Privacy Policy

1. Introduction

Floxa ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Name and email address (for account creation)
• Contact details (phone, address) if you provide them
• Company/organization information
• Payment information (processed securely via Stripe)
• Usage data and analytics

2.2 Automatically Collected Information

• IP address and device information
• Browser type and version
• Session data and cookies
• Pages visited and features used

3. How We Use Your Information

We use your information for:

• Providing and maintaining our services
• Processing transactions and managing billing
• Sending service-related communications
• Improving our platform and user experience
• Preventing fraud and ensuring security
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

• Consent: When you agree to our terms
• Contract: To provide services you've requested
• Legal Obligation: To comply with laws (e.g., tax, accounting)
• Legitimate Interest: To improve our services and prevent fraud

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Stripe (payments), hosting providers
• Legal Requirements: When required by law or legal process
• Business Transfers: In case of merger, acquisition, or sale

We do NOT sell your personal data to third parties.

6. Your Data Rights (GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we use your data
• Object: Opt-out of certain data processing
• Withdraw Consent: At any time, where consent is the legal basis

To exercise these rights, contact us at: privacy@floxa.app

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, typically:

• Active accounts: For the duration of your subscription
• Deleted accounts: Up to 90 days (for recovery), then permanently deleted
• Financial records: 7 years (legal requirement)

8. Data Security

We implement industry-standard security measures:

• Encryption in transit (HTTPS/TLS)
• Password hashing using bcrypt
• Secure session management
• Regular security audits
• Multi-tenant data isolation

9. Cookies

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering your preferences

You can disable cookies in your browser, but this may affect functionality.

10. International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers.

11. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected such data, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform.

13. Contact Us

For privacy-related questions or to exercise your rights:

• Email: privacy@floxa.app
• Data Protection Officer: dpo@floxa.app

You also have the right to lodge a complaint with your local data protection authority.