Legal
Privacy Policy
Last updated: June 2026 · Applies to all Flux Forward services
We keep this simple. We collect the minimum needed to run the service. We do not sell your data. We do not use your data for advertising purposes. You can ask us to delete everything at any time.
1
Who we are
The Futures Hub B.V. (trading as Flux Forward) is the data controller for all Flux Forward services.
KVK: 98261223 · BTW: (on request)
Registered in the Netherlands
Contact: [email protected]
This policy covers all services under the Flux Forward brand, including:
fluxforward.world — main website
app.fluxforward.world — Flux Forward App, Activation Scan, Dashboard, and private packet pages
blog.fluxforward.world — Flux Forward Insights, hosted on Substack
2
What we collect and why
Account data
Required for login
Email address and encrypted password (or Google account token) when you create an account. Used to identify your session and link your scan results to your account.
Scan results
Required for service
Your Activation Scan answers, activation dimension scores, and saved result. Stored in your account so you can access your dashboard. Never shared individually with third parties.
When you choose to edit and save your Profile, we store the following fields in your account: display name, location (city or region, as you enter it), country, and LinkedIn profile URL. These are optional fields. Nothing is saved unless you actively press Save Profile basics. They are used only to display your profile within the Flux Forward app and are not shared with third parties for marketing purposes.
Private packet responses
Requested response
If someone shares a private Flux Forward packet link with you, the page may collect your response, and optionally your name and email address. This is used only to return your answer to the person who asked through FluxOS. Some packet links are password protected; others can be opened by anyone who has the private link. Packet pages are marked noindex and are not intended for public search.
Firebase (Google)
Required for service
We use Firebase Auth and Firestore (Google Cloud) to handle login and store your data. Google processes your data as a data processor under a Data Processing Agreement. Data is stored in the EU (Belgium, europe-west1).
Firebase privacy ?
Google Analytics
Consent required
Google Analytics 4 (GA4) is used on the Flux Forward main website (fluxforward.world) only. It is not loaded in the Flux Forward app (app.fluxforward.world). On the main website, GA loads only after you accept in the cookie banner. IP anonymisation is enabled. Legal basis: consent (Art. 6(1)(a) GDPR). If analytics is added to the app in the future, this policy will be updated before that change goes live.
Flux Forward event registration
Event registration
When you register for a Flux Forward event through our own registration flow, we collect the information needed to manage your attendance, such as your name, email address, profile identifier, selected event, role/context, registration status, and source/UTM metadata. This is stored in FluxOS and may also be connected to your Flux Forward profile. Newsletter updates remain separate and are only sent if you clearly opt in. The event registration page stores a local cache of your registration records in your browser, keyed to your account, to display your registration status quickly and reduce repeat network calls. You can clear this at any time through your browser settings. When you register or cancel a registration, a transactional confirmation email may be sent to your registered email address. This is not a marketing email.
LinkedIn Events
Event registration
When you register for a Flux Forward event through a LinkedIn Events registration form, LinkedIn may share the information you submit with us, such as your name, email address, job title, company name, and country or region. We use this information to manage event attendance, send practical event-related updates, and follow up where relevant after the event. We only send promotional or marketing communications if you have given consent through the registration form or another clear opt-in. We do not sell attendee data. We do not use it for advertising profiling. We may store registration data securely for up to 12 months after the event, unless we need to keep it longer because of an ongoing relationship, legal requirement, or your explicit consent. You can ask us to access, correct, or delete your event registration data at any time by emailing
[email protected].
Newsletter, CRM, and Brevo
Consent required
If you subscribe to Flux Forward Updates, we collect your name, email address, selected persona or context, consent status, source page, and basic signup metadata. This is stored in FluxOS CRM and synced to Brevo for email delivery. We use this only to send Flux Forward updates and manage your preferences. You can unsubscribe or update preferences anytime through the link in every email or by contacting
[email protected].
