What is not scanned:** Text messages and the main Fluxer application traffic are not scanned by this tool.
- **Evidence retention:** If a match is detected, we may retain the matched media (or a limited evidentiary record, such as hashes, metadata, and logs) in a secure evidence store for the period required by law or as otherwise necessary for reporting and compliance. Evidence may be retained longer if subject to a legal hold or active investigation.
When a match is detected:
- The upload is immediately rejected and the content is not delivered to any user.
- We take appropriate action, which may include immediate account suspension.
- We are legally obligated to report confirmed CSAM to the National Center for Missing & Exploited Children (NCMEC), which may share reports with law enforcement agencies worldwide.
- Where required or permitted by law, we preserve the matched media and related records for reporting and evidence preservation, and disclose them to NCMEC and law enforcement as required.
### 5.2 Other Safety and Abuse Detection
In addition to CSAM scanning, we may use automated systems to:
- detect and block malware, phishing, spam, and other harmful or abusive content;
- prevent and mitigate harassment, raiding, or coordinated abuse;
- detect suspicious login attempts or access patterns; and
- enforce our Terms of Service and Community Guidelines.
These systems primarily rely on metadata, patterns, and signals such as frequency of messages, links, and other non-content indicators. We do not use your private messages or files to build behavioral advertising profiles.
Where necessary for enforcing our policies, ensuring safety, or responding to user reports, authorized staff may review specific content, subject to strict access controls and audit logging.
## 6. Data Storage and International Transfers
### 6.1 Where Your Data Is Stored
We store and process data in multiple locations in order to provide a reliable and performant service:
- **Primary servers:** OVHcloud data center in Vint Hill, Virginia, USA.
- **Encrypted backups:** Backblaze data center in Amsterdam, Netherlands.
- **User-generated content CDN:** Cloudflare edge locations worldwide (for content on the `fluxerusercontent.com` domain).
### 6.2 International Data Transfers
Because we operate globally and use service providers located in different countries, your data may be transferred to and processed in countries outside your own, including the United States. These countries may have data protection laws that are different from the laws of your country.
Where required by law (for example, under GDPR), we ensure that appropriate safeguards are in place for international transfers, such as:
- standard contractual clauses approved by the European Commission or UK authorities;
- data processing agreements with appropriate security and privacy commitments; and
- additional technical and organizational measures, such as encryption and access controls.
We do not transfer your data to third parties for their own independent advertising or marketing purposes without your explicit consent.
You can contact us for more information about the safeguards we use for international data transfers (see [Section 16](#16-contact-us)).
## 7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements.
### 7.1 Active Accounts
For active accounts, we generally keep your personal data for as long as you use Fluxer. This includes your messages, Communities, and other User Content while your account remains active, unless you delete specific content yourself.
### 7.2 Attachments and Expiry
Attachments may remain available only for a limited time. Their availability can depend on factors such as file size, age, and how often they are accessed.
Saved Media (your personal library of pinned files) is handled differently and is not subject to the same expiry rules as regular attachments.
For the current details of how attachment availability, expiry, and Saved Media work, see our [help article on attachment expiry](/help/attachment-expiry).
### 7.3 Deleted Content
When you delete messages or other content:
- We remove them from our active systems within a reasonable period of time.
- Deleted data may remain in our backup systems and certain logs for a limited period before being permanently removed, except where we are required by law to retain specific data for longer.
For user-generated content cached on Cloudflare's edge network, we use Cloudflare's cache purge API to invalidate cached attachments as soon as possible after deletion. In practice, there may be short delays due to rate limits and global propagation.
Current retention periods for deleted messages, account data, and related backups are described in [the guide to deleting or disabling an account](/help/delete-account) and [the article about requesting data deletion](/help/data-deletion).
### 7.4 Inactive Accounts and Account Deletion
We may delete accounts that are inactive for an extended period, and we also delete accounts when you request it or following certain enforcement actions, in line with our deletion procedures.
- For information about how we define inactivity, the steps that occur before deletion (including any notice periods), and what happens when you delete your account, see [the guide to deleting or disabling an account](/help/delete-account).
- For information about bulk deletion of your messages and other content before or after account deletion, see [the article about requesting data deletion](/help/data-deletion).
When an account is deleted:
- you lose access to the account and its associated data; and
- messages and content you posted in Communities or direct messages may remain visible to other users unless you delete them first (for example, via your Privacy Dashboard or the tools described in [the article about requesting data deletion](/help/data-deletion)).
### 7.5 Payment and Transaction Data
We retain transaction records and related data for the period required by accounting, tax, and other legal obligations. We do not store full payment card numbers. Stripe and other payment providers may retain payment data in accordance with their own legal obligations and policies.
### 7.6 Logs and Security Data
Security logs, audit logs, and usage logs are retained only for as long as necessary for security, fraud prevention, troubleshooting, and compliance, and are then deleted or anonymized. We may retain certain logs longer where necessary to investigate security incidents, comply with legal obligations, or resolve disputes. Where relevant, we describe retention periods for particular types of data in our help articles.
## 8. Your Privacy Controls
You have several tools and settings to help you manage your data and privacy on Fluxer.
### 8.1 Privacy Dashboard and In-App Controls
Through your Privacy Dashboard and account settings, you can:
- **Request a data export:** Request a full export of your account data (including messages and URLs to download attachments) via the Data Export tab. See [the help article on exporting your account data](/help/data-export) for current limits and details.
- **Download attachments:** Use the URLs in your data export to download attachments before deleting related messages or before attachments expire.
- **Delete messages:** Delete individual messages in-app. When you delete a message, any attachments in that message are also deleted from active systems and eventually from caches and backups, as described above.
- **Bulk deletion:** Delete all of your messages via the Data Deletion tab in the Privacy Dashboard. Processing may run in the background and can take time for large accounts. See [the article about requesting data deletion](/help/data-deletion) for details.
- **Account deletion:** Schedule deletion of your account, which completes after a grace period unless you sign in during that period to cancel. See [the guide to deleting or disabling an account](/help/delete-account) for how this works.
Attachments have expiry windows; if you want to keep specific files, download or move them (or save them to Saved Media) before they expire.
### 8.2 Requests by Email
If you need specific data removed or modified without deleting everything:
- Email privacy@fluxer.app from the email address associated with your Fluxer account.
- Clearly describe what you want us to do (for example, delete specific content, correct account information, or provide a data copy).
- We may ask for additional information to verify your identity and confirm that you control the account.
If you want a copy of your data before deleting messages or your account, request an export first and wait for the export to complete.
## 9. Data Security
We implement technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures include:
- industry-standard encryption for data in transit (TLS);
- strong encryption for data at rest on our servers and backups;
- secure, professionally managed data centers with physical security controls;
- regular security updates, patch management, and infrastructure hardening;
- rate limiting, anomaly detection, and other protections against abuse and attacks;
- strict access controls so that only authorized staff can access user data, on a need-to-know basis and for limited purposes; and
- regular encrypted backups for disaster recovery.
No online service can guarantee perfect security. We work continuously to improve our security posture and reduce risks.
### 9.1 Responsible Disclosure and Security Reports
If you discover a potential security vulnerability or issue:
- Visit our [Security Bug Bounty page](/security) and follow the reporting instructions there so we have enough detail to reproduce the issue.
- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to investigate and address it.
- We appreciate responsible disclosure and may acknowledge your contribution if you wish (subject to your consent).
### 9.2 Data Breaches
If we become aware of a data breach that has a material impact on your personal data, we will:
- investigate and take appropriate remedial steps;
- notify you without undue delay when legally required; and
- notify relevant supervisory authorities when required by law.
Notifications will include information about what happened, what data may be affected, and steps you can take to protect yourself.
## 10. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal data. These rights may include, for example under GDPR (EEA/UK) or CCPA/CPRA (California):
- **Right of access:** Request confirmation of whether we process your personal data and, if so, receive a copy.
- **Right to rectification:** Request correction of inaccurate or incomplete personal data.
- **Right to deletion ("right to be forgotten"):** Request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected.
- **Right to restriction:** Request that we restrict processing of your personal data in certain circumstances (for example, while we verify its accuracy or assess an objection).
- **Right to object:** Object to certain processing of your personal data, including processing based on legitimate interests, and we will consider your objection in line with applicable law.
- **Right to data portability:** Request a copy of certain personal data in a structured, commonly used, machine-readable format and ask us to transmit it to another controller where technically feasible.
- **Right to withdraw consent:** Where processing is based on your consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing that took place before you withdrew consent.
- **Rights under CCPA/CPRA (for California residents):** The following rights apply:
- right to know what personal information we collect, use, disclose, and share;
- right to delete personal information in certain circumstances;
- right to correct inaccurate personal information;
- right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising in relation to Fluxer); and
- right to be free from discrimination for exercising your rights.
### 10.1 Exercising Your Rights
You can exercise many of your rights directly through your Privacy Dashboard and account settings (for example, export, deletion, and correction of certain information).
You can also contact us at privacy@fluxer.app to exercise your rights. When you do so:
- we may need to verify your identity (for example, by asking you to reply from your registered email or provide additional details);
- we will respond as required by applicable law (typically within 30 days, or up to 45 days where permitted and necessary); and
- if we cannot fully comply with your request (for example, due to legal obligations, technical limitations, or the rights of others), we will explain why and what options you still have.
You may also authorize an agent to submit requests on your behalf where permitted by law. We may require proof that the agent is validly authorized.
### 10.2 Complaints to Supervisory Authorities
If you are in the EEA, UK, or another jurisdiction with a data protection authority, you have the right to lodge a complaint with your local supervisory authority if you believe your privacy rights have been violated.
If you are in Sweden, the relevant authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten). You can also contact your local authority in your country of residence.
We encourage you to contact us first so we can try to resolve your concerns directly.
### 10.3 Automated Decision-Making
We use automated systems in certain limited ways that may affect your use of Fluxer, such as:
- determining whether your approximate location is in a region where access to Fluxer is permitted based on IP geolocation and applicable laws; and
- detecting potential fraud, spam, or abusive behavior.
These systems can influence, for example, whether you can access Fluxer from a given region or whether certain actions are temporarily blocked while we investigate potential abuse.
Where applicable law (such as GDPR) grants you rights related to automated decision-making such as the right to obtain human review, to express your point of view, or to contest certain decisions you can contact us at privacy@fluxer.app. We will handle such requests in line with those laws and our legal obligations.
## 11. Children's Privacy
Users must meet the minimum age requirement in their region to create and use a Fluxer account. We determine eligibility based on your self-reported information and your approximate geographic location.
For the purposes of this policy and our Terms of Service:
- the **minimum age to use Fluxer** (the "Minimum Age") is the lowest age at which applicable law in your country permits you to use an online service like Fluxer. This is typically 13 years old, but it varies by country and may be higher in certain jurisdictions; and
- users who are **above the Minimum Age but under the age of legal majority** in their jurisdiction (for example, under 18 in many countries) may use Fluxer, but our Terms require a parent or guardian to review and agree to them on the user's behalf.
We use IP geolocation and similar signals to determine whether access is allowed from your region and to apply regional age-related rules.
Some jurisdictions require age verification methods that we are not able or willing to implement (for example, requiring government ID uploads or biometric scanning). Where such requirements apply, we restrict access as described in [Section 3.2](#32-ip-address-geolocation) and on our [Regional Restrictions](/regional-restrictions) page. Depending on the scope of the law, this may mean full platform inaccessibility or restriction of age-restricted content only.
We generally do not manually override these automated regional determinations, but you may contact us at privacy@fluxer.app if you believe your access has been restricted in error (for example, due to inaccurate geolocation). Where applicable law grants minors or their guardians specific rights regarding automated decisions, we will comply with those obligations.
We do not knowingly collect personal information from children under the Minimum Age in their region. If we become aware that we have inadvertently collected personal information from a child who does not meet the Minimum Age requirement, we will take steps to delete that information and, where appropriate, delete the account.
If you are a parent or legal guardian and believe that your child has used Fluxer without your consent or does not meet the Minimum Age requirement, you may contact privacy@fluxer.app from the child's registered email address (or with sufficient proof of guardianship) to request deletion of their account and associated data.
## 12. Cookies and Similar Technologies
### 12.1 Fluxer Application
We do not use third-party advertising or tracking cookies for our own analytics or advertising in the Fluxer application. Any cookies we set are strictly necessary for the operation and security of the service. We also do not run advertising trackers or analytics SDKs in the app. Operational logging and limited feature-usage telemetry are stored server-side to keep the service reliable and secure and to understand which features are used. This server-side data is not used for advertising or cross-site profiling.
When you interact with embedded third-party content in the app (for example, a YouTube video or a CAPTCHA challenge), those third parties may set their own cookies or similar technologies under their own privacy policies.
### 12.2 Marketing Site
On our marketing website (`fluxer.app`):
- we set a single language-preference cookie to remember your language choice; and
- we do not use third-party advertising trackers or fingerprinting technologies.
If we introduce additional analytics on the site in the future, we will update this notice and, where required, seek your consent (for example, via a cookie banner or similar interface).
You can control cookie usage through your browser settings, which may allow you to block or delete cookies. Note that some site functionality may be affected if you disable cookies entirely.
## 13. Third-Party Services and Links
Fluxer may contain links to third-party websites, services, or content (for example, YouTube videos, GIF search, or other embedded content). When you use these features:
- we route requests through our servers where technically possible to reduce the amount of data sent directly from your device to third parties;
- for GIF search through KLIPY, both search queries and GIF embedding are routed through our servers, so this provider does not see your IP address or device identifiers for searches or when GIFs are displayed in Fluxer;
- for YouTube links, we fetch basic metadata from the YouTube API on our servers so we can render previews without your device contacting YouTube until you choose to play the video; and
- if you play an embedded YouTube video or interact with other embedded third-party content, that content is loaded directly from the third party (for example, in an iframe), and the third party may collect information from your device under its own terms and privacy policy.
Third-party services may have their own privacy policies and data practices that are separate from ours. We are not responsible for the privacy practices, content, or security of third-party services, and we encourage you to review the privacy policies of any third-party services you use.
## 14. Law Enforcement and Legal Requests
We take the privacy and security of our users seriously and carefully consider all legal requests for data.
- We respond to valid legal processes and requests that comply with applicable law, which may include court orders, warrants, or other legally binding requests.
- Requests should be directed to legal@fluxer.app and should clearly identify the requesting authority, legal basis, and scope of data requested.
- We may refuse or narrow requests that are overly broad, not legally valid, or inconsistent with applicable law.
- Where legally permitted and where it would not create a risk to safety, security, or legal obligations, we will attempt to notify affected users before disclosing their data so they have an opportunity to object.
We may disclose data without notice where we reasonably believe it is necessary to prevent harm, protect the safety of individuals, or respond to emergencies, in accordance with applicable law.
For additional operational details on how law enforcement requests interact with community safety and enforcement, you can also refer to the "Law Enforcement Requests" section of our [Community Guidelines](/guidelines).
## 15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations.
If we make significant changes, we will:
- provide at least 30 days' advance notice, where reasonably practicable, via email, in-app notifications, or notices on our website; and
- indicate the effective date at the top of this policy.
We maintain a changelog or archive of prior versions of this Privacy Policy for reference.
Your continued use of Fluxer after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree with the updated policy, you should stop using Fluxer and, if you wish, delete your account.
## 16. Contact Us
For account-related and privacy-related requests, you should contact us from the email address associated with your Fluxer account wherever possible. This helps us verify your identity and protect your account.
### Privacy and Data Protection Contact
- Email: privacy@fluxer.app
- Contact person: Hampus Kraft, founder and CEO
- This is our primary contact point for privacy and data protection questions. We have not formally appointed a Data Protection Officer under GDPR.
You can use this address to exercise your privacy rights, ask questions about this policy, or raise concerns about how your data is handled.
### General Support
- Email: support@fluxer.app
- Website: [https://fluxer.app](https://fluxer.app)
### Postal Address
Fluxer Platform AB
Norra Kronans Gata 430
136 76 Brandbergen
Stockholm County, Sweden
Organization number: 559537-3993

104
packages/marketing/src/content/policies/security.md Normal file
View File

@@ -0,0 +1,104 @@
If you believe you have found a security vulnerability in Fluxer, please report it responsibly. This policy explains what is in scope, how to submit a report, what we need from you, and what you can expect from us.
## Safe harbor
If you follow this policy, act in good faith, and avoid privacy violations or service disruption, Fluxer will not pursue legal action against you for your security research.
## Who should read this
Security researchers, community members, and anyone who discovers a potential security issue in Fluxer should read this policy before sending a report. It explains what is in scope, how we triage findings, and how we acknowledge and reward responsible disclosures.
## Scope
### In scope
Fluxer websites, applications, and services operated by Fluxer Platform AB, including the following domains and any subdomain of these domains:
- `fluxer.gg`
- `fluxer.gift`
- `fluxerapp.com`
- `fluxer.dev`
- `fluxerusercontent.com`
- `fluxerstatic.com`
- `fluxer.media`
- `fluxer.app`
Also in scope:
- Infrastructure, systems, and operational services directly managed by Fluxer that impact authentication, authorization, payments, community data, or the processing of security- or privacy-relevant data (including user identifiers, account metadata, logs, analytics, telemetry, and similar signals).
- Abuse cases that enable unauthorized persistence, privilege escalation, or data disclosure when triggered through officially supported product features.
- Self-hosted Fluxer instances that declare trust in Fluxer security guidance, provided:
- the issue is reproducible on the latest official release as we ship it, and
- the issue is not solely caused by third-party modifications or local misconfiguration.
If you are unsure whether a target is in scope, email us and ask.
### Out of scope
The following are out of scope (not an exhaustive list):
- Third-party services, infrastructure, or integrations we do not control (for example partner communities' independent integrations, bots, or external hosting providers).
- Vulnerabilities that require physical access to facilities, servers, or devices.
- Social engineering, phishing, bribery, coercion, or attempts to manipulate Fluxer staff or users.
- Denial-of-service (DoS) attacks, traffic flooding, rate-limit exhaustion, or resource exhaustion testing.
- Automated scanning or bulk testing that produces noisy/low-signal findings, especially without a clear security impact and a reliable reproduction path.
- General UI bugs, feature requests, or non-security support issues (email support@fluxer.app for those).
- Issues in forked, modified, or outdated self-hosted deployments that are not reproducible on the latest official release.
In addition, we generally do not prioritize low-impact reports (for example missing best-practice headers or minor configuration issues) unless you can demonstrate a concrete security impact.
## How to report
Email your report to security@fluxer.app.
Please include:
- A short, descriptive title.
- Why the issue is a security concern (impact, affected users/systems, and realistic attack scenario).
- Step-by-step reproduction instructions and any proof of concept (screenshots, logs, recordings, or curl commands are helpful).
Please do not publicly disclose the vulnerability until we have acknowledged your report and had a reasonable opportunity to investigate and ship a fix. We may coordinate a disclosure timeline with you.
## What we need from you
To help us validate and fix the issue quickly, include as much of the following as you can:
- A clear summary of the issue and its impact.
- Step-by-step reproduction instructions.
- The environment you used (browser, operating system, client version, region, logged-in state, etc.).
- Any mitigations you tried, and whether the issue persists after clearing caches, using a private window, or restarting clients.
- A severity estimate (for example a CVSS score), or a plain-language assessment of the access/impact the issue enables.
## Rewards and recognition
Depending on validity, severity, and impact, we may award:
- A Bug Hunter badge on your Fluxer profile.
- Plutonium gift codes on fluxer.app so you can access premium features.
Higher-severity findings receive more recognition. We intend to add cash payouts in the future once our payments tooling is ready. At this time, we do not guarantee monetary rewards, but we do credit valid research that follows this policy.
### Credit and eligibility
- Please report findings privately to security@fluxer.app.
- Public disclosure before we acknowledge and address the issue may make the report ineligible for rewards or recognition.
- If multiple reports describe the same underlying issue, we typically credit the first report that clearly explains the vulnerability and enables reliable reproduction.
## What to expect from us
- **Acknowledgement:** We aim to acknowledge reports within five business days (often sooner).
- **Triage and updates:** We will review your report, prioritize critical issues, and keep you updated as we investigate.
- **Resolution and disclosure:** After a fix is available, we typically coordinate disclosure and credit with the reporter, unless you prefer to remain anonymous.
- **If we cannot reproduce:** We will share what we tried and may ask for additional details, environment information, or a clearer proof of concept.
## Safe testing rules
- Only test against accounts, communities, and data you own or have explicit permission to use.
- Community-level testing (roles, permissions, invites, moderation tools, settings, data access, etc.) must be performed only in communities you own/admin, or where you have explicit permission from the community owner/admin.
- Do not access, modify, or attempt to view other users' or other communities' data without consent.
- Do not use automated flooding, scraping, brute forcing, or other disruptive techniques.
- Do not use scanners or automated tools in ways that degrade reliability or create noisy/low-signal reports.
- If your testing could trigger real user notifications, support workflows, emails, billing events, or payments, contact us first so we can monitor.
- Follow applicable laws where you live and where the systems operate. If you are unsure, err on the side of caution and ask before escalating a high-impact test.
Thank you for helping keep Fluxer secure.

468
packages/marketing/src/content/policies/terms.md Normal file
View File

@@ -0,0 +1,468 @@
## Welcome to Fluxer
These terms of service ("Terms") constitute a legally binding contract between you and Fluxer Platform AB (Swedish organization number: 559537-3993). We are based in Stockholm County, Sweden, and we operate the Fluxer chat platform and related services. Throughout these Terms, references to "Fluxer", "we", "us" or "our" refer to Fluxer Platform AB and our Services.
By creating an account or using Fluxer in any way, you agree to be bound by these Terms, our [Privacy Policy](/privacy), and our [Community Guidelines](/guidelines). If you do not agree to these Terms, you must not use Fluxer.
If there is any conflict between these Terms and any applicable local mandatory law, the mandatory law will prevail.
## Definitions
For the purposes of these Terms:
- **"Services"** means the Fluxer applications (web, mobile, desktop), HTTP and WebSocket APIs, related websites and domains, and any other products, software, features, or services provided by Fluxer.
- **"User Content"** means any data, text, messages, media, files, communities, reactions, or metadata you or other users submit, upload, transmit, store, or display on or through the Services.
- **"Plutonium"** means Fluxer's optional paid subscription offering that provides enhanced features and benefits.
- **"Community"** means a server, space, or similar environment created or administered on Fluxer where users can communicate or share content.
- **"Community Owners"** means users who create, own, or administer Communities and who are responsible for setting rules (subject to these Terms and our Community Guidelines) and moderating those Communities.
- **"Account"** means a user account registered with Fluxer that is associated with a unique identifier and, typically, an email address.
- **"Privacy Policy"** means our [Privacy Policy](/privacy), which explains how we collect, use, and protect personal data.
- **"Community Guidelines"** means our [Community Guidelines](/guidelines), which govern acceptable behavior and content on Fluxer.
Capitalized terms that are not defined in this section have the meaning given to them elsewhere in these Terms.
## 1. Eligibility and Accounts
### 1.1 Eligibility to Use Fluxer
You may use the Services only if:
- you meet the minimum age required in your place of residence (the **"Minimum Age"**); and
- you are legally capable of entering into a binding contract with us, or your parent or legal guardian agrees to these Terms on your behalf as described below.
We determine your eligibility based on your self-reported information and your approximate geographic location. In many jurisdictions, the Minimum Age is 13 years, but it may be higher where you live.
If you are under the age of legal majority in your jurisdiction (for example, under 18 in many countries) but at or above the Minimum Age, your parent or legal guardian must review and agree to these Terms on your behalf before you use the Services.
By allowing a minor to use your Account or to use the Services with your permission, you confirm that you are the minor's parent or legal guardian, that you have reviewed and agreed to these Terms, and that you are responsible for the minor's activity on the Services.
Some countries, regions, or U.S. states have laws that require age-verification methods we are not able or willing to implement (for example, requirements to submit government ID or biometric data). Where such requirements apply, we may restrict or disable account registration and access to the Services from those regions.
We use automated systems (such as IP geolocation and similar technologies) to determine whether access to the Services is allowed from your region and to enforce regional restrictions. These determinations may be re-evaluated over time as laws or our capabilities change. We generally do not manually override these determinations, but you may contact us if you believe your access has been restricted in error. Where applicable law provides you with rights related to automated decision-making, we will honor those rights as described in our [Privacy Policy](/privacy).
You must not use the Services if:
- applicable law in your jurisdiction prohibits you from doing so;
- you are subject to relevant export control or sanctions restrictions, as described in Section 14; or
- your Account has previously been terminated or disabled by us for breach of these Terms, unless we have expressly agreed in writing to allow you to use the Services again.
