Privacy Policy | Upflux.io

Last Updated: 17/03/2025

UpFlux.io (“UpFlux”, “we”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect from users, how we use and store that data, and your rights regarding your personal information. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and relevant Consumer Privacy Acts (CPA) such as the California Consumer Privacy Act (CCPA), to ensure that your personal data is handled lawfully and transparently.
By using the UpFlux.io Service or providing us with your personal information, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Data Collection: What We Collect and Why

Limited Personal Data: UpFlux.io does not collect personal data beyond what is necessary for the operation and functionality of our Service. We adhere to the principle of data minimization, meaning we only gather the data that we truly need to provide and improve our services to you.
The types of data we may collect include:

* Account Information: When you register for an UpFlux.io account, we collect basic information such as your name, email address, company name, and contact details. This information is required to create and maintain your account, authenticate you as a user, and communicate with you about account-related matters (e.g., sending service notifications or invoices).
* Usage Data: We may collect limited usage data related to your interactions with the Service. This can include log information (such as IP address, browser type, operating system, and timestamps of access), and activity logs (for example, the number of prospects processed, features used, and performance metrics). We collect this data to monitor system performance, ensure reliability and security, and to understand how users engage with our Service so we can improve it. This information is generally collected in aggregate form and does not directly identify you, but some usage data (like IP address) might be considered personal data under certain laws.
* Prospecting Data (User-Provided): As part of using UpFlux.io, you may input or upload prospecting information (e.g., lists of potential leads or contacts which could include names, email addresses, phone numbers, job titles, etc.). We do not source this personal data ourselves; it is provided or requested by you in the context of the Service’s functionality. UpFlux will process such data on your behalf to perform the services (for example, to help generate lead contacts or send outreach messages). We treat any personal data about third-party prospects that you handle through our Service in accordance with this Privacy Policy and as required by law, but you are responsible for ensuring that your collection and use of such data complies with applicable laws (for instance, having a lawful basis to contact those individuals). If you have any questions about prospect data on our platform, please contact us.
* Payment Information: If you subscribe to a paid plan, our third-party payment processor (e.g., credit card processor) will collect your payment details. UpFlux itself does not store full credit card numbers or financial account information on our systems; that information is handled securely by the payment processor. We may retain records of your transactions (date, amount, product purchased) for billing and accounting purposes.
* Cookies and Similar Technologies: UpFlux.io uses a minimal number of cookies or similar tracking technologies, strictly limited to necessary purposes such as maintaining your session (e.g., keeping you logged in) and providing core site functionality. We do not use invasive tracking or collect cookies for advertising or profiling. For example, when you log in, a session cookie is set to remember your authentication; this cookie contains no sensitive personal details and expires after a set time or when you log out. We may also use analytics tools in a privacy-friendly manner (e.g., anonymized or self-hosted analytics) to gather usage statistics without identifying individual users. You can configure your browser to reject cookies, but certain essential features of the Service may not function properly without them.

UpFlux does not seek to collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.) and our Service is not intended to process such data. We ask that you not provide any sensitive personal information to us. If you believe that sensitive data has been inadvertently provided or collected, please contact us so we can delete it.

2. Use of Personal Data

We only use your personal data for purposes that are compatible with providing and improving the Service, or as otherwise described at the point of collection. Specifically, UpFlux.io may use the collected information for the following purposes:

* Providing the Service: We use the personal data you provide (like your account and prospecting information) to operate the UpFlux.io platform and deliver the features and services you have requested. For example, we use your account credentials to log you in and maintain your account, and we process prospect contact data you input in order to generate leads or automate outreach per your instructions.
* Service Communications: We will use your email or other contact info to send essential communications about the Service. These include administrative emails (for example, confirmations of account creation, billing receipts, alerts about subscription status, security notifications, or important updates about our platform). These communications are part of the Service and are necessary for us to fulfill our obligations. On occasion, we may also send customer service communications to respond to your inquiries, support requests, or to provide guidance on using the platform.
* Improvement and Development: We may use usage data and feedback to understand how our Service is performing and where improvements are needed. For instance, analyzing which features are most or least used helps us prioritize new development. This data is typically aggregated or pseudonymized, and is used to troubleshoot issues, perform data analysis, testing, research, and to monitor usage trends. If we use any machine learning or AI components, we might analyze user interactions to improve the AI models, but this would be done without exposing personal identifiers.
* Security and Fraud Prevention: Information such as IP addresses, usage patterns, and account identifiers may be used to protect the security of the Service, our users, and others. We monitor for suspicious or fraudulent activity and may use personal data to verify accounts and combat abuse. For example, unusual login locations or excessive usage might trigger an alert or verification step to ensure the account has not been compromised.
* Legal Compliance: We may process personal data as necessary to comply with our legal obligations. For example, keeping certain transaction records for tax and accounting purposes, responding to lawful requests by public authorities, or using data to meet GDPR, CCPA, or other privacy law requirements (such as honoring opt-out or deletion requests). If required, we might also use or disclose information to enforce our Terms of Use or to protect our rights or the rights and safety of other users or third parties (for instance, disclosing information to authorities if a user is abusing the service in an unlawful manner).
* Optional Marketing (if applicable): UpFlux.io’s default practice is not to collect more data than needed or to bombard you with marketing. We do not add you to a marketing mailing list without your explicit consent. If at some point you agree to receive marketing updates or newsletters from us (for example, by opting in to such communications), we would use your contact information to send you news about new features, promotions, or relevant content about UpFlux.io. You will always have the option to unsubscribe from marketing communications, and we will honor such requests promptly. (Again, routine service or account-related communications will continue as they are necessary for the Service.)

We do not use personal data for any purposes incompatible with the above. We do not sell your personal data to third parties (see Section 4 below on data sharing). If we ever need to use your personal information for a new purpose not originally collected for, we will seek your consent or provide notice as required by law.

3. Data Storage and Security

Data Processing and Storage Locations: The personal data we collect is processed by UpFlux and trusted third-party service providers. Your data may be stored on secure servers located in the country where our company is based (for example, within [South Korea] or in the region necessary to serve our customers) or in other jurisdictions as needed for operational purposes (such as cloud server providers in the United States or European Union). When storing or transferring data, we take steps to ensure appropriate safeguards are in place in compliance with GDPR and other regulations (for instance, using data centers with strong security certifications, and implementing EU Standard Contractual Clauses for any transfer of EU personal data to non-EU jurisdictions).
Security Measures: We employ industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

* Encryption: All data transmissions between your browser and our Service are secured via HTTPS/TLS encryption. Sensitive data (such as passwords) is stored hashed or encrypted.
* Access Controls: Internally, access to personal data is restricted to authorized personnel who need the information to perform their duties (for example, customer support or engineers diagnosing an issue). Our staff are bound by confidentiality obligations. We use role-based access and authentication controls to prevent unauthorized internal access.
* Firewalls and Monitoring: Our servers are protected by firewalls and monitored for potential vulnerabilities or intrusions. We regularly update our systems and apply security patches to address emerging threats. Intrusion detection systems and logging mechanisms are in place to alert us to unusual activities.
* Backups: We perform regular backups of critical data to prevent data loss, and those backups are secured. In the event of a data incident, we have procedures to restore availability in a timely manner.
* Third-Party Security: When we use third-party processors (such as cloud hosting or payment processors), we select reputable providers who implement robust security. We have agreements in place with these providers to ensure they also protect personal data in line with our policies and applicable law.

Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law.

4. Disclosure of Data to Third Parties

UpFlux.io respects your privacy and does not sell or rent your personal data to third parties for their own marketing or commercial purposes. We only share your information in limited situations, such as the following:

* Service Providers: We may share necessary information with third-party service providers and partners who assist us in operating the Service and supporting our business. Examples include cloud hosting providers (for data storage and servers), payment processors (for billing transactions), email service providers (for sending communications), and analytics or error tracking services (to help us fix bugs and understand Service usage). These third parties are only given access to the information needed to perform their specific services on our behalf, and they are contractually obligated to protect your data and use it only for the purposes we specify. Where appropriate, we sign Data Processing Agreements (DPAs) with these providers to ensure GDPR and other compliance.
* Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (for example, in response to a subpoena, court order, or government demand). We may also disclose data if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend the rights or property of UpFlux, prevent or investigate possible wrongdoing in connection with the Service, or protect the personal safety of users or the public.
* Business Transfers: If UpFlux is involved in a merger, acquisition, sale of assets, or reorganization, your personal data may be transferred as part of that transaction. We will ensure the confidentiality of any personal data involved in such transactions and provide notice before your personal data is subject to a different privacy policy. If the new entity will handle your data in a materially different manner, we will give you an opportunity to opt out or delete your data before the transfer occurs if required by law.
* Affiliates: We may share your information with our corporate affiliates (for instance, a parent company, subsidiaries, joint ventures, or other companies under common control) for purposes consistent with this Privacy Policy, such as internal administration, customer support, or to facilitate services you request. Any such affiliate will be required to honor this Privacy Policy.
* With Your Consent: In situations where you explicitly consent to or request data sharing (for example, if you integrate UpFlux.io with another service and ask us to share data with that service), we will share your information as instructed by you. You have the right to revoke such consent at any time.

Importantly, UpFlux does not “sell” personal information as defined under the California Consumer Privacy Act (CCPA) and similar laws. We do not exchange your data for money or other valuable consideration for the independent use by another party. All third parties who process user data do so only for the above-mentioned purposes and on our behalf. If in the future we anticipate any change to these practices, we will update this Policy and provide any required opt-out or opt-in mechanisms.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, and to comply with applicable legal requirements. The exact duration we keep data depends on the type of information and the context in which it was collected:

* Account Data: We retain your account registration information and profile data for as long as your account is active. If you delete your account or it becomes inactive, we will initiate deletion of personal data associated with your account within a reasonable period (for example, we may deactivate the account immediately and then fully delete data from backups and archives within [30-90 days], unless otherwise required by law). In some cases, if required for legal obligations (such as financial record-keeping) or legitimate business interests (like resolving disputes or enforcing agreements), we may retain certain data for a longer period as necessary (but we will restrict use of it to those purposes only).
* Prospecting Data: Any prospect or lead information you have provided or generated through the Service is retained as part of your account data. If you remove specific prospect data or delete your account, that data will be deleted or anonymized from our active systems. However, residual copies may remain temporarily in system backups until those backups cycle out. We do not retain prospecting data longer than needed to provide the service to you or as required for backup integrity.
* Usage Logs: Basic usage logs and analytics data may be retained for internal analysis and security monitoring. Typically, raw logs (e.g., IP addresses logging into the service) are kept for a short period (a few months) unless they are needed longer for security investigations. Aggregated analytics without personal identifiers may be retained longer to help us improve the service over time.
* Communication Records: If you contacted us for support or we sent you communications, we may keep records of those communications (including emails) as long as necessary to address your request and for our internal customer service reference. Support tickets or emails may be retained for a period (e.g., 2 years) in case you need further assistance related to the same issue.
* Legal Retention: We may need to retain certain information for longer periods if required by law – for instance, records of financial transactions are generally kept for a minimum period as required by tax law or accounting standards (e.g., 7 years). Also, if relevant to a legal dispute or regulatory inquiry, we would retain data through the duration of that dispute/inquiry.

Once the retention period expires, and we have no further legitimate need or legal obligation to keep your data, we will securely delete or anonymize it. When we anonymize data, we remove personally identifiable information so that the data can no longer be associated with any individual.

6. Your Rights and Choices

UpFlux.io respects your rights to your personal data. Depending on your jurisdiction (for example, if you are located in the European Union, United Kingdom, California, or other regions with data protection laws), you may have some or all of the following rights regarding the personal data we hold about you:

* Right to Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. We will provide you with a summary of the data we have about you, and details on why and how we use it, upon verification of your identity (as required by law).
* Right to Rectification: If any of your personal information held by UpFlux is inaccurate or incomplete, you have the right to request that we correct or update it. You can also correct most basic account information yourself by logging into your account settings.
* Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data. If you ask us to delete your account or specific personal information, we will take reasonable steps to honor your request (provided we do not have a legal obligation or overriding legitimate interest to retain it). Please note that deleting your data may affect your ability to use the Service (for example, deleting all your data would typically require closing your account). Once your data is deleted, we generally cannot recover it.
* Right to Restrict Processing: In certain circumstances (for example, if you contest the accuracy of your data or object to our processing), you have the right to request that we restrict processing of your data until your concern is resolved. This means we would store your data but not use it further except for certain reasons (like with your consent or for legal claims).
* Right to Data Portability: For data you provided to us directly and that we process by automated means on the legal basis of consent or contract, you have the right to request a common electronic format of that data (for example, a CSV file of your account data) so you can transfer it to another provider if you wish. We will assist with such requests to the extent required by law.
* Right to Object: You have the right to object to certain types of processing. For example, if we process your data based on legitimate interests, you can object to that processing and we will consider your request. You also have the absolute right to object to your personal data being used for direct marketing purposes – if we were sending marketing communications, you could opt out at any time.
* Right to Opt-Out of Sale/Sharing of Data: If you are a resident of California (under CCPA/CPRA) or another jurisdiction with similar rights, you have the right to direct us not to sell or share your personal information with third parties for valuable consideration. As noted, UpFlux does not sell personal data, and we treat any such requests accordingly. If in the future our practices change, we will implement a “Do Not Sell My Personal Information” mechanism and honor such opt-out requests.
* Right to Non-Discrimination: UpFlux will not discriminate against you for exercising any of your privacy rights. This means we will not deny you our services, provide a different level of service, or charge different prices or fees, because you exercised your rights under GDPR, CCPA, or other applicable laws. However, please be aware that requesting deletion of certain data or restricting processing may prevent us from providing some services you request (for example, if you withdraw consent for us to use your email, we cannot send you account alerts). In such cases, we will inform you of the implications of your request so you can make an informed decision.
* Right to Withdraw Consent: If we rely on your consent to process any personal data, you have the right to withdraw that consent at any time. For example, if you consented to receive marketing emails, you can opt out later. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing that is not based on consent (e.g., processing based on contract or legal obligations).
* Right to Lodge a Complaint: If you believe that we have infringed your privacy rights or violated data protection laws, you have the right to lodge a complaint with a supervisory authority. For EU users, this would be your local Data Protection Authority (DPA) or the lead DPA in the country of our EU establishment (if applicable). For example, if our EU representative is in Ireland, you might contact the Irish Data Protection Commission. In other jurisdictions, you might contact a similar regulatory body. We encourage you to contact us first, so we have an opportunity to address your concerns directly.

How to Exercise Your Rights: You may exercise any of your applicable rights by contacting us at privacy@upflux.io (or contact@upflux.io). Please specify the nature of your request and the data it relates to. We may need to verify your identity before acting on certain requests (to ensure we do not disclose data to the wrong person or wrongfully delete data). Verification might include confirming control of your email account or asking for additional information to confirm your identity. We will respond to your request within the timeframe required by law (under GDPR, typically within one month; under CCPA, within 45 days, etc.). If we need more time to process your request or cannot fulfill it, we will let you know the reason (for instance, if an exemption applies or we require an extension). Exercising your rights is generally free of charge, but note that repetitive or unfounded requests may result in a reasonable fee or refusal as allowed by law.

7. International Data Transfers

UpFlux.io is accessible to users around the world. If you are located outside of the country where our servers or offices are, your personal data may be transferred across international borders. Specifically, if you are an EU/EEA resident or subject to GDPR, please be aware that your data may be transferred to and processed in countries outside the EEA, including South Korea or the United States, which may have different data protection standards than those in your home country.
Whenever we transfer personal data out of the EU/EEA or other regions with data transfer restrictions, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

* Adequacy Decisions: We may transfer data to countries that the European Commission or other relevant authorities have determined provide an adequate level of data protection (meaning their laws are deemed essentially equivalent to EU standards).
* Standard Contractual Clauses: In absence of an adequacy decision, we use approved Standard Contractual Clauses (SCCs) in our contracts with the recipient of the data. These clauses are standardized terms adopted by regulators to ensure that the receiving party will protect the personal data to EU standards.
* Other Safeguards: In some cases, we may rely on your explicit consent for cross-border transfer (for example, if you initiate a connection to a server in a particular country), or other legal mechanisms as permitted by GDPR and similar laws.

We continually monitor developments in data transfer regulations and will adjust our practices accordingly. If you have questions about international data transfers or want to obtain a copy of the relevant transfer safeguards (such as SCCs), you can contact us using the information below.

8. Children’s Privacy

Our Service is not directed to individuals under the age of 16 (or the relevant age of consent for data processing in your jurisdiction), and we do not knowingly collect personal information from children. If you are under 16, you should not use UpFlux.io or provide any information about yourself. If we become aware that we have inadvertently collected personal data from a child under 16 without proper consent, we will take steps to delete that information as soon as possible. Parents or guardians who believe that UpFlux might have collected personal data from a child under the age of consent can contact us immediately, and we will promptly investigate and address the issue.

9. Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will post the updated Privacy Policy on our website with a new “Last Updated” date. If the changes are significant, we may also provide a more prominent notice (such as a banner on the site or an email notification).
Please review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of UpFlux.io after any modifications to this Policy will constitute your acknowledgment of the changes and your agreement to be bound by the updated Policy. If you do not agree with any updates, you should stop using the Service and may request that we delete your personal data.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

* Email: contact@upflux.io
* Postal Mail: UpFlux Privacy Team, Gangnam-daero 479, Gangnam-gu, Seoul, South Korea

We will gladly assist you with any issues or inquiries. Your privacy is important to us, and we are committed to resolving any concerns you may have. Thank you for trusting UpFlux.io with your prospecting needs and personal data.