Fluxorus Networks
Legal Documentation

Data Processing Agreement

Last updated: June 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of, and is incorporated by reference into, the Terms of Service between the customer ("Customer," the controller) and Fluxorus Networks, LLC ("Fluxorus," the processor) and applies where Fluxorus processes personal data on Customer's behalf. By accepting the Terms, the parties agree to this DPA. It takes effect on the date Customer accepts the Terms and remains in force while Fluxorus processes personal data for Customer. Where required, a countersigned copy is available on request from privacy@fluxorus.com.

2. Definitions

  • Personal Data: information relating to an identified or identifiable person processed under the Terms
  • Processing: any operation performed on personal data
  • Controller / Processor / Data Subject: as defined under applicable data protection laws
  • Data Protection Laws: applicable U.S. federal and state privacy laws, including the CCPA/CPRA, and any other privacy laws applicable to the processing
  • Sub-processor: a third party engaged by Fluxorus to process personal data

3. Description of Processing

  • Subject-matter: provision of hosting, network, and security services under the Terms
  • Duration: the term of the Customer's subscription, plus the return/deletion period in Section 12
  • Nature & purpose: hosting, transmission, storage, backup, support, billing, and security monitoring of Customer's environment
  • Types of personal data: as determined by Customer — may include identifiers, contact details, account credentials, IP addresses, and any data Customer stores on the Services
  • Categories of data subjects: Customer's end users, employees, and contacts, as determined by Customer

4. Processing Instructions

Fluxorus will process personal data only on Customer's documented instructions, including the Terms and use of the Services' features, unless required by law (in which case Fluxorus will, where legally permitted, inform Customer first). Fluxorus will promptly inform Customer if, in its opinion, an instruction infringes Data Protection Laws. Fluxorus will not sell personal data or process it for its own purposes.

5. Customer Obligations

  • Ensure a lawful basis for the processing and obtain any necessary consents
  • Provide lawful, documented processing instructions
  • Comply with Data Protection Laws as controller
  • Be responsible for the accuracy and legality of the data it provides

6. Fluxorus Obligations

  • Process data only as instructed (Section 4)
  • Ensure that personnel authorized to process personal data are bound by a duty of confidentiality
  • Implement and maintain the security measures in Section 7
  • Assist Customer with data subject requests and compliance (Section 9)
  • Notify Customer of personal data breaches (Section 10)
  • Make available information needed to demonstrate compliance (Section 13)

7. Security Measures

Fluxorus maintains appropriate technical and organizational measures appropriate to the risk, which form a binding part of this DPA:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and authentication
  • Network monitoring and intrusion detection
  • Regular security reviews and patching
  • Physical security at data-center facilities
  • Backup and resilience measures

Fluxorus may update these measures provided the level of protection is not materially reduced.

8. Sub-processors

Customer provides general authorization for Fluxorus to engage sub-processors (such as our payment processor, hosting and network providers, and email provider) to deliver the Services. A current list is available on request from privacy@fluxorus.com. Fluxorus imposes data-protection obligations on each sub-processor that are no less protective than this DPA and remains responsible for their performance. Fluxorus will give reasonable notice of any new or replacement sub-processor; Customer may object on reasonable data-protection grounds, and if the parties cannot resolve the objection, Customer may terminate the affected Service.

9. Data Subject Rights & Assistance

Taking into account the nature of the processing, Fluxorus will assist Customer with appropriate technical and organizational measures, insofar as possible, to respond to data subject requests (access, rectification, erasure, restriction, portability, and objection), and to meet Customer's obligations regarding security, breach notification, and data protection impact assessments. If Fluxorus receives a request directly from a data subject, it will refer them to Customer.

10. Data Breach Notification

Fluxorus will notify Customer without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach affecting Customer's personal data, and will provide information reasonably available to help Customer meet its own notification obligations, including the nature of the breach, likely consequences, and remediation steps.

11. International Transfers

Fluxorus is based in the United States and processes personal data in the United States. Where personal data is transferred internationally, the parties will put in place a lawful transfer mechanism if required by applicable Data Protection Laws.

12. Return or Deletion of Data

On termination or expiry of the Services, and at Customer's choice, Fluxorus will return or delete the personal data it processes for Customer, and delete existing copies, within 30 days, unless retention is required by law. Residual copies in routine backups are deleted on the normal backup-rotation cycle and remain protected by this DPA until deleted.

13. Audits and Inspections

Fluxorus will make available information necessary to demonstrate compliance with applicable Data Protection Laws and allow for and contribute to audits, including inspections, conducted by Customer or an auditor it mandates. Audits are limited to once per 12-month period (unless required by a regulator or following a breach), on reasonable prior notice, during business hours, subject to confidentiality, and conducted so as not to disrupt other customers; Fluxorus may satisfy audit requests by providing relevant third-party reports or certifications where available.

14. Liability

Each party's liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service, and any reference to the liability of a party means the aggregate liability of that party under the Terms and this DPA combined.

15. Contact

Privacy: privacy@fluxorus.com
Company details: Company Information