Last updated: March 2026
Fluxx Labs, Inc. (“Fluxx,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information processed through the Fluxx grant management platform (the “Platform”).
This Supplemental Privacy Policy describes how Fluxx may collect, use, store, and disclose personal information obtained in connection with:
Fluxx operates the Platform on behalf of grantmaking organizations (“Grantmakers”) that use the Fluxx platform to administer grant programs.
If a user submits information to a Grantmaker through the Platform, the Grantmaker’s privacy policy governs how that Grantmaker processes that information as a data controller. Users should review the Grantmaker’s privacy policy to understand how their information is used by the Grantmaker.
Fluxx provides this Supplemental Privacy Policy to promote transparency about how the Platform operates. Grantmakers using the Platform remain responsible for publishing their own privacy policies describing how they collect, use, and manage applicant information.
By accessing or using the Services, you acknowledge the practices described in this Supplemental Privacy Policy. This Supplemental Privacy Policy does not apply to: (a) information processed by a Grantmaker outside the Platform; (b) Fluxx job applicants, employees, or contractors; or (c) information that is not personal information (for example, de-identified or aggregated data). If you have a contract with Fluxx (for example, a subscription agreement), that contract may include additional privacy and security terms that apply as between Fluxx and the Grantmaker.
Because the Platform is a software platform used by grantmaking organizations, Fluxx’s role varies depending on the context in which personal information is processed.
When users submit personal information to a Grantmaker through the Platform, Fluxx processes that information on behalf of the Grantmaker.
In this context:
Fluxx processes this information solely in accordance with contractual obligations to the Grantmaker.
If you have questions about information submitted to a specific grant program, you should contact the relevant Grantmaker directly.
Fluxx acts as a data controller for certain categories of information, including:
“Personal information” means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.
Fluxx may collect the following categories of personal information.
Fluxx may collect personal information from the following sources:
When users create accounts or interact with the Services, we may collect:
Applicants using the Platform may submit information such as:
When users access the Services, Fluxx may automatically collect certain technical information including:
This information is used to support system functionality, security, and performance.
Depending on how a Grantmaker configures its grant application and what applicants choose to submit, the Platform may process information that could be considered “sensitive” under certain laws (for example, government identifiers, financial account information, precise geolocation, health information, or information about race/ethnicity, religious or philosophical beliefs, union membership, sexual orientation, or immigration status). In most cases, this type of information is submitted by applicants in the processor context and is governed by the Grantmaker’s privacy policy and instructions to Fluxx.
Fluxx uses personal information to:
Fluxx does not sell personal information and does not use customer or applicant data submitted through the Platform for advertising purposes or to train generalized artificial intelligence models. Fluxx may create and use anonymized or aggregated data (for example, to understand platform usage trends, improve reliability, and develop new features). We will maintain and use anonymized data in de-identified form and will not attempt to re-identify it except as permitted by applicable law.
To help protect user accounts and maintain the security of the Services, Fluxx may use Short Message Service (“SMS”) communications to support multi-factor authentication (“MFA”).
MFA is disabled by default. A Grantmaker administrator may choose to enable MFA within their Fluxx environment based on the Grantmaker’s security policies and preferences. When MFA is enabled, users may provide a mobile phone number to receive one-time authentication codes during login or other security-sensitive actions.
SMS messages are used solely for account authentication and security purposes. Fluxx does not use SMS for marketing or promotional messaging.
Information associated with SMS authentication may include:
Fluxx uses trusted third-party service providers to transmit SMS authentication messages on its behalf. Message and data rates may apply depending on a user’s mobile carrier plan
The Services use cookies and similar technologies to support functionality and improve user experience. Cookies are small text files stored on a user’s device that help the system recognize a browser session.
Fluxx may use cookies to:
Most browsers automatically accept cookies, but users can modify browser settings to decline cookies. Disabling cookies may limit certain features of the Services.Some browsers may transmit “Do Not Track” (DNT) signals or similar privacy preference signals. Because there is no consistent industry standard for recognizing or responding to these signals, the Services do not currently respond to DNT or similar browser-based privacy signals.
Fluxx provides an optional Gmail add-in that allows authorized users to send selected email messages from their Gmail inbox to the Fluxx Platform.
The Gmail add-in does not access or collect a user’s entire inbox. The add-in only processes the specific email messages and attachments that a user intentionally selects and submits to the Fluxx Platform.
When a user chooses to send an email to the Platform, the following information may be transmitted securely to the Fluxx Platform through the Fluxx API:
The Gmail add-in does not perform automated scanning, monitoring, or analysis of a user's mailbox. It functions solely as a user-initiated tool for transmitting selected messages to the Platform.
Once transmitted, the email content is stored within the Fluxx Platform and becomes part of the Grantmaker’s records. The retention, management, and deletion of this information are governed by the Grantmaker’s data retention policies and configuration settings within the Platform.
Fluxx does not independently retain or store email data outside the Platform beyond what is required to process the user-initiated request.
Fluxx retains personal information only as long as necessary to:
Retention periods may vary depending on the type of information and the purpose for which it was collected. When personal information is processed on behalf of a Grantmaker, the retention of that information is determined by the Grantmaker’s policies and configuration settings within the Platform. When personal information is no longer required, Fluxx securely deletes or anonymizes the information in accordance with applicable laws and internal retention practices. Fluxx may retain certain information as necessary to: (a) maintain security logs; (b) prevent fraud and abuse; (c) comply with backup and disaster recovery practices; and (d) meet legal hold requirements.
Fluxx uses industry-standard security measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.
Security measures include:
Despite these safeguards, no method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. If we become aware of a security incident involving personal information processed by Fluxx, we will act in accordance with applicable law and our contractual obligations (including, where applicable, notifying the relevant Grantmaker and cooperating with its response).
Fluxx may disclose personal information in the following circumstances:
Fluxx requires service providers to process personal information only for authorized purposes and subject to appropriate confidentiality and security obligations. A Grantmaker’s authorized administrators may be able to access, manage, export, delete, or share information within the Platform based on the Grantmaker’s settings and permissions. If you are an applicant or end user, please contact the applicable Grantmaker if you have questions about administrator controls.
The Services are hosted in the United States.
Personal information may be transferred to and processed in the United States or other jurisdictions where Fluxx or its service providers operate.
Where required by applicable law, Fluxx implements appropriate safeguards for cross-border transfers.
This section applies only to California residents and supplements this Privacy Policy. Fluxx does not sell or share personal information as those terms are defined under the California Consumer Privacy Act, as amended by the CPRA, and does not use personal information processed through the Platform for cross-context behavioral advertising.
Fluxx may collect categories of personal information including:
California residents may have the right to:
Requests may be submitted to:
Subject line: California Privacy Request
Fluxx will verify identity before responding to requests. Where permitted by law, you may designate an authorized agent to submit requests on your behalf. We may require proof of the agent’s authority and may also require you to verify your identity directly. California residents may also have the right to: (a) receive information about disclosures of personal information; (b) opt out of certain processing if we engage in “sharing” in the future; (c) limit the use and disclosure of sensitive personal information (if applicable); and (d) not receive discriminatory treatment for exercising privacy rights. If we deny a request, you may have the right to appeal by contacting us at privacy@fluxxlabs.com with the subject line “California Privacy Appeal.”
Fluxx does not sell personal information as defined under Nevada law.
Nevada residents who wish to submit requests regarding potential future sale of personal information may contact:
privacy@fluxxlabs.com
For individuals located in the European Economic Area, United Kingdom, or Switzerland:
Fluxx acts as a data controller for the processing activities described in Section 1 (controller context).
Legal bases for processing may include:
Users may have rights including:
Requests may be submitted to:
privacy@fluxxlabs.com
Users may also lodge complaints with their local supervisory authority. If Fluxx processes your information as a processor on behalf of a Grantmaker, the Grantmaker (as controller) is primarily responsible for responding to your request, and we may refer you to the Grantmaker. Fluxx does not engage in automated decision-making (including profiling) that produces legal or similarly significant effects for individuals in connection with the controller-context processing described in this Supplemental Privacy Policy.
The Services may contain links to third-party websites or services (including those operated by Grantmakers). This Supplemental Privacy Policy does not apply to third-party practices. We encourage you to review the privacy policies of those third parties.
If you have questions about this Privacy Policy or wish to exercise privacy rights, contact:
privacy@fluxxlabs.com
Fluxx Labs, Inc.
Attention: Data Privacy
2261 Market Street, #4060
San Francisco, CA 94114
United States
Fluxx may update this Privacy Policy from time to time.
Updates will be posted with a revised “Last Updated” date.
Continued use of the Services following updates constitutes acknowledgment of the revised Privacy Policy.
2261 Market Street, #4060
San Francisco, CA 94114