### 1.2 Your Account and Security
To use most features of Fluxer, you must create an Account. You are solely responsible for:
- maintaining the confidentiality and security of your login credentials;
- all activities that occur under your Account, whether or not authorized by you, **except where applicable law provides that you are not responsible (for example, where activity results from a security incident for which we are responsible);**
- providing accurate, current, and complete information during registration; and
- keeping your Account information up to date when it changes.
You must promptly notify us at support@fluxer.app if you become aware of any unauthorized access to or use of your Account.
We strongly recommend that you:
- use a strong, unique password and change it periodically; and
- enable two-factor authentication (2FA) where available.
You are also responsible for securing the devices and software you use to access the Services and for keeping them free of malware.
Nothing in this Section 1.2 affects any non-waivable rights you may have under applicable consumer or payment laws in relation to unauthorized charges or security incidents.
### 1.3 Consumer Use and Custom Contracts
These Terms govern your use of Fluxer as a consumer and for general personal or community use.
If you or your organization negotiate and sign a separate written enterprise, business, or custom agreement with us that expressly supersedes these Terms, that agreement will govern to the extent it conflicts with these Terms. In all other respects, these Terms will continue to apply.
## 2. Using Fluxer
### 2.1 Permitted Uses
Fluxer is a communication and community platform where you can:
- send and receive messages, files, and media;
- create, manage, and participate in Communities;
- engage in voice and video communications with other users;
- build and moderate Communities around shared interests, subject to these Terms and our [Community Guidelines](/guidelines); and
- subscribe to Plutonium for access to premium features and benefits.
Your use of the Services must always comply with these Terms, our [Community Guidelines](/guidelines), and applicable laws and regulations.
### 2.2 Prohibited Uses
You must not use the Services to:
- violate any applicable local, national, or international law or regulation;
- promote, glorify, encourage, or provide instructions for self-harm or harm to others, or threaten, harass, or bully other users;
- violate our [Community Guidelines](/guidelines) in any way;
- abuse our free Services or platform resources (see Section 5 below);
- infringe, misappropriate, or violate the intellectual property or other rights of others;
- distribute malware, viruses, or other harmful code, or engage in cyberattacks or unauthorized access attempts;
- impersonate any person, entity, or organization, or otherwise misrepresent your affiliation with a person or entity;
- circumvent, disable, or interfere with security-related features or access controls; or
- engage in any activity that is otherwise prohibited by these Terms or our [Community Guidelines](/guidelines).
### 2.3 Service Changes and Availability
- The Services are provided without any service-level agreement (SLA). Outages, interruptions, and performance issues may occur.
- We may add, modify, or remove features, or discontinue parts of the Services at any time. When we make significant changes, we will provide notice where reasonably practicable (for example, via email, in-app notifications, or update notes).
- Certain features may be limited, unavailable, or different depending on your region, device, account type, or applicable law.
- We may temporarily limit or suspend access to the Services or certain features for maintenance, security, legal, or technical reasons.
- If we make changes that significantly and adversely affect paid features you have already purchased, you may have additional rights under applicable consumer laws, including rights to refunds or price reductions. Nothing in these Terms limits any such mandatory rights.
## 3. Your Content
### 3.1 Content Ownership
You retain full ownership of all User Content you create and share on or through the Services. Except as described in Section 3.2, we do not claim ownership of your User Content.
You are responsible for ensuring that you have all necessary rights, licenses, and permissions to submit, upload, or share User Content on the Services and to grant the rights described in these Terms.
### 3.2 License to Fluxer
To operate, secure, and improve the Services, you grant Fluxer a limited license to your User Content.
Specifically, by submitting, uploading, or otherwise making User Content available on or through the Services, you grant Fluxer a worldwide, non-exclusive, royalty-free, transferable, and sublicensable license to:
- host, cache, store, reproduce, and display your User Content;
- use your User Content to operate, maintain, secure, and provide the Services;
- adapt and modify your User Content as reasonably necessary for technical purposes (such as compression, transcoding, formatting, or re-encoding media); and
- sublicense these rights to our service providers solely for the purpose of helping us provide the Services, subject to appropriate contractual safeguards.
We will not use your User Content to:
- train AI models; or
- share it with third parties for their own independent purposes without your explicit consent, except where we are required to do so by law or legal process, or as otherwise described in our [Privacy Policy](/privacy).
You can generally revoke this license for specific User Content by deleting that content from the Services, subject to the retention and backup periods described in these Terms and in our [Privacy Policy](/privacy), and subject to any obligations we may have to retain certain data under applicable law.
### 3.3 Content Deletion and Retention
When you delete User Content:
- we will remove it from our active systems within a reasonable period of time; and
- the content may continue to exist in encrypted backups and certain system logs for limited periods, after which it is deleted in accordance with our data retention practices.
In particular:
- Deleted content may persist in backup systems and certain logs for a limited period before it is fully removed.
- Cached files on our content delivery networks (CDNs) may require additional time to clear from all global locations.
- Attachments may only remain available for a limited time and may expire based on factors such as file size and age. Items you save to Saved Media are treated differently and are not subject to the same expiry rules as regular attachments. For the most up-to-date details on how attachment availability and expiry work, see [the help article on attachment expiry](/help/attachment-expiry).
If you plan to delete messages or your Account, download any attachments or other content you wish to keep before deletion or expiry. For information about exporting your data, see [the help article on exporting your account data](/help/data-export).
We may retain certain information even after you delete content or close your Account where we have a legitimate business need or legal obligation to do so, such as for security, fraud prevention, or compliance with legal obligations. Such retained data is handled in accordance with our [Privacy Policy](/privacy).
### 3.4 Content Scanning and Safety
We use automated systems and, where required, human review to help keep the Services safe and compliant with the law.
In particular:
- We scan user-uploaded media (such as avatars, emojis, stickers, and attachments) to help detect and prevent child sexual abuse material (CSAM) and to comply with our legal obligations. We use the Arachnid Shield API, operated by the Canadian Centre for Child Protection (C3P), which checks uploaded media against databases of known CSAM maintained by child safety organizations worldwide. This process does not use AI or content analysis it only matches against media that has already been identified as CSAM by law enforcement or child safety organizations. Scanning happens in real time during upload when prohibited content is detected, the upload is immediately rejected and the content is not delivered to any user. Where required or permitted by law, we preserve the matched media and related records for reporting, legal compliance, and evidence preservation. We take appropriate action, which may include reporting to relevant authorities and terminating Accounts. For more details, see Section 5 of our [Privacy Policy](/privacy).
- We may also use automated tools and signals to detect spam, malware, and other harmful or abusive content or behavior, as described in our [Privacy Policy](/privacy) and our [Community Guidelines](/guidelines).
Our safety and moderation systems are designed to protect both users and the integrity of the platform. However, no system is perfect, and we cannot guarantee that all harmful content or behaviors will be identified or prevented.
### 3.5 Copyright and Intellectual Property
If you believe that content on Fluxer infringes your copyrights, please notify us at dmca@fluxer.app with the following information:
- your full name and contact details;
- a description of the copyrighted work you claim has been infringed;
- the specific URL(s) or location(s) of the allegedly infringing material on the Services;
- a statement that you have a good-faith belief that the use is not authorized by you, your agent, or the law; and
- a statement that the information in your notice is accurate and that you are the copyright owner or authorized to act on their behalf, plus your physical or electronic signature.
We may remove or disable access to allegedly infringing material and may notify the user who posted it. Where appropriate and in accordance with applicable law, repeat infringers may have their Accounts terminated.
If we remove content in response to a copyright notice, we may, where permitted by law, offer the affected user an opportunity to submit a counter-notice.
## 4. Privacy and Data Protection
We take your privacy seriously. Our [Privacy Policy](/privacy) explains in detail what personal data we collect, how we use it, and the rights you may have in relation to your data.
In summary:
- We do not sell, rent, or trade your personal data.
- The Services are not end-to-end encrypted. However, we use strong encryption for data in transit (for example, Transport Layer Security) and for data at rest.
- We aim to collect only the minimum data necessary to operate, secure, and improve the Services.
- Your data is primarily stored in data centers in the United States and the European Union/EEA, and certain user-generated content may be cached on content delivery networks with edge locations worldwide, as described in our [Privacy Policy](/privacy).
- We may geolocate your IP address for security features, regional compliance, fraud prevention, and to determine eligibility for the Services.
- You can export, manage, and delete your data through your privacy dashboard and by using the tools described in our [Privacy Policy](/privacy).
- Depending on where you live, you may have rights such as access, rectification, deletion, data portability, objection, and restriction of processing.
Please read our [Privacy Policy](/privacy) carefully. If there is any conflict between these Terms and the Privacy Policy concerning the handling of personal data, the Privacy Policy will control to the extent of the conflict.
## 5. Acceptable Use and Platform Integrity
### 5.1 Acceptable Use of Free Services
We offer a generous free tier, but we expect you to use it reasonably and for its intended communication and community purposes.
We may take enforcement action if you:
- use Fluxer primarily as unlimited cloud storage rather than for communication or community activities;
- accumulate excessive amounts of data or create unusual loads that negatively impact service quality or availability for other users;
- distribute malware or illegal content, or use the Services for malicious, fraudulent, or abusive purposes;
- use Fluxer infrastructure for command-and-control of malware, botnets, or other harmful systems; or
- deliberately attempt to stress test, overload, or degrade our infrastructure without our prior written permission.
We will not target normal users who are using Fluxer in good faith for its intended purposes. This policy exists to prevent abuse that harms the platform and other users.
### 5.2 Platform Integrity Protection
To protect the integrity and security of the Services, we actively monitor for and take action against:
- automated spam, bulk messaging, and abuse;
- large-scale or unauthorized data scraping, harvesting, or indexing operations;
- manipulation of platform metrics or engagement statistics;
- coordinated inauthentic behavior and fake engagement;
- community raiding, brigading, or mass harassment campaigns; and
- attempts to bypass or defeat our safety, moderation, or rate-limiting systems.
Violations of platform integrity may result in immediate content removal, feature restrictions, or Account suspension or termination, with or without prior warning, depending on the severity and risk.
## 6. Paid Services and Subscriptions
### 6.1 Payment Authorization
By providing a payment method to Fluxer, you:
- authorize us to charge your payment method for any Services you purchase, including recurring subscription fees where applicable;
- confirm that you have the legal right and authority to use that payment method;
- authorize our payment processor (currently Stripe) to store your payment information securely for current and future transactions, and authorize us to receive and store limited billing information (such as billing country, partial card details, and payment status) necessary to manage your purchases;
- authorize us to retry failed payments or charge backup payment methods if you have added them to your Account; and
- agree that we may share necessary payment information with Stripe and other payment providers solely to process transactions, prevent fraud, and comply with legal obligations.
You are responsible for all applicable taxes, fees, and charges related to your purchases, except where we are required by law to collect and remit them.
### 6.2 Fluxer Plutonium Subscription
We offer an optional premium subscription service called **Fluxer Plutonium** that provides enhanced features and benefits.
#### 6.2.1 Automatic Renewal
By subscribing to Plutonium, you agree to recurring automatic payments. Unless you cancel, your subscription will automatically renew at the end of each billing period (for example, monthly or annually), and we will automatically charge your payment method at each renewal date for the applicable subscription fee and any applicable taxes.
You may cancel your subscription at any time through your Account settings. Cancellation takes effect at the end of your current billing period, and you will retain access to premium features until that time. You will not receive a refund or credit for any partial billing period unless required by law or as otherwise described in these Terms.
#### 6.2.2 Price Changes
We may change subscription prices from time to time, including introducing different prices for new subscriptions, regions, or promotional offers.
If you already have an active, continuously renewing Plutonium subscription:
- price increases will **not** apply to your existing subscription while it remains active and in good standing; you will continue to be charged the price that applied when you started or last changed that subscription (excluding any temporary discounts that have expired); and
- we may, at our discretion, reduce your subscription price or apply discounts, and we will clearly indicate when such changes occur.
If your subscription is canceled, expires, or lapses (for example, due to non-payment) and you later start a new Plutonium subscription, the then-current price for new subscriptions will apply and will be shown to you before you confirm the new subscription.
We may provide advance notice of price changes, especially where they are significant, but changes to prices for new subscriptions do not affect the price of your existing active subscription.
Nothing in this section limits any mandatory rights you may have under applicable consumer protection laws.
### 6.3 Refunds and Restrictions
#### 6.3.1 Plutonium Subscription Refunds
You may request a refund within 14 days of purchasing a Plutonium subscription by emailing support@fluxer.app from your registered Account email address, unless applicable law grants you a longer or different cooling-off period.
After receiving a refund:
- your Plutonium subscription will be canceled, and access to premium features will end when the refund is processed; and
- we may temporarily restrict your ability to purchase a new Plutonium subscription for a period of up to 30 days to reduce the risk of payment abuse.
If you request refunds for Plutonium subscriptions multiple times, we may restrict or block your ability to purchase Plutonium again if we reasonably believe your refund requests are abusive or present an unacceptable risk of payment abuse. In exceptional cases, we may restore purchasing access at our discretion, taking into account your account history and the circumstances of the refunds.
Nothing in this section limits any mandatory refund, withdrawal, or cancellation rights that you may have under applicable consumer laws.
#### 6.3.2 Gift Code Refunds
If you purchase a Plutonium gift code and subsequently request a refund or initiate a chargeback for that purchase:
- the user who redeemed the gift code will lose access to their premium benefits, typically from the time we process the refund or receive notice of the chargeback; and
- we may notify the affected user via email or in-app notification explaining that their premium access was revoked due to a refund or chargeback related to the underlying purchase.
### 6.4 Failed Payments
If a payment fails to process:
- we will automatically attempt to retry charging your payment method a reasonable number of times;
- we may charge any backup payment methods you have added to your Account;
- we may suspend or downgrade your access to premium features until payment is successfully processed; and
- you remain responsible for any unpaid amounts owed to Fluxer.
We are not responsible for any fees, charges, penalties, or interest imposed by your bank, payment provider, or financial institution in connection with failed payments or chargebacks.
### 6.5 Chargebacks and Payment Disputes
If you believe there is an error or unauthorized charge on your Account, we encourage you to contact us first at support@fluxer.app so we can investigate and attempt to resolve the issue quickly.
If you initiate a chargeback or payment dispute with your bank or payment provider for a payment made to Fluxer, we may:
- temporarily suspend or restrict your access to paid features while the dispute is investigated; and
- limit your ability to make future purchases if we reasonably believe the dispute is unfounded or forms part of a pattern of abusive behavior.
If a chargeback is resolved against us and we have a reasonable basis to believe it was made in bad faith or as part of a pattern of abuse or fraud, we may close your Account or permanently restrict your ability to purchase Plutonium or other paid Services. We will consider any information you provide when deciding these measures.
Chargebacks can cause significant costs and processing burdens, including penalty fees and increased fraud scrutiny from payment providers. Please contact us before initiating a chargeback whenever possible so we can try to resolve the issue.
Stripe or your payment provider may also contact you directly with receipts, alerts, or dispute notices.
## 7. Third-Party Services
Fluxer integrates with and relies upon various third-party services to provide the Services, including hosting and infrastructure providers, payment processors, content delivery networks, security services, and communication platforms.
For a description of the categories of third-party services we use and how they handle data, please see our [Privacy Policy](/privacy).
These third-party services have their own independent terms of service and privacy policies. Your use of such services may be subject to those additional terms. Fluxer is not responsible for the content, availability, policies, or practices of third-party services.
Some integrations involve you interacting directly with third-party content (for example, playing an embedded YouTube video). In those cases, the third party may receive information directly from your device and process it as an independent controller under its own terms and privacy policy.
Where required by law or by the terms of our agreements with providers that process personal data on our behalf, we may share limited information with them to provide the Services, prevent fraud, and comply with legal obligations. We will do so in accordance with our [Privacy Policy](/privacy).
## 8. Account Termination and Inactivity
### 8.1 Voluntary Account Deletion
You may delete your Fluxer Account at any time through your Account settings. While we will be sorry to see you go, we respect your choice and will process your deletion request in accordance with our data retention practices and applicable law. For details about the deletion process, including any grace period during which you can cancel deletion, see [the guide to deleting or disabling an account](/help/delete-account).
### 8.2 Suspension and Termination by Fluxer
We may suspend or permanently terminate Accounts, or restrict access to the Services, if we reasonably believe that:
- the Account or user has violated these Terms or our [Community Guidelines](/guidelines);
- the Account has been used to engage in illegal activities or to facilitate unlawful conduct;
- the Services are being abused, including through spam, fraud, or other malicious behavior;
- the Account is involved in fraudulent chargebacks, payment disputes, or other payment abuse; or
- it is necessary to do so for security, platform integrity, or legal compliance reasons.
We will typically provide advance warning before suspending or terminating an Account, unless the violation is severe, poses immediate risk to our platform or users, involves illegal conduct, or we are legally prohibited from providing notice.
If we terminate your Account for cause, you may lose access to your User Content and any associated data, subject to applicable law and our data retention practices.
If you believe we have made a mistake in suspending or terminating your Account, you may appeal in accordance with our [Community Guidelines](/guidelines), for example by emailing appeals@fluxer.app from the email address associated with your Account.
### 8.3 Account Inactivity and Deletion
To protect user privacy and manage resources, we may delete inactive Accounts in accordance with our data retention and deletion practices.
- When an Account has been inactive (no sign-ins or other meaningful activity) for an extended period, it may be scheduled for deletion.
- Where feasible, we will provide advance notice to the registered email address of the Account before deletion due to inactivity.
- We document the current criteria for inactivity, any applicable notice periods, and account deletion timelines in [the guide to deleting or disabling an account](/help/delete-account) and [the article about requesting data deletion](/help/data-deletion).
When an Account is deleted:
- messages and content you posted in Communities or direct messages may remain visible to other users, unless you delete them first (for example, via your Privacy Dashboard or other tools we provide); and
- you may no longer be able to access your User Content, unless you exported or downloaded it beforehand.
You can remove messages and other content through your Privacy Dashboard or by contacting privacy@fluxer.app before deletion, subject to technical and legal limitations.
## 9. Disclaimers, Limitation of Liability, and Indemnification
### 9.1 No Warranties
We work diligently to maintain Fluxer as a reliable and stable platform, but the Services are provided on an "as is" and "as available" basis.
To the fullest extent permitted by law, Fluxer and its affiliates make no express or implied warranties or representations about the Services, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or that the Services will be uninterrupted, secure, or error-free.
