FluxMobile
Privacy & Data Protection

Privacy Policy

How FluxMobile collects, uses, and protects your data. We believe in transparency about what we do and do not collect.

Effective Date: April 26, 2026 · Last Updated: April 26, 2026

This Privacy Policy explains how First Digital Holdings LLC ("FluxCybers," "we," "us," or "our") collects, uses, stores, and protects personal data in connection with FluxMobile telecommunications services ("Services"). FluxMobile is a service operated by First Digital Holdings LLC, a company registered in Delaware, USA.

We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC, and all applicable Irish and European Union data protection legislation.

1 Data Controller

The data controller for personal data processed through FluxMobile is:

First Digital Holdings LLC

Registered in Delaware, USA

Privacy Contact: privacy@fluxcybers.polsia.app

Data Protection Officer: dpo@fluxcybers.polsia.app

2 What We Collect

We collect only the data necessary to provide, secure, and improve FluxMobile Services. The categories of data we collect are:

Account Information

Name, email address, billing address, payment information, company name (for business accounts), and phone number(s) assigned to your account. Collected during registration and updated as you modify your account.

Call Detail Records (CDRs)

Metadata generated when you use the Services, including: originating and destination phone numbers, timestamps (start time, end time), call duration, SMS segment count, data session size, routing information, and network identifiers. CDRs are essential for billing, compliance, and service quality monitoring.

Trust and Compliance Data

Trust tier history, compliance event records (e.g., rate limit triggers, abuse reports received, account actions taken), and aggregated usage pattern scores. This data is used to operate the Trust Tier system described in our Terms of Service.

Account Events

Immutable event records for significant account lifecycle events: account creation, plan changes, number provisioning and release, tier changes, suspension and reinstatement events, and termination. These events are recorded with timestamps and relevant metadata for auditability.

Technical and Access Data

IP addresses used to access the FluxMobile client portal, browser and device type, session tokens, API authentication logs, and timestamps of platform access. Collected automatically for security and fraud prevention.

3 What We Do NOT Collect

Transparency about what we do not collect is as important as disclosing what we do. FluxMobile explicitly does not collect the following data:

Call Content or Audio. We do not listen to, record, intercept, or transcribe the audio content of your voice calls.
SMS Message Content. We do not read, store, or analyze the text content of SMS messages sent or received through our Services. Our compliance monitoring operates on metadata only (volume, velocity, destination patterns).
Browsing Data. We do not monitor, log, or analyze your mobile data browsing activity, website visits, application usage, or DNS queries.
Real-Time Location. We do not track your real-time geographic location. Network-level cell tower information used for call routing by our carrier partners is not stored, processed, or accessible by FluxMobile.

5 How We Use Your Data

We use the data described in Section 2 for the following purposes:

  1. Service Provision. To route calls and messages, provision numbers and eSIMs, manage your account, and deliver the telecommunications Services you have subscribed to.
  2. Billing and Accounting. To calculate usage charges, generate invoices, process payments, and maintain financial records as required by law.
  3. Compliance and Trust. To operate our Trust Tier system, detect abuse patterns, enforce our Terms of Service, and maintain the integrity of our network and carrier relationships.
  4. Security. To protect against unauthorized access to accounts, detect fraudulent activity, and prevent network abuse.
  5. Legal Obligations. To comply with applicable telecommunications regulations, tax laws, and lawful data disclosure requests.
  6. Service Improvement. To analyze aggregated, anonymized usage patterns to improve network performance, capacity planning, and service features. Individual user data is never used for profiling or advertising purposes.

6 Blockchain Compliance Ledger

FluxMobile maintains a blockchain-based compliance ledger for transparency and auditability of compliance actions. This section explains how it works and what data is involved.

What the Compliance Ledger Records

The compliance ledger creates immutable, timestamped records of significant compliance events, such as trust tier changes, account suspensions, and abuse report resolutions. Each record contains:

  • - A cryptographically hashed account identifier (SHA-256 hash, not your actual account ID, name, or email)
  • - The type of compliance event (e.g., "tier_change," "suspension," "abuse_report_resolved")
  • - A timestamp of the event
  • - A hash of the event metadata (not the metadata itself)

What the Compliance Ledger Does NOT Contain

  • - No personally identifiable information (PII) is stored on the blockchain
  • - No phone numbers, email addresses, names, or billing information
  • - No CDR data or communication metadata
  • - No data that can be used to identify you without access to FluxMobile's internal mapping (which is stored separately in our encrypted database, not on the blockchain)

The purpose of the blockchain compliance ledger is to provide an independently verifiable, tamper-resistant record of compliance actions. This protects both FluxMobile and our users by ensuring that compliance actions can be audited and cannot be retroactively altered. The ledger does not create any additional privacy risk because it contains only hashed identifiers and event types -- not personal data.

7 Data Sharing

FluxMobile does not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Carrier Partners

We share the minimum data necessary with our underlying carrier and SIP providers to route calls, deliver messages, and provision connectivity. This includes destination numbers, routing identifiers, and technical metadata required for service delivery.

Payment Processors

Billing and payment information is shared with our payment processor(s) for the sole purpose of processing your payments. We do not store full credit card numbers on our systems.

Law Enforcement

We will disclose personal data to law enforcement authorities only when presented with a valid court order or equivalent legal instrument issued by a court of competent jurisdiction. We do not voluntarily share data with law enforcement or government agencies. We will notify you of such requests where legally permitted to do so.

We do not share personal data with advertisers, data brokers, or any third party for marketing or profiling purposes.

8 Third-Party Services

FluxMobile integrates with the following categories of third-party services to deliver and support our telecommunications platform:

Service Purpose Data Shared
GSMA CAMARA APIs Network capability APIs for number verification, SIM swap detection, and device status Phone number, device identifiers (as required by specific API calls)
Zoho Transactional email delivery (account notifications, billing receipts, compliance notices) Email address, name
SIP Providers Voice call routing and termination Call routing metadