Legal
Privacy Policy
Last updated: May 2026 · Applies to all Flux Forward services
We keep this simple. We collect the minimum needed to run the service. We do not sell your data. We do not use your data for advertising purposes. You can ask us to delete everything at any time.
1
Who we are
The Futures Hub B.V. (trading as Flux Forward) is the data controller for all Flux Forward services.
KVK: 98261223 · BTW: (on request)
Registered in the Netherlands
Contact: [email protected]
This policy covers all services under the Flux Forward brand, including:
fluxforward.world — main website
app.fluxforward.world — Flux Forward App, Activation Scan, Dashboard, and private packet pages
blog.fluxforward.world — Flux Forward Insights, hosted on Substack
2
What we collect and why
Account data
Required for login
Email address and encrypted password (or Google account token) when you create an account. Used to identify your session and link your scan results to your account.
Scan results
Required for service
Your Activation Scan answers, activation dimension scores, and saved action plan. Stored in your account so you can access your dashboard. Never shared individually with third parties.
Private packet responses
Requested response
If someone shares a private Flux Forward packet link with you, the page may collect your response, and optionally your name and email address. This is used only to return your answer to the person who asked through FluxOS. Some packet links are password protected; others can be opened by anyone who has the private link. Packet pages are marked noindex and are not intended for public search.
Firebase (Google)
Required for service
We use Firebase Auth and Firestore (Google Cloud) to handle login and store your data. Google processes your data as a data processor under a Data Processing Agreement. Data is stored in the EU (Belgium, europe-west1).
Firebase privacy ?
Google Analytics
Consent required
We use Google Analytics 4 (GA4) to understand how people use the app — which pages are visited, where people drop off. IP anonymisation is enabled. GA only loads after you accept in the cookie banner. Legal basis: consent (Art. 6(1)(a) GDPR).
Flux Forward event registration
Event registration
When you register for a Flux Forward event through our own registration flow, we collect the information needed to manage your attendance, such as your name, email address, profile identifier, selected event, role/context, registration status, and source/UTM metadata. This is stored in FluxOS and may also be connected to your Flux Forward profile. Newsletter updates remain separate and are only sent if you clearly opt in.
LinkedIn Events
Event registration
When you register for a Flux Forward event through a LinkedIn Events registration form, LinkedIn may share the information you submit with us, such as your name, email address, job title, company name, and country or region. We use this information to manage event attendance, send practical event-related updates, and follow up where relevant after the event. We only send promotional or marketing communications if you have given consent through the registration form or another clear opt-in. We do not sell attendee data. We do not use it for advertising profiling. We may store registration data securely for up to 12 months after the event, unless we need to keep it longer because of an ongoing relationship, legal requirement, or your explicit consent. You can ask us to access, correct, or delete your event registration data at any time by emailing
[email protected].
Newsletter, CRM, and Brevo
Consent required
If you subscribe to Flux Forward Updates, we collect your name, email address, selected persona or context, consent status, source page, and basic signup metadata. This is stored in FluxOS CRM and synced to Brevo for email delivery. We use this only to send Flux Forward updates and manage your preferences. You can unsubscribe or update preferences anytime through the link in every email or by contacting
[email protected].
Newsletter status check
Optional check
After a private packet response, you may enter your email so Flux Forward can check whether that address is already subscribed before showing a newsletter form. The check is used only inside a valid private packet flow, and the public page does not expose CRM notes, source history, or detailed contact records.
Substack (blog)
Separate service
The Flux Forward blog is hosted on Substack at blog.fluxforward.world. Substack is an independent platform with its own privacy policy. Reading the blog is separate from subscribing to Flux Forward Updates through our website.
Substack privacy ?
Local storage
Required for service
We use two types of browser storage — neither are cookies. Session storage (fluxforward.world): stores your scan activation context (layer, track) only for the duration of your current browser tab. It is cleared automatically when you close the tab and is never transmitted or shared. Local storage (app.fluxforward.world): stores your scan result, layer scores, active action plan, and cookie preference between sessions, so you do not need to repeat the scan on your next visit. This data stays in your browser and is not sent to any server except when you explicitly save a result to your account. You can clear either type at any time via your browser settings.
3
Legal basis for processing
Contract (Art. 6(1)(b) GDPR) — account data and scan results are processed to deliver the service you signed up for.
Consent (Art. 6(1)(a) GDPR) — Google Analytics and newsletter subscriptions are only activated after you explicitly accept or opt in. You can withdraw consent at any time through the cookie banner, newsletter preference or unsubscribe links, or by emailing us.
Legitimate interest (Art. 6(1)(f) GDPR) — basic server logs and security monitoring needed to keep the service running.
4
How long we keep your data
Account and scan data — kept as long as your account is active. We delete inactive accounts (no login for 24 months) unless you ask us to keep your data.
Private packet responses — kept in FluxOS while the related relationship, collaboration, or project context remains useful, unless you ask us to delete or correct your response.
Newsletter data — kept until you unsubscribe or ask us to delete it. If you unsubscribe, we may keep a minimal suppression record so we do not accidentally resubscribe you.
Analytics data — Google Analytics data is retained for 14 months (the minimum configurable in GA4).
Local storage — stays in your browser until you clear it or delete your account.
You can request deletion of all your data at any time — see section 5.
5
Your rights under GDPR
As a person in the EU/EEA, you have the following rights. Email us at [email protected] to exercise any of them. We will respond within 30 days.
Access — receive a copy of all personal data we hold about you.
Rectification — correct inaccurate data.
Erasure — request deletion of your account and all associated data ("right to be forgotten").
Portability — receive your scan results in a machine-readable format (JSON).
Restriction — ask us to pause processing while a dispute is resolved.
Withdraw consent — turn off Google Analytics through the privacy settings, or unsubscribe from the newsletter through the link in any email.
6
International data transfers
Your account data, scan results, FluxOS CRM data, and private packet responses are stored using the infrastructure providers we use to operate Flux Forward. Where possible, we use EU-based storage or providers with data processing terms.
Google Analytics and Brevo may involve processing outside the Netherlands or the EU. We rely on appropriate safeguards such as data processing agreements, Standard Contractual Clauses, and available adequacy mechanisms where applicable.
7
Changes to this policy
We will update this page when our practices change. The "Last updated" date at the top reflects the current version. For significant changes, we will notify logged-in users by email.
For the rules governing use of the service, see our Terms of Service.
