F Fluxure

Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

We collect and process the following types of information when you use Fluxure:

  • Account information: Your name, email address, and profile avatar obtained from your Google account during authentication
  • Calendar data: Event titles, times, durations, attendees, locations, and recurrence rules from your connected Google Calendars
  • Scheduling data: Habits, tasks, meetings, focus time rules, buffer configurations, and priority settings you create within Fluxure
  • Activity data: Scheduling history, habit completions, schedule changes, and analytics derived from your usage
  • Technical data: IP address, browser user agent, and device information collected during authentication and API requests

2. How We Use Your Information

Your information is used exclusively for the following purposes:

  • Scheduling: Analyzing your calendar availability to find optimal times for habits, tasks, and focus time using our scoring-based scheduling engine
  • Calendar synchronization: Reading events from and writing scheduled items to your Google Calendar in real time
  • Account management: Authentication, session management, and maintaining your preferences
  • Service improvement: Understanding usage patterns to improve scheduling accuracy and the overall user experience

We do not use your data for advertising, profiling, or any purpose unrelated to providing the scheduling service.

3. Google Calendar Data

Fluxure accesses your Google Calendar through Google's OAuth 2.0 authorization. The specific scopes requested are:

  • Calendar read access: To retrieve your existing events and identify scheduling constraints (busy times, meetings, all-day events)
  • Calendar write access: To create, update, and delete events that Fluxure manages on your behalf (habits, tasks, focus blocks)

Fluxure uses incremental sync tokens to efficiently track changes to your calendar without repeatedly reading all events. Your Google OAuth refresh token is encrypted with AES-256-GCM before storage and is never stored in plain text.

You can revoke Fluxure's access at any time through your Google Account permissions or the Fluxure settings page.

4. Data Storage & Security

We implement the following security measures to protect your data:

  • Encryption at rest: Database stored with encryption, Google OAuth refresh tokens encrypted with AES-256-GCM
  • Encryption in transit: All data transmitted over HTTPS (TLS)
  • Authentication security: httpOnly, Secure, SameSite session cookies; rate-limited authentication endpoints (10 requests per 15 minutes)
  • API protection: CORS restrictions, Content Security Policy headers, global rate limiting (100 requests per minute)
  • Input validation: All API inputs validated with schema-based validation before processing

5. Data Sharing

We do not sell, rent, or trade your personal data to any third parties. Your data is not shared for advertising or marketing purposes.

The only third-party service that receives your data is:

  • Google Calendar API: To read and write calendar events as authorized by you. Google's own Privacy Policy applies to data processed by Google.

We may disclose your data if required by law, court order, or governmental regulation.

6. Your Rights (GDPR)

Under the General Data Protection Regulation and applicable data protection laws, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Export: Download your data in a machine-readable JSON format via the data export feature in Settings
  • Rectification: Update or correct your account information at any time
  • Erasure: Delete your account and all associated data permanently
  • Portability: Receive your data in a structured, commonly used format
  • Withdraw consent: Disconnect Google Calendar access or delete your account at any time
  • Object: Object to specific data processing activities by contacting us

To exercise any of these rights, use the relevant features in your account settings or contact us at privacy@fluxure.app.

7. Self-Hosted Users

If you are running a self-hosted instance of Fluxure, your data remains entirely on your own infrastructure. We have no access to, and no responsibility for, data stored in self-hosted deployments.

Self-hosted users are responsible for their own data security, backups, and compliance with applicable data protection regulations. The security measures described in this policy apply only to the hosted version of Fluxure.

8. Cookies

Fluxure uses only strictly necessary cookies for authentication and session management:

  • Session cookie: An httpOnly, Secure cookie that maintains your authenticated session
  • CSRF token: A security token to prevent cross-site request forgery attacks

We do not use analytics cookies, tracking cookies, advertising cookies, or any third-party cookies. Our cookies are exempt from GDPR cookie consent requirements as they are strictly necessary for the Service to function.

9. Data Retention

Your data is retained according to the following policies:

  • Account data: Retained for as long as your account is active
  • Session data: Automatically expires after 7 days of inactivity
  • Calendar sync data: Cached calendar events are refreshed on each sync cycle and deleted when you disconnect a calendar
  • Account deletion: When you delete your account, all associated data is permanently removed via cascading deletion. This action is irreversible.

10. Children's Privacy

Fluxure is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you via email or through an in-app notification at least 30 days before the changes take effect.

Your continued use of Fluxure after the updated policy takes effect constitutes your acceptance of the changes. We encourage you to review this policy periodically.

12. Contact

For privacy-related inquiries, data access requests, or to exercise your data protection rights, please contact us at:

privacy@fluxure.app

Back to home | Terms of Service

Your calendar, intelligently managed.

Product

Legal

Terms Privacy

Connect

GitHub Twitter

© 2026 Fluxure. All rights reserved.