Newsletter status check
Optional check
After a private packet response, you may enter your email so Flux Forward can check whether that address is already subscribed before showing a newsletter form. The check is used only inside a valid private packet flow, and the public page does not expose CRM notes, source history, or detailed contact records.
Substack (blog)
Separate service
The Flux Forward blog is hosted on Substack at blog.fluxforward.world. Substack is an independent platform with its own privacy policy. Reading the blog is separate from subscribing to Flux Forward Updates through our website.
Substack privacy ?
Local storage (app.fluxforward.world)
Required for service
The Flux Forward app uses two local storage entries in your browser. One stores a record that you acknowledged this privacy notice. It contains only a version number, a status value, and the timestamp of your acknowledgment. It does not contain account data. The other stores your in-progress Activation Scan answers and your current question position on this browser for up to 14 days. This lets you continue where you left off if you close and reopen the browser before saving. It does not store your final saved scan result. Your final scan result is saved to your account only when you are signed in and press Save scan. Both entries can be cleared at any time through your browser settings. Neither entry contains personal account data or financial information.
Session storage
Required for service
The Flux Forward app (app.fluxforward.world) does not use session storage. The event registration page (app.fluxforward.world/events/register/) may store a temporary copy of your most recent registration record in session storage for the duration of that browser session. This is cleared when you close the browser tab and is used only to reduce repeat network calls on that page.
Fluxy -- local reflection helper
Required for service
Flux Forward includes a local reflection tool called Fluxy. Fluxy helps you think through your next step by offering reflection prompts based on your scan context. Fluxy does not transmit anything you type to any server. It does not store chat history, does not use cookies, does not load external scripts, and does not connect to your account. All Fluxy content exists only in your browser session and is cleared when you close the panel or reload the page. Fluxy is a reflection support tool, not a professional advisor.
3
Legal basis for processing
Contract (Art. 6(1)(b) GDPR) — account data and scan results are processed to deliver the service you signed up for.
Consent (Art. 6(1)(a) GDPR) — Google Analytics and newsletter subscriptions are only activated after you explicitly accept or opt in. You can withdraw consent at any time through the cookie banner, newsletter preference or unsubscribe links, or by emailing us.
Legitimate interest (Art. 6(1)(f) GDPR) — basic server logs and security monitoring needed to keep the service running.
4
How long we keep your data
Account and scan data — kept as long as your account is active. We delete inactive accounts (no login for 24 months) unless you ask us to keep your data.
Private packet responses — kept in FluxOS while the related relationship, collaboration, or project context remains useful, unless you ask us to delete or correct your response.
Newsletter data — kept until you unsubscribe or ask us to delete it. If you unsubscribe, we may keep a minimal suppression record so we do not accidentally resubscribe you.
Analytics data — Google Analytics data is retained for 14 months (the minimum configurable in GA4).
Local storage — stays in your browser until you clear it or delete your account.
You can request deletion of all your data at any time — see section 5.
5
Your rights under GDPR
As a person in the EU/EEA, you have the following rights. Email us at [email protected] to exercise any of them. We will respond within 30 days.
Access — receive a copy of all personal data we hold about you.
Rectification — correct inaccurate data.
Erasure — request deletion of your account and all associated data ("right to be forgotten").
Portability — receive your scan results in a machine-readable format (JSON).
Restriction — ask us to pause processing while a dispute is resolved.
Withdraw consent — turn off Google Analytics through the privacy settings, or unsubscribe from the newsletter through the link in any email.
6
International data transfers
Your account data, scan results, FluxOS CRM data, and private packet responses are stored using the infrastructure providers we use to operate Flux Forward. Where possible, we use EU-based storage or providers with data processing terms.
Google Analytics and Brevo may involve processing outside the Netherlands or the EU. We rely on appropriate safeguards such as data processing agreements, Standard Contractual Clauses, and available adequacy mechanisms where applicable.
7
Changes to this policy
We will update this page when our practices change. The "Last updated" date at the top reflects the current version. For significant changes, we will notify logged-in users by email.
For the rules governing use of the service, see our Terms of Service.
