Privacy Policy

1. Data Controller

FluxOffer B.V. operates a CPA affiliate network platform used by professional Affiliates and Advertisers in the performance marketing industry. This Privacy Policy explains how we collect, use, store, and protect personal data when you register as a network partner, use our tracking and reporting tools, or interact with fluxoffer.com.

FluxOffer B.V. is the data controller for personal data processed through the FluxOffer platform and website. We are registered in the Netherlands and comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Dutch Implementation Act (UAVG).

2. Data We Collect

We collect the following categories of personal data depending on how you interact with our Platform:

2.1 Account Registration Data

• Full legal name and/or company name
• Email address (used as login identifier)
• Telegram username or other contact handles
• Country of residence or business registration
• Payment method details (e.g. wallet address, bank account — stored encrypted)
• Tax identification number (where required by law)

2.2 Platform Usage Data

• Login timestamps, IP addresses, and device fingerprint data
• Dashboard usage patterns, page views, and feature interactions
• Campaign configuration, offer selections, and tracking parameter settings
• API access logs and request metadata

2.3 Tracking & Performance Data

• Click-level data: click ID, timestamp, IP address, user agent, GEO, device type, OS
• Conversion data: transaction ID, payout, conversion timestamp, sub-IDs passed by affiliates
• Aggregated campaign statistics: clicks, conversions, revenue, EPC, CVR

2.4 Communication Data

• Email correspondence with FluxOffer team members
• Telegram messages with account managers (subject to Telegram's own privacy policy)
• Support tickets and dispute records

2.5 End-User Data (Advertisers & Affiliates)

FluxOffer processes click-level data on behalf of Advertisers and Affiliates relating to end users who interact with tracked offers. This data is processed as a data processor under GDPR Article 28. Affiliates and Advertisers are responsible as data controllers for their own compliance with applicable laws governing end-user data collection and consent.

2.6 KYC & Compliance Data

To meet anti-money laundering (AML) and payment regulations, we may collect identity verification documents, proof of address, company registration certificates, and tax forms (e.g. W-8BEN, VAT number) before processing payouts above regulatory thresholds.

3. How We Use Your Data

• Account management: To create, maintain, and secure your FluxOffer account
• Service delivery: To provide tracking, reporting, offer management, and payment processing
• Fraud prevention: To detect, investigate, and prevent fraudulent activity on the Platform
• Payment processing: To calculate commissions, process payouts, and maintain financial records
• Customer support: To respond to queries, resolve disputes, and provide technical assistance
• Legal compliance: To meet our obligations under applicable laws including tax, anti-money laundering, and data protection regulations
• Platform improvement: To analyse usage patterns and improve the functionality of our tools (using anonymised, aggregated data)
• Communications: To send service notifications, payment confirmations, and updates material to your account
• Marketing (opt-in only): To send newsletters, offer updates, and performance insights — only where you have explicitly consented

4. Legal Basis for Processing

Under GDPR Article 6, FluxOffer relies on the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to fulfil our obligations under the Affiliate/Advertiser Agreement — account management, payment processing, tracking
• Legal obligation (Art. 6(1)(c)): Processing required to comply with EU and Dutch law — financial records, tax reporting, AML compliance
• Legitimate interests (Art. 6(1)(f)): Fraud prevention, platform security, abuse detection, and business analytics where our interests are balanced against your privacy rights
• Consent (Art. 6(1)(a)): Marketing communications and cookies where we have obtained your explicit opt-in consent — which you may withdraw at any time

5. Sharing & Third Parties

FluxOffer does not sell your personal data. We share data only in the following limited circumstances:

• Advertisers: Affiliate click and conversion data (excluding personal identifiers) is shared with Advertisers for campaign reporting and validation purposes
• Payment processors: Payment method details are shared with our banking and cryptocurrency payment service providers to process payouts
• Technology providers: We use cloud hosting, analytics, and security providers who process data under strict data processing agreements and GDPR-compliant safeguards
• Fraud intelligence networks: In confirmed fraud cases, we may report identifiers (IP, wallet addresses, device fingerprints) to industry fraud prevention databases
• Legal authorities: Where required by a valid court order, law enforcement request, or applicable legal obligation

All third-party data processors are bound by Data Processing Agreements (DPAs) that require GDPR-compliant data handling and prohibit secondary use of your data.

6. Tracking & Cookies

Our website (fluxoffer.com) uses the following categories of cookies and tracking technologies:

• Essential cookies: Required for platform login, session management, and security. Cannot be disabled.
• Analytics cookies: Used to understand how visitors use our website (page views, traffic sources). We use anonymised, aggregated data only. You may opt out.
• Preference cookies: Store your language and display preferences across sessions.
• Marketing cookies: Used only with your explicit consent for retargeting and campaign measurement.

You can manage cookie preferences via our Cookie Consent banner or by adjusting your browser settings. Note that disabling essential cookies will prevent login and Platform functionality.

Affiliate tracking links use first-party server-side cookies and URL parameters to attribute conversions. These do not set persistent cookies on end-users' browsers.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

• Account data: For the duration of your active account, plus 3 years after termination for legal and audit purposes
• Financial records & payment data: 7 years as required by Dutch tax law (Belastingwetgeving)
• Click & conversion tracking data: 24 months from the date of collection
• Support & communication records: 3 years from last interaction
• Fraud investigation records: Up to 5 years where there has been a confirmed fraud incident
• Marketing consent records: Until you withdraw consent or 3 years from last engagement

Upon expiry of retention periods, data is securely deleted or irreversibly anonymised.

8. Security

FluxOffer implements appropriate technical and organisational security measures in line with GDPR Article 32, including:

• TLS 1.3 encryption for all data in transit between your browser, our API, and tracking infrastructure
• AES-256 encryption for sensitive data at rest (payment credentials, API keys)
• Multi-factor authentication (MFA) available and recommended for all accounts
• Role-based access controls limiting internal staff access to personal data on a need-to-know basis
• Regular penetration testing and security audits by independent third parties
• Automated anomaly detection and intrusion monitoring on all platform infrastructure

In the event of a personal data breach, we will notify affected users and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of discovery, as required by GDPR Article 33.

9. International Transfers

FluxOffer processes data primarily within the European Economic Area (EEA). Where data is transferred to third-party service providers outside the EEA (e.g. cloud infrastructure providers), we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs) as approved by the European Commission
• Adequacy decisions covering recipient countries where applicable
• Binding Corporate Rules (BCR) for transfers within corporate groups of our processors

10. Your Rights

Under GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting support@fluxoffer.com. We will respond within 30 days.

If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the Dutch Data Protection Authority:

11. Children's Data

The FluxOffer Platform is intended exclusively for adults aged 18 and over operating in a professional or commercial capacity. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@fluxoffer.com and we will delete it promptly.

12. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or Platform functionality. When we make material changes, we will notify registered users by email at least 14 days before the changes take effect and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact & DPO

For any privacy-related questions, data subject requests, or concerns about how FluxOffer handles your personal data, please contact: