Flurbix flurbix
About Platform Pricing
Request a demo
Home / Privacy

Privacy Policy

Last updated: July 06, 2026
• Calculating...
TABLE OF CONTENTS
1. Introduction 2. Information We Collect 3. How Information Is Used 4. Google User Data 5. Data Sharing & Processors 6. Retention & Deletion 7. Security & Isolation 8. Customer Data Ownership 9. International Transfers 10. Your Rights (GDPR/CCPA) 11. Children's Privacy 12. Policy Updates 13. Contact & DPO

🔒 SECURITY & TRUST GUARANTEE

All stored secrets and tokens are encrypted at rest using AES-256 and transmitted securely using TLS 1.3. We isolate workspaces logically and never sell customer outreach information or use Google user data to train AI models. You retain full control and ownership of your outreach content at all times.

1. Introduction

Welcome to Flurbix ("Company", "we", "our", "us"). We operate Flurbix, a specialized B2B Sales Outreach Automation platform accessible via https://flurbix.com and our web application at https://app.flurbix.com.

We respect your privacy and are committed to protecting the personal data of our users ("Users", "you", "your") and their workspace prospects. This Privacy Policy details how we collect, process, secure, store, and dispose of information when you interact with our website, use our SaaS platform, or connect third-party integrations such as Google OAuth.

By registering for a Flurbix account, accessing our website, or authorizing connected accounts, you acknowledge that you have read and understood the terms of this Privacy Policy.

2. Information We Collect

We only collect information necessary to provide, manage, and secure our outreach services. The data we collect is categorized as follows:

A. Account Information

To register and maintain an active account, we collect: your full name, email address, password (securely hashed), corporate workspace domain, billing details, and credit card payment tokens processed securely by third-party processors (e.g., Stripe). We do not store raw card numbers on our infrastructure.

B. Google OAuth Information & Tokens

If you choose to authenticate and authorize email outreach using a Google workspace account, we collect: your authenticated sender email address, basic profile details, and encrypted OAuth 2.0 access and refresh tokens. These tokens are stored securely to allow Flurbix to send campaign emails on your behalf.

C. Campaign & Lead Data

We store the prospect databases you upload (names, corporate email addresses, titles, custom fields), your configured outreach email sequences, campaign templates, delivery schedules, and performance settings. This content is structural Customer Data owned entirely by you.

D. Usage Data & Analytics

When using the website or platform, we automatically collect basic technical logs, including: browser type and version, device OS, IP address, general geographic location (country/city level), timestamps, landing page hits, feature interactions, and performance error logs.

E. Cookies & Local Storage

We use standard functional and security cookies to persist session states, remember login preferences, and protect against cross-site request forgery (CSRF). We do not use persistent advertising cookies, retargeting trackers, or third-party behavioral advertising mechanisms.

F. Communications

We log support tickets, chats, email inquiries, feedback, and customer interactions to troubleshoot dashboard issues and improve overall customer success.

3. How Information Is Used

We use collected data strictly under lawful processing grounds (performance of a contract, legitimate interests, or consent) for the following purposes:

  • Operating, maintaining, and providing our B2B outreach tools.
  • Processing subscription billing, upgrades, and renewals.
  • Sending emails, campaign follow-ups, and sequences configured explicitly by you.
  • Tracking campaign performance metrics (email opens, link clicks) and displaying dashboard analytics.
  • Providing responsive support and troubleshooting application errors.
  • Preventing system abuse, fraud, spam, and verifying workspace security.
  • Complying with applicable legal, regulatory, or administrative requirements.

AI Usage Limitation: We do not utilize your prospect databases, lead metrics, or campaign structures to train generalized, non-tenant-specific machine learning models or AI algorithms.

4. Google User Data

This section governs data accessed and processed through the Google OAuth integration.

Flurbix connects to Google APIs solely to enable authenticated users to send automated outreach campaigns from their connected Google accounts. We request the minimum possible permission level, specifically requesting only the https://www.googleapis.com/auth/gmail.send scope.

📢 GOOGLE OAUTH COMPLIANCE STATEMENT

Flurbix's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In strict accordance with Google API Services Limited Use requirements, we enforce the following restrictions on all Google user data:

  • No Inbox Scraping: Flurbix is not an email client. We never read, scrape, monitor, download, or analyze your Gmail inbox messages, drafts, email history, or inbox attachments.
  • No Marketing or Advertising: Google user data, including OAuth tokens and email profiles, is never sold, leased, rented, or shared with third-party networks for marketing, behavioral tracking, profiling, or target advertising.
  • No AI Model Training: Google user data and campaign metrics are strictly excluded from any machine learning, natural language processing, or generalized AI training models.
  • Strict Data Minimization: Stored OAuth tokens are utilized only to execute email sending calls directly triggered and scheduled by you within your dashboard.

You can disconnect the Google integration at any time from your account settings. Doing so deletes all active tokens on our database. You can also revoke access permanently in your Google Account Security Settings.

