Last updated: July 11, 2026
This Privacy Policy explains what data Fluxtab ("we", "us") collects, why, and how it's handled when you use our dashboard and related services (the "Service"). We built Fluxtab to handle sensitive credentials responsibly, and this policy is meant to say plainly what that means in practice.
1. What we collect
Account information
- Email address and authentication details (via Supabase Auth, including Google OAuth if you choose that sign-in method)
- Billing name and contact details if you subscribe to a paid plan
Provider API keys
- When you connect OpenAI, Anthropic, or another supported provider, we store the API key you provide, encrypted at rest using Supabase Vault.
- We strongly recommend, and where possible enforce, that keys are scoped to read-only usage/billing access. We never request or need a key with permission to make inference calls or read prompt/completion content.
Usage and cost data
- Spend, token counts, and model-level usage figures retrieved from your connected providers' billing/usage APIs. This is cost and volume metadata only — we do not receive, store, or have access to the content of your prompts or completions, because the scoped keys we request can't read that data in the first place.
Alert configuration
- Spend thresholds you set and the Slack webhook URL you provide for alerts.
Payment information
- Payment processing is handled entirely by Razorpay. We receive subscription status and billing metadata (plan, renewal date, payment status) from Razorpay, but we do not receive or store your full card or bank details — those stay with Razorpay.
Technical and usage data
- Standard technical data such as IP address, browser type, and pages visited, collected for security, debugging, and basic product analytics.
2. How we use this data
- To provide the Service: syncing usage data, rendering your dashboard, and sending alerts
- To process payments and manage subscriptions
- To communicate with you about your account, service changes, or support requests
- To maintain security, detect abuse, and debug issues
- To improve the Service based on aggregate, de-identified usage patterns
We do not sell your data, and we do not use your API keys or usage data to train any AI model.
3. How we protect it
- API keys are encrypted at rest using Supabase Vault and are only decrypted server-side, in memory, at the moment a sync job runs. Keys are never sent to your browser or exposed in client-side code.
- Every database table uses Row Level Security, so your data is only ever queryable by your own authenticated account — not by other users, and not by us through the normal application interface.
- We validate the scope of any key you submit and reject keys with broader permissions than needed for usage/billing reads, where the provider's API supports that validation.
- Access to production infrastructure is limited to what's needed to operate the Service.
No system is perfectly secure, and we can't guarantee absolute security, but the architecture above is designed so that a breach of our systems would expose, at most, encrypted key material and cost/usage numbers — never your prompts, completions, or the ability to spend on your provider account.
4. Who we share data with
We share data only with the service providers needed to run Fluxtab, and only the minimum needed for their function:
| Who | What they see | Why |
|---|---|---|
| Supabase | Encrypted keys, usage records, account data | Database, auth, and encryption infrastructure |
| Vercel | Application traffic, logs | Hosting and scheduled jobs |
| Razorpay | Billing name, payment status | Subscription payment processing |
| OpenAI / Anthropic | Nothing from us — we call their APIs using your key | Source of usage/cost data |
| Slack | Alert message text and your threshold (only if you set up a webhook) | Delivering your spend alerts |
We do not share your data with advertisers, and we do not sell personal data to third parties.
We may disclose data if required by law, subpoena, or to protect the rights, property, or safety of Fluxtab, our users, or others.
5. Data retention
We retain your account and usage data for as long as your account is active. If you delete your account, we delete your stored API keys, usage history, and personal account data within 30 days, except where we're required to retain limited records (such as payment records) for legal or tax purposes.
6. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can:
- Delete a connected API key or your entire account at any time from Settings
- Export your usage history from the dashboard
- Contact us at support@fluxtab.dev for any request not covered by self-service tools, including full account deletion requests
If you're in the EU/UK, you have rights under GDPR; if you're in India, you have rights under the Digital Personal Data Protection Act, 2023. We aim to honor equivalent rights for all users regardless of location.
7. International data transfers
Fluxtab is operated from India, and our infrastructure providers (Supabase, Vercel) may process data in other countries. By using the Service, you consent to your data being processed in these locations, which may have different data protection laws than your own country. We take reasonable steps to ensure your data is handled consistently with this policy wherever it's processed.
8. Cookies
We use essential cookies for authentication and session management, and limited analytics cookies to understand product usage. We don't use third-party advertising cookies.
9. Children's privacy
Fluxtab isn't intended for anyone under 18. We don't knowingly collect data from children.
10. Changes to this policy
We'll notify you of material changes to this policy by email or in-app notice before they take effect.
11. Contact
Questions or requests about your data: support@fluxtab.dev
Fluxtab, A-1 , Outer Circle Road, Kadma, Jamshedpur, Jharkhand, India