Legal

Privacy Policy

Last updated: April 2025 — Governed by Spanish & EU Law (GDPR / LOPDGDD)

1. Who We Are

FluxLabs ("we", "us", "our") is an independent app studio based in Spain. We operate the website fluxlabs.ink and develop mobile applications including Hangover Helper, Grocery Budget, Shift Logger, Menu Costing, Shift Prep, Flourish, and Subscription Guardian.

For any privacy-related enquiries, contact us at: hello@fluxlabs.ink

As a company based in Spain, we are subject to the EU General Data Protection Regulation (GDPR) and Spain's Organic Law on Personal Data Protection (LOPDGDD 3/2018). We take your privacy seriously and are committed to full compliance.

2. Data We Collect

Depending on which FluxLabs app or service you use, we may collect the following categories of personal data:

Account & Contact Data

Name and email address (when you contact us or create an account)
Username and password (encrypted at rest)

Usage & Analytics Data

App usage patterns and feature interactions
Device type, operating system, and app version
Crash reports and performance data
Session duration and frequency of use

Payment & Financial Data

Payment transactions are processed securely via Stripe — we do not store full card details
Billing address and transaction history for record-keeping purposes
For Subscription Guardian: subscription records and financial data you voluntarily input into the app

Health & Lifestyle Data (Specific Apps)

Hangover Helper: drink tracking data and unit counts you enter voluntarily
Flourish: fitness activity, health habits and wellness data you enter voluntarily

Affiliate & Partner Data

If you interact with partner offers (iSalud, Awin network), referral data may be shared with those partners as described in Section 6

3. Legal Basis for Processing

Under GDPR Article 6, we process your data on the following legal bases:

Contractual necessity — to provide the services you have requested
Legitimate interests — to improve our apps, prevent fraud, and ensure security
Legal obligation — to comply with Spanish and EU financial and data laws
Consent — where we ask for your explicit permission (e.g. marketing emails, sensitive data)

For health and financial data (special category data under GDPR Article 9), we rely on your explicit consent, which you can withdraw at any time.

4. How We Use Your Data

To deliver and improve our apps and services
To process payments and manage subscriptions via Stripe
To respond to your support requests and enquiries
To send you important updates about your account or our services
To analyse usage patterns and fix bugs (using anonymised or aggregated data where possible)
To comply with legal obligations under Spanish and EU law
To prevent fraud and protect the security of our platform

We will never sell your personal data to third parties.

5. Data Retention

We retain your personal data only for as long as necessary:

Account data — retained for the duration of your account plus 2 years after closure
Financial & payment records — retained for 6 years as required by Spanish tax law (Ley General Tributaria)
Usage analytics — retained for up to 24 months then anonymised or deleted
Health and lifestyle data — retained until you delete it or close your account
Contact enquiries — retained for 12 months

6. Third Parties We Share Data With

We only share data with trusted third parties where necessary:

Payment Processing

Stripe — processes all payments. Stripe is PCI-DSS compliant. View Stripe's privacy policy at stripe.com/privacy

Affiliate Partners

iSalud — health insurance partner. If you click through to iSalud from Subscription Guardian, your referral data is shared with iSalud under their own privacy policy
Awin — affiliate network. Awin may set tracking cookies when you interact with partner offers. View Awin's privacy policy at awin.com

Analytics & Infrastructure

App store platforms (Apple App Store, Google Play) — governed by Apple and Google's own policies
Hosting and infrastructure providers operating within EU data centres

All third party processors are bound by Data Processing Agreements (DPAs) where required under GDPR Article 28.

7. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

8. Your Rights Under GDPR

As a data subject under EU law, you have the following rights:

Right of access — request a copy of all data we hold about you
Right to rectification — correct inaccurate or incomplete data
Right to erasure — request deletion of your data ("right to be forgotten")
Right to restriction — limit how we process your data
Right to data portability — receive your data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at hello@fluxlabs.ink. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with Spain's data protection authority: Agencia Española de Protección de Datos (AEPD) — aepd.es

9. Cookies

Our website and apps may use cookies and similar tracking technologies for:

Essential functionality (session management, security)
Analytics (understanding how our services are used)
Affiliate tracking (Awin network cookies when interacting with partner offers)

You can control cookies through your browser settings. Disabling non-essential cookies will not affect core app functionality.

10. Children's Privacy

Some FluxLabs apps are intended for adults only (including Hangover Helper, which is strictly for users aged 18 and over). We do not knowingly collect personal data from children under 14 years of age (the age of digital consent in Spain under LOPDGDD).

If you believe a child has provided us with personal data, please contact us immediately at hello@fluxlabs.ink and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption of data in transit (TLS/HTTPS) and at rest
Secure password hashing
Access controls limiting who can access personal data
Regular security reviews

In the event of a data breach that poses a risk to your rights, we will notify the AEPD within 72 hours and inform affected users as required by GDPR Article 33-34.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page and, where appropriate, by email. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: hello@fluxlabs.ink
Website: fluxlabs.ink
Jurisdiction: Spain (EU)