Privacy Policy
Last Updated: September 24, 2025
Flux LLC ("Flux," "we," "us," or "our") is a research and user testing platform that enables customers to recruit participants and test interactive prototypes, measure performance across design variants, run usability tests, and generate data-rich reports (the "Service").
This Privacy Policy explains how we collect, use, share, and protect personal data when you use our Service. It applies to:
- Customers: Product teams and organizations using Flux to run research studies.
- Participants: Individuals participating in tests hosted on Flux.
- Visitors: Individuals visiting our website or interacting with our marketing content.
By using Flux, you agree to this Privacy Policy.
0. Roles & Scope
- Controller (Customer Data): For Customer account, billing, and service administration data, Flux acts as an independent data controller.
- Processor (Participant Data): For Participant Data collected through studies run by a Customer, Flux acts as a data processor and processes such data only on the Customer’s documented instructions.
1. Data We Collect
We collect personal data in three main contexts: Customers, Participants, and Visitors.
a) Customer Data
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Information | Name, email, organization, Figma account ID | Account creation, authentication via Figma | Performance of contract |
| Prototype Access | Figma prototype access (as authorized by Customer) | For experiment set-up and enabling prototype testing | Performance of contract |
| Team Information | Seat assignments, team roles | Provide multi-user collaboration features | Performance of contract |
| Billing & Payment Info | Contact info, transaction history (via Stripe) | Process payments, issue invoices | Contract; Legal obligation |
| Usage Data | Logs, feature usage, analytics | Improve and secure the Service | Legitimate interest |
| Support Communications | Emails, chat messages, support requests made by customers | Respond to support inquiries | Performance of contract |
| Experiment Configuration | Test variants, randomization rules, success metrics | Enable testing functionality | Performance of contract |
| Design File Access | Figma file permissions, design assets, prototype data | Process and serve Figma prototypes for testing | Performance of contract |
We do not store:
- Credit card numbers or other sensitive payment details (handled by Stripe).
- Figma credentials. We only store short-lived tokens on Customer devices and transfer them securely via HTTPS to Flux's servers when communication with Figma is needed for setting up experiments.
b) Participant Data
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Interaction Data | Clicks, paths, task success/failure, time on screens, audio recordings and transcripts (if enabled) | Generate reports, visualize user flows | Performance of contract |
| Screener & Survey Data | Eligibility questions, ratings, survey responses | Determine eligibility; gather feedback and perception data | Performance of contract |
| Recruitment Identifiers | IP address, Prolific IDs, customer-provided IDs | Deduplication, tracking, security, and abuse prevention | Performance of contract |
Flux processes Participant Data only on behalf of the Customer.
c) Visitor Data
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Technical Data | IP address, cookies, device info | Website security, performance analytics | Legitimate interest |
| Contact Information | Email, form submissions | Respond to inquiries | Consent or Legitimate interest |
| Marketing Data | Newsletter sign-ups, campaign clicks | Send marketing communications | Consent |
2. How We Use Data
We use personal data to:
- Provide and maintain the Service.
- Authenticate users and manage access to prototypes.
- Process payments and issue invoices.
- Deliver support and technical notices.
- Improve security, performance, and user experience.
- Send marketing communications if consented.
- Randomize participants across test variants and measure performance.
- Generate statistical analysis and insights for test results.
- Suggest survey questions or insights via AI tools (no customer data is used to train external AI models without explicit consent).
Automated decision-making: Flux does not make decisions that produce legal or similarly significant effects on individuals based solely on automated processing. AI-driven features generate insights and visualizations to assist Customers; Customers decide how to use those insights.
3. Sharing and Disclosure
We share personal data only with trusted service providers for the purposes described above, such as:
- Payment processors (e.g., Stripe) for billing.
- Infrastructure and operations providers (e.g., cloud hosting, analytics, error tracking).
- Recruitment partners (e.g., participant marketplaces) when you use those channels.
All third parties are bound by confidentiality and data protection obligations appropriate to their role.
We never sell or share personal data for advertising purposes.
4. Retention & Deletion
- Customer Data: Retained for the account’s life and typically up to 90 days thereafter for billing and legal compliance, unless a longer period is required by law.
- Participant Data: Retained per Customer instructions or until deleted by the Customer.
- Visitor Data: Retained only as long as necessary for analytics and security.
You may request deletion at any time by contacting us at team@testwithflux.com. Some data may persist for a limited period in backups consistent with our retention schedule.
5. Security Measures
We implement industry-standard technical and organizational measures, including:
- TLS encryption for data in transit.
- Encrypted storage for data at rest.
- Access controls, least-privilege principles, and logging.
- Breach notification procedures in accordance with applicable laws (we will notify regulators within 72 hours where required and affected Customers without undue delay).
6. Your Rights
Depending on your location, you may have the right to:
- Access, correct, or delete your personal data.
- Request data portability.
- Object to processing or withdraw consent.
- Opt out of marketing communications.
- File a complaint with a data protection authority.
For California residents, additional rights under CCPA/CPRA include:
- The right to know what personal information we collect.
- The right to request deletion or correction.
- The right to opt out of data sharing for advertising (we do not sell or share data).
To exercise your rights, email team@testwithflux.com. We may take steps to verify your identity consistent with applicable law.
7. Children's Privacy
Flux is not intended for children under 16 (or under 13 in the U.S.). We do not knowingly collect data from minors.
8. Cookies & Tracking Technologies
We use cookies and similar technologies (such as local storage) to enable site functionality, maintain sessions, and perform analytics. You can manage cookies through your browser settings and, where required by law, via our cookie banner preferences. Disabling certain cookies may impact site functionality.
9. International Data Transfers
We may process personal data in the United States and other countries. Where personal data originating in the EU, UK, or Switzerland is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and any applicable UK or Swiss addenda. By using the Service, you acknowledge such transfers, processing, and storage.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or through the Service.
11. Contact Us
For privacy inquiries:
Flux LLC
Email: team@testwithflux.com
Address: 2045 W Grand Ave Ste B PMB 887468
Chicago, Illinois 60612-1577, United States