Last updated: August 5, 2025
Fluxx Labs Inc. (together with its subsidiaries and affiliates, “Fluxx”, “we,” “our,” or “us”) provides a hosted grant management software platform (the “Platform”) as part of its core mission to connect grantmakers and foundations with grantseekers. This Privacy Policy (“Privacy Policy”) is intended to help you better understand how we process your personal information, and governs how Fluxx may collect, use, store and disclose personal information that we obtain in connection with the operation of our business, including our website, www.fluxx.io, and any other websites and platforms we own and operate that link to this Privacy Policy (collectively, the “Site”), and our related online and offline services (e.g., whitepapers and demos), events (e.g., webinars), social media pages, and email and other electronic communications (collectively, and together with the Site, the “Services”).
If you submit information directly on a grantmaker or foundation website that is hosted via Fluxx (e.g., <client>.fluxx.io), please be advised that the respective grantmaker or foundation client (each, a “Grantmaker”) determines the personal information that they collect from you, and this information is stored and processed on the Platform by Fluxx as a data processor. This Privacy Policy does not apply to personal information that we process as a data processor on behalf of Grantmakers. Please contact the Grantmaker directly or review their privacy policy for more information about how they process your personal information as a data controller and to exercise your rights in relation to that information.
We recommend that you read this Privacy Policy carefully as it provides important information about your personal information. It also tells you about your rights and choices with respect to your personal information.
By accessing or using our Services, or submitting information through the Services, you acknowledge that you have read and understand this Privacy Policy and the collection, use, and disclosure of your personal information as described in this Privacy Policy.
IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, UNLESS OTHERWISE STATED, YOUR CHOICE IS NOT TO USE OR ACCESS OUR SERVICES.
This Privacy Policy is designed so that you can easily reach the section that you are interested in.
If you have any questions, comments, or concerns regarding this Privacy Policy and/or our data practices, or would like to exercise your rights, do not hesitate to contact us. See How to Contact Us About Privacy, Your Choices, Additional Information For California Residents, and Additional Information For Users in Europe below.
Fluxx acts as data controller in connection with the Services and Platform. As a data controller, we are responsible for determining how and why we collect, process or disclose the personal information collected by us or on our behalf.
You can Contact Fluxx at: privacy@fluxxlabs.com
or
Fluxx Labs, Inc.
2261 Market Street, #4060
San Francisco, CA 94114
United States of America
Personal data, or personal information, means any information about an individual from which that person may be identified. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).
Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that we may collect, use and disclose such information for the purposes described in this Privacy Policy.
We ask that you not provide us with any sensitive data through the Services, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic, and biometric data.
We may collect the following categories of personal information from the following sources. We may also collect other personal information that is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
When you visit the Site, and depending on the purpose of your visit, you may provide us with personal information if, for example, you:
In connection with the above-mentioned activities, Fluxx may collect the following information:
In some cases, you will not provide any information to us directly, in which case the only data that we collect is Internet or Network Activity Information, as explained below.
As an individual Grantmaker, or when you act on behalf of a Grantmaker organization, you provide us with personal information when you:
In connection with the above-mentioned activities, Fluxx may collect the following information:
When you use or interact with the Services or Platform, even if you do not have an account, we and our authorized third-party service providers and advertising partners may automatically collect information about you, your computer, or mobile device, and your activity over time on our Platform and Services and other sites and online services (collectively, “Internet or Network Activity Information”).
Internet or Network Activity Information that we collect consists of:
We may use technologies to facilitate some of the data collection described above, such as:
In some instances, we process personal information from third parties, such as personal data from:
We may merge or combine such personal information with the personal information that we collect from you directly or indirectly.
Neither our Platform nor our Services are intended for minors. Fluxx does not target its Services to persons under the age of 18 and does not knowingly collect personal data from minors. Therefore, we ask you not to provide us with personal information of persons under the age of 18.
Our mission is to provide a safe, efficient and high-quality Platform, and our primary purpose in processing your personal information is to provide the Services that you request. We also use personal information for the purposes set forth below and as otherwise described in this Privacy Policy or at the time of collection.
Device Information that we collect consists of:
Depending on how you use our Services, Fluxx may process your personal data in the following instances and in order to:
Provide you with our Services – providing webinars, demos, and the Platform, including improving and personalizing your experience with the Services or on the Platform, establishing and maintaining your account, and providing maintenance and support (performance of a contract governing the operation of the Services, or to take steps that you request prior to engaging our Services, or sometimes necessary for our legitimate interests, depending upon the circumstances);
Conduct checks to verify identity (performance of a contract in connection with providing the Services, or sometimes necessary for our legitimate interests, depending upon the circumstances);
Send you direct marketing communications regarding Fluxx’s products and services that we may think are of interest to you (necessary for our legitimate interests in promoting our business or, where applicable law requires, based on your consent, in which case you may withdraw your consent at any time in the manner indicated when you consented or via the relevant Services);
Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances);
Engage in interested-based advertising with third-party advertising partners and social media companies to help us advertise our business and display ads for our Platform and Services (necessary for our legitimate interests in promoting our business and providing you with tailored, relevant content or, where applicable law requires, based on your consent, in which case you may withdraw your consent at any time in the manner indicated when you consented or via the relevant Services). These third-party companies may use cookies and similar technologies to collect information about you (including the Internet or Network Activity Information described above) over time across our Services and other websites or services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may used hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below;
Detect any fraudulent or illegal activity against you and/or Fluxx and protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims), enforce the terms and conditions that govern the Services or Platform, and audit our internal processes for compliance with legal and contractual requirements and internal policies (necessary for our legitimate interests in protecting our or others’ rights, privacy, safety, or property or to comply with our legal obligations, depending on the circumstances);
Perform system maintenance and upgrades, and enable new features (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances);
Conduct statistical analyses, including users’ usage trends and preferences, to improve the Services, Platform, and our business, and to develop new features, functionality, products, and services (necessary for our legitimate interests in performing research and development). As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous or de-identified data by removing information that makes the data personally identifiable to you or your device, whether directly or indirectly. We will maintain and use any de-identified data without attempting to reidentify the data. We may use this anonymous or de-identified data and share it with third parties for our lawful business purposes;
Provide information to regulatory bodies when legally required, as further outlined below (see Disclosure of Your Personal Information) (necessary for compliance with a legal obligation).
In addition to the specific situations discussed elsewhere in this Privacy Policy or at the point of collection, we may disclose your personal information to the parties indicated below:
Related companies, including any parent, affiliate, or subsidiary, whether now or in the future.
Service providers that do things to help us provide the Services, such as hosting service providers, user engagement and customer support providers, email service providers, payment service providers, conference organizers, communication tools, and analytics tools;
Advertising partners who we partner with for advertising campaigns or that collect information about your activity on the Services or Platform, including for the purpose of interest-based advertising as described elsewhere in this Privacy Policy (see “Engage in interest-based advertising”);
Professional advisors, such as auditors, lawyers, consultants, accountants and insurers;
Authorities and others, such as governments, regulators, law enforcement and fraud prevention agencies, but only in limited circumstances, including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; to protect the safety or security of our Platform or to prevent spam, abuse, or other malicious activity of actors on our Site or Platform as described in this Privacy Policy; or (iv) to protect our rights or property or the rights or property of those who use our Services as described in this Privacy Policy. ;
Business transaction participants in connection with any business transaction (or potential transaction) involving a merger, acquisition, sale of shares or assets, financing, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings); and
Companies approved by you, such as financial institutions or payment service providers.
d. Disclosure of Information Between Grantmakers and Grantseekers
If you are a Grantseeker, you have the option of linking information that you have uploaded to the Grantseeker Platform to Grantmakers directly. If you do so, only the information that you choose to share will be visible to the specific Grantmaker(s) with whom you have connected. Please check Grantmakers’ individual policies to determine how they handle and protect personal data.
i. Review and Request Changes to Your Account Information
We rely on you to update and correct the personal information contained in your account. Note that we may keep historical information in our backup files as permitted by law. If the Services or Platform do not permit you to update or correct certain personal information, please directly submit a request to us (see How to Contact Us About Privacy).
ii. Direct Marketing
You may opt-out of marketing emails by clicking on the unsubscribe link that you will find at the bottom of each communication to you. If you have an account with us, please use your preference settings to inform us of how you would like to receive marketing communications. Updates to your privacy preference information will be submitted once you have confirmed your changes.
iii. [SMS placeholder]
iv. Cookies
Outside the Platform, you may manage your cookie and tracking preferences as follows:
Turning off cookies in the preferences settings in your browser. If you do not accept cookies, however, you may not be able to use all functionality of the Services and our Site may not work properly. For more information and additional guidance, please visit www.allaboutcookies.org;
Downloading the Google Analytics opt-out browser add-on here. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here;
Fluxx, like many other companies, does not currently respond to Do Not Track (“DNT”) signals. Fluxx does not respond to DNT signals in order to provide the Services, maintain security and prevent fraud. For more information on DNT settings generally, please visit https://allaboutdnt.com.
v. Advertising Choices
You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the Digital Advertising Alliance (https://optout.aboutads.info), or the European Interactive Digital Advertising Alliance (http://www.youronlinechoices.eu/). Some of the companies we work with may offer their own opt-out mechanisms. For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here.
Many of the opt-out preferences described in this section must be set on each device and/or browser for which you want them to apply. Please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive interest-based advertisements from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
On the Site and Platform, we may provide, for informational purposes only, links to other websites or resources with which we do not have a contractual relationship and over which we do not have control (“External Websites”). Such links are not paid advertisements, nor do they constitute an endorsement by Fluxx of those External Websites, and are provided to you only as a convenience. By clicking on links to External Websites, the operators of the External Websites may collect your personal information. We are not responsible for the content or data collection practices of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.
On the Site and Platform, we provide third-party “share” buttons for YouTube, Facebook, Twitter or other social media sites, which may function as web beacons when you interact with the button. For instance, we provide a YouTube “share” button for sharing Fluxx’s training and new release webinars. As a result of this, please note that you direct us to send to the third party the information that you are viewing on a certain part of the Site or Platform when you click “share”. If you are not logged into your account with the third party, then the third party may not know your identity. If you are logged into your account with the third party, then the third party may be able to link information or actions about your interactions with the Site or Platform to your account with them. Please refer to each third party’s privacy policies to learn more about its data practices.
Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements.
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, where appropriate, we use encryption, secure socket layer, firewalls, and password protection. We also maintain programs to validate our security controls.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take reasonable steps to provide secure Services, by using our Services, you understand and assume the risks associated with your activities on the internet.
Fluxx is based in the United States and has servers and service providers in Canada, Ireland, Australia and potentially other countries . The personal information that we collect are sent to and stored on secure servers located in the United States. Such storage is necessary in order to process the information. Fluxx operates globally and may transfer the personal data that we collect from you to our other offices and/or to the third parties mentioned in the circumstances described above, which may be situated outside of your country or regional area, and may be processed by staff operating outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States by us or our agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence. By providing your personal information, where applicable law permits, you specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.
Users located in Europe can view more information about cross-border transfers in the section below titled “Additional Information for Users in Europe.”
This section applies only to California residents and supplements the practices described in this Privacy Policy. It describes how we collect, use, sell, share, and retain personal information of California residents, and their rights with respect to their personal information. For purposes of this section “personal information” has the meaning given in the California Consumer Privacy Act, as amended (the “CCPA”), but does not include information exempted from the scope of the CCPA. In some cases, we may provide a different privacy notice to certain categories of California residents, in which case that notice will apply instead of this section.
i. Collection of Personal Information
See “What Personal Information We Collect and How It Is Collected” for a description of the categories of personal information that we collect (and in the past twelve months may have collected) and the categories of sources from which we collect personal information.
ii. Business and Commercial Purposes for Processing Personal Information
See “Why We Collect Your Personal Information and How We Use It” for a description of the purposes, including the specific business and commercial purposes, for which we collect and use these categories of personal information.
iii. Disclosure, Sale, and Share of Personal Information to Third Parties
We may disclose (and in the past twelve months may have disclosed) any of the categories of personal information collected to any of the third parties described in the section titled, “Disclosure of Your Personal Information,” for the business purposes described in this Privacy Policy (see “Why We Collect Your Personal Information and How We Use It” for a description of business purposes).
We further disclose (and in the past twelve months may have disclosed) Identifiers and Internet or Network Activity Information to our Advertising Partners for the interest-based advertising purpose described in this Privacy Policy, including tracking the success of our advertising campaigns and measuring activity on the Site and Platform. These disclosures may be considered a “sale” or “share” of personal information under the CCPA, meaning that we ether receive monetary or other form of valuable consideration in return for the personal information, or the purpose of the disclosure is for targeted or cross-context behavioral advertising. You can opt-out of these disclosures, as further described below (see “Your California Privacy Rights”). We do not knowingly sell or share the personal information of California residents under 16 years of age.
To the extent that we collect sensitive personal information (as defined under the CCPA), we only use or disclose it for purposes permitted under the CCPA (e.g., to provide the Services and Platform, detect security incidences and prevent fraud, and to verify and maintain the quality of the Platform). We do not collect or use sensitive personal information for the purpose of inferring characteristics about California residents.
iv. Your California Privacy Rights
As a California resident, in addition to the choices described elsewhere in this Privacy Policy, you have the rights listed below. Please note, these rights are not absolute, and, in some cases, we may not be able to respond to your request, such as when a legal exemption applies or if we are not able to verify your identity.
Right to Know. You can request the following information about how we have collected and used your personal information:
the categories of personal information we collected;
the categories of sources from which we collected personal information;
the business or commercial purpose for collecting, selling, or sharing (as applicable) that personal information;
the categories of third parties with whom we disclose personal information; and
a copy of the personal information that we collected about you.
Right to Delete. You can request that we delete the personal information we collected from you.
Right to Correct. You can request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sales and Sharing. If we “sell” or “share” your personal information, you can opt-out.
v. How to Exercise Your Rights
You may exercise the rights described above as follows:
Know/Access, Delete, or Correct. You may exercise these California privacy rights by [calling us toll free at ___ or by] emailing us at privacy@fluxxlabs.com with the subject line, "California Privacy Request."
Opt-Out of Sales/Sharing. You can request to opt-out out of the “sale” or “share” of your personal information through the use of cookies and similar technologies by clicking the “Do Not Sell or Share My Personal Information” or broadcasting the Global Privacy Control (GPC) signal. Note that due to technological limitations, if you visit our Platform from a different computer or device, or clear cookies on your browser that store your preferences, you will need to return to this screen to select your preferences and/or rebroadcast the GPC signal.
Due to technological limitations, to opt-out of other non-cookie-based “sales,” we need to collect some identifying information. To opt-out of these other “sales,” please email us at privacy@fluxxlabs.com with the subject line, "California Opt-Out Request.”
If you direct us not to sell/share your personal information, we will consider it a request pursuant to California's "Shine the Light" law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your right to know/access, delete, and correct. This is a security measure to, for example, help ensure we do not disclose information to a person who is not entitled to receive it. The identity verification process may vary depending on how you submit your request.
Consistent with California law, you may designate an authorized agent to make a request on your behalf. If you do so, we may require proof of your identification, the authorized agent's proof of identification, and any other information that we may request in order to verify the request, including evidence of valid permission for the authorized agent to act on your behalf. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.
We try to respond to all legitimate requests to know/access, delete, and correct within 45 days of your request. Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us using the contact information listed at the end of this Privacy Policy.
The information in this section applies only to individuals in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe”). Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
The controller of your personal data for purposes of European data protection legislation is Fluxx, as stated in the section titled, “Who We Are.”
The legal bases of our processing of your personal data as described in this Privacy Policy will depend on the type of personal data and the specific context in which we process it. However, the legal bases we typically rely on are stated in the section titled, “Why We Collect Your Personal Information and How We Use.” We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). We may use your personal data for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis. If you have questions about the legal basis or how we process your personal data, please contact us (see How to Contact Us About Privacy).
If we transfer your personal data to a country outside of Europe such that we are required to apply additional safeguards to your personal data under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied (see How to Contact Us About Privacy).
European data protection laws may give you certain rights in relation to your personal data. You may ask us to take the following actions in relation to your personal data that we hold:
The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you;
The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object – your right to object to reliance on our legitimate interest as the basis for us processing your personal data that impacts your rights (for example, if you object to us processing your data for direct marketing); and
Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them. If are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us at privacy@fluxxlabs.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We strive to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us first.
If you have any questions about this Privacy Policy, please contact us at privacy@fluxxlabs.com. You may also write us at:
Fluxx Labs, Inc.
Attention: Data Privacy
2261 Market Street, #4060 San Francisco, CA 94114
United States of America
Fluxx may update this Privacy Policy from time to time. If so, we will post an updated Privacy Policy on this page and indicate the date on which the Privacy Policy was last revised. In some cases, we may also notify you that this Privacy Policy has been changed by sending you an email, posting a notice on the Services or Platform, or other means as may be required by applicable law. We encourage you to review this Privacy Policy regularly for any changes. In all cases, your continued use of the Services or Platform after the posting or other notification constitutes your acknowledgement of such changes.
2261 Market Street, #4060
San Francisco, CA 94114
