Privacy Policy

1. Scope

This Privacy Policy explains how Fluit.io ("Fluit", "we", "us") collects, uses, stores, and shares information when you use our website, waitlist, and product.

By using Fluit, you agree to this policy. If you do not agree, please do not use the Service.

2. Information We Collect

• Account information: name, email address, and authentication details (including Google OAuth profile data when used).
• Workspace information: workspace name, invited collaborators, role assignments, and project metadata.
• Content and files: videos, images, documents, comments, timestamps, and review annotations uploaded to Fluit.
• Billing data: subscription plan, invoice metadata, and payment status from Stripe (full payment card details are processed by Stripe, not stored by Fluit).
• Usage and technical data: IP address, device/browser details, activity logs, error logs, and performance telemetry.

3. How We Use Information

• Provide core product functionality including storage, review, collaboration, contracts, invoicing, and project management.
• Authenticate users, enforce permissions, and secure accounts/workspaces.
• Process subscriptions, billing events, and account lifecycle operations.
• Communicate product notices, transactional emails, support responses, and important policy updates.
• Monitor abuse, prevent fraud, troubleshoot incidents, and improve reliability and product quality.

4. Data Sharing

We do not sell personal data or customer content. We share data only when necessary to provide the Service, comply with law, or protect users and Fluit.

• Infrastructure and storage providers (such as Cloudflare R2 and hosting infrastructure).
• Video processing/delivery providers (such as Mux) for core playback/processing workflows.
• Payments provider (Stripe) for billing and subscription operations.
• Email/communications tooling for transactional messaging.
• Law enforcement or regulatory authorities when legally required.

5. Cookies and Similar Technologies

We use essential cookies and similar technologies to keep you signed in, preserve security state, and maintain core functionality. We may also use analytics technologies to understand product usage and improve user experience.

6. Data Retention

• Account and workspace data is retained while your account remains active.
• Deleted customer content is removed from active systems within 30 days, subject to backup and legal hold constraints.
• Canceled account data is deleted or anonymized within 90 days, unless retention is required for legal, security, or accounting reasons.

7. Security Measures

No service can guarantee absolute security, but we continuously work to protect data and reduce risk.

• Encryption in transit via HTTPS/TLS.
• Encryption at rest for stored data and media.
• Role-based access controls and permission checks.
• Continuous monitoring, logging, and incident response controls.

8. Your Rights and Choices

To submit a privacy request, email privacy@fluit.io.

• Access and update your account information.
• Request export of your data where available.
• Request deletion of account and associated data, subject to legal retention obligations.
• Opt out of marketing messages; transactional/security messages may still be sent.

9. International Transfers

Fluit may process information in multiple jurisdictions depending on infrastructure and service-provider locations. Where applicable, we use contractual and technical safeguards to protect transferred data.

10. Children's Privacy

Fluit is not intended for children under 13. We do not knowingly collect personal data from children under 13.

11. Policy Changes

We may update this Privacy Policy from time to time. Material updates will be communicated through product notifications, website updates, or email where appropriate.

12. Contact

Email: privacy@fluit.io

Data Protection Officer: dpo@fluit.io

Website: https://fluit.io

Governing jurisdiction references in this policy and related legal documents remain tied to Delaware, United States.