We cannot guarantee:
- 100% uptime or availability;
- that the Services will be free from defects, bugs, or vulnerabilities; or
- that content, information, or communications transmitted through the Services will always be delivered or stored.
### 9.2 Limitation of Liability
To the maximum extent permitted by applicable law, Fluxer and its affiliates will not be liable for:
- any indirect, incidental, consequential, special, or punitive damages; or
- any loss of profits, revenues, data, goodwill, or other intangible losses;
arising out of or in connection with your use of, or inability to use, the Services, whether based on contract, tort (including negligence), statutory law, or any other legal theory, even if we have been advised of the possibility of such damages.
To the extent we are liable under applicable law, our total aggregate liability for all claims arising out of or relating to the Services or these Terms will be limited to the greater of:
- EUR 100; or
- the total amount you have paid to Fluxer for the Services during the twelve (12) months immediately preceding the event giving rise to the claim.
Nothing in these Terms limits or excludes:
- any liability that cannot be limited or excluded under applicable law, such as liability for gross negligence, willful misconduct, or for death or personal injury caused by our negligence; or
- any non-waivable rights or remedies you may have under mandatory consumer protection laws.
If you are a consumer residing in the EU/EEA, the United Kingdom, or another jurisdiction with mandatory consumer protection laws, the limitations and exclusions in this Section 9.2 apply only to the extent permitted by those laws and do not affect your statutory rights.
### 9.3 Indemnification
To the extent permitted by applicable law, you agree to defend, indemnify, and hold harmless Fluxer, its officers, directors, employees, and agents from and against any claims, demands, actions, damages, losses, and expenses (including reasonable legal fees) arising out of or related to:
- your violation of these Terms or our [Community Guidelines](/guidelines);
- your violation of any applicable law or regulation; or
- your User Content, including any claim that your User Content infringes or misappropriates the intellectual property or other rights of a third party.
This indemnity obligation does not apply to the extent that a claim arises due to our own breach of these Terms or our negligence, willful misconduct, or other liability that cannot be excluded under applicable law.
## 10. Dispute Resolution and Governing Law
We want to resolve disputes fairly and efficiently.
- **Informal resolution first:** If you have a concern or dispute with us, please contact support@fluxer.app first. We will try to work with you in good faith to resolve the issue informally.
- **Governing law and courts:** Unless otherwise required by mandatory local law, these Terms and any disputes arising out of or relating to them or the Services are governed by Swedish law, without regard to its conflict-of-law rules. Any dispute, controversy, or claim arising out of or in connection with these Terms or the Services will be submitted to the courts of Stockholm, Sweden, which will have exclusive jurisdiction, subject to the small-claims provision below.
- **Small claims:** Either party may bring an individual claim in a competent small-claims court in a jurisdiction where venue is proper, instead of in the courts of Stockholm, Sweden.
- **Consumers in the EU/EEA and other regions:** If you are a consumer residing in the EU, EEA, or another jurisdiction that grants you mandatory rights to bring claims in the courts of your country of residence, nothing in these Terms limits those rights.
- **Class and representative actions:** To the maximum extent permitted by applicable law, any claims must be brought on an individual basis, and not as a plaintiff or class member in any class, collective, or representative action. If a waiver of class or representative actions is not enforceable for a particular claim, that claim may proceed as required by law in a court with proper jurisdiction, and the class or representative aspects of that claim will be handled as that court determines.
Nothing in this Section 10 prevents either party from seeking interim or injunctive relief from a court of competent jurisdiction to prevent or stop ongoing or imminent harm.
## 11. Changes to These Terms
We may update or modify these Terms from time to time, for example to reflect changes in our Services, legal requirements, or business practices.
If we make significant changes to these Terms, we will:
- provide at least 30 days' advance notice, where reasonably practicable, via email, in-app notifications, or by posting a notice on our website; and
- make the updated Terms available, indicating the date on which they take effect.
We maintain a changelog or archive of prior versions of these Terms for reference.
Your continued use of the Services after the updated Terms take effect constitutes your acceptance of the changes. If you do not agree to the updated Terms, you must stop using the Services and, if you wish, delete your Account before the changes take effect.
## 12. Account Communications and Verification
All account-related communications with Fluxer should be sent from the email address associated with your Account. We use this as our primary method of verifying your identity and ensuring we are communicating with the actual Account holder.
For security reasons, we normally only provide account support, share sensitive information, or make changes to your Account when you contact us from that email address. If you lose access to your registered email address, we may need additional information to verify your identity and might not always be able to recover or modify your Account.
Fluxer will never ask you to provide your password, full payment card number, or other highly sensitive security information via email. All official Fluxer emails and communications originate from email addresses ending in `@fluxer.app` or `@m.fluxer.app`. Be cautious of phishing attempts using similar-looking domain names or requesting sensitive information.
If you receive a suspicious message claiming to be from Fluxer, please do not click any links or provide any information. Instead, contact us directly at support@fluxer.app.
## 13. Contact Information
If you have questions, concerns, or need assistance with the Services or these Terms, you can contact us at:
- **Support email:** support@fluxer.app (for account-related matters, please contact us from the email address associated with your Account where possible)
- **Privacy email:** privacy@fluxer.app (for privacy and data protection requests)
- **Website:** [https://fluxer.app](https://fluxer.app)
### Postal Address
Fluxer Platform AB
Norra Kronans Gata 430
136 76 Brandbergen
Stockholm County, Sweden
Organization number: 559537-3993
For additional contact details (including press, security, and legal requests), see our company information page or the [Privacy Policy](/privacy).
## 14. Export Controls and Sanctions
You must comply with all applicable export control, sanctions, and related laws and regulations when using the Services.
In particular:
- You may not use the Services if you are located in, or are ordinarily resident in, a country or region subject to comprehensive embargoes or similar sanctions, or if you are on any applicable sanctions, denied-party, or restricted lists maintained by relevant authorities.
- You agree not to export, re-export, transfer, or otherwise make the Services or any related technology available in violation of applicable export control or sanctions laws.
- We may restrict or terminate access to the Services, and block or close Accounts, to comply with applicable export control and sanctions requirements or if we have reason to believe that you are subject to relevant restrictions.
If you have questions about how export controls or sanctions may apply to your use of the Services, you should seek your own legal advice, as we cannot provide legal advice regarding your specific obligations.