5. Data Sharing & Processors

We do not sell, rent, or trade your personal data. We only share information in the following limited circumstances with GDPR-compliant sub-processors bound by strict Data Processing Addendums (DPAs):

  • Cloud Infrastructure Providers: Strictly secure virtual server hostings (e.g., AWS, Google Cloud Platform) maintaining ISO 27001 and SOC 2 certifications.
  • Payment Gateway: Stripe, for encrypted payment handling and compliance.
  • Log Management & Performance Analytics: Tools to catch backend software exceptions, monitoring system status, and tracking API loads.
  • Legal Compliance: When required by a valid law enforcement subpoena, court order, or judicial mandate, to the minimum extent necessary.

6. Retention & Deletion

We retain data only as long as an active account exists or as required by law (e.g. tax records, security tracking).

  • Account Cancellation: When you delete your account, your data (leads, sequences, and configurations) is permanently deleted or anonymized from active database nodes within 30 days.
  • OAuth Token Revocation: Disconnecting a Google account integration immediately deletes the associated access and refresh tokens from our active database.
  • Backups: System backups are rotated and kept for up to 90 days. Backups are encrypted and isolated from active database query lines.

7. Security & Isolation

We employ enterprise-grade security protocols to protect all stored and transient files:

  • Encryption at Rest: All database volumes, client configurations, and OAuth access/refresh tokens are encrypted using AES-256.
  • Encryption in Transit: Communications between our dashboard, your browser, and Google API integrations are secured via Transport Layer Security (TLS 1.3).
  • Logical Workspace Isolation: Database tables are strictly structured to prevent cross-workspace leaks. Multi-tenant access controls verify that workspace records are isolated per organization.
  • Employee Access Controls: Internal operations follow the principle of least privilege. No Flurbix developer or administrator is permitted to view customer campaign content or OAuth details unless explicitly authorized by the customer for troubleshooting or security audits. All such access is logged, audited, and reviewed.
  • Infrastructure Hardening: Firewalls, intrusion detection, API rate-limiting, secure backups, vulnerability scans, and access logging protect against unauthorized vectors.

8. Customer Data Ownership

All prospects uploaded, messages drafted, and schedules configured belong exclusively to the customer workspace. Flurbix maintains no proprietary claim over your outreach details. We only process this data under your direct configuration commands to run active campaign flows.

9. International Transfers

Our primary servers are hosted within the United States. If you access our platform from outside the United States, your data will be transferred across national lines. We utilize standard contractual clauses (SCCs) and adequacy agreements recognized by European and other global regulatory authorities to govern secure international transfers.

10. Your Rights (GDPR & CCPA)

Depending on your jurisdiction (such as the European Union under GDPR, or California under CCPA/CPRA), you have specific data subject rights which we honor globally:

Right (GDPR & CCPA) Description
Right of Access / Know Request detailed logs of all personal data we process about you.
Right of Erasure / Deletion Request permanent deletion of all stored data (subject to compliance rules).
Right of Rectification Correct or update inaccurate account information.
Right to Portability Export workspace parameters in a machine-readable format.
Opt-Out of Sale or Share We do not sell your personal data. You have the right to request restriction if practices alter.

To exercise your rights, email us at info@flurbix.com. We will verify your credentials and respond within 30 days.

11. Children's Privacy

Flurbix is designed for business-to-business professional services and does not intentionally compile details from children under 18. If we learn we have stored personal information from anyone under 18, we will purge it from our systems immediately.

12. Policy Updates

We may modify this Privacy Policy to reflect security improvements, API updates, or shifting regulatory norms. In the event of a material change, we will post alerts in-app or email your account contact 30 days before changes take effect.

13. Contact & DPO

For questions or requests regarding data privacy, security protocols, or Google OAuth integration safety, contact our Data Protection Officer:

Data Protection Officer: info@flurbix.com
Address: 30 N Gould St Ste R, Sheridan, Wyoming 82801, USA
Support Phone: +1 (917) 967 1694

Frequently Asked Questions (FAQ)

No. Flurbix never reads, scans, downloads, or analyzes your inbox messages or email history. Flurbix only requests the 'gmail.send' scope, which is the minimum permission required to send emails that you explicitly configure and schedule.
All OAuth tokens are encrypted at rest using AES-256 encryption, transmitted securely via TLS 1.3, and isolated between customer accounts. They are deleted immediately upon account termination or integration disconnection.
No. Flurbix does not use customer campaign content or Google user data to train, fine-tune, or improve any machine learning or generalized AI models.
Flurbix
AI-powered sales outreach that helps businesses discover prospects, automate follow-ups, and close more deals
30 N Gould St Ste R
Sheridan, Wyoming 82801, USA
info@flurbix.com
+1 (917) 967 1694
Privacy Policy Terms & Conditions Security Contact Support
© 2026 Flurbix. All rights reserved.