Privacy

Privacy Policy

Last updated: July 2, 2026

This Privacy Policy summarizes the personal data WorldFlux Inc collects and how it is used to provide the WorldFlux CLI, cloud sync API, dashboard, and public evidence surfaces.

Data collected

  • Account data: email, Supabase user ID, verification state.
  • Workspace data: workspace, project, run, and artifact metadata.
  • Billing data: Stripe customer, subscription, and invoice identifiers.
  • Security data: audit events, redacted IP hash, and user agent.
  • Optional analytics: PostHog page-view events only when the user opts in. WorldFlux sends the redacted route name and a hashed SHA-256 user identifier; it does not send run content, API keys, email, or the original Cloud user identifier. The analytics provider may receive normal network metadata such as IP address, user-agent, and referrer from the request.

User rights

  • WorldFlux supports data export, deletion scheduling, deletion cancellation, rectification, processing objection, and processing restriction through the account profile controls and the /api/me account endpoints.

Sub-processors

  • WorldFlux uses infrastructure, billing, email, error-monitoring, and opt-in analytics providers as needed to operate the service. The current sub-processor list is maintained in the WorldFlux legal documentation.

Retention

  • Export links expire after 7 days.
  • Pending account deletion can be cancelled for 30 days.
  • Stripe invoice data is kept for tax and audit obligations.
  • Backups roll off on their configured retention window.

Contact

For privacy questions, contact WorldFlux at support@worldflux.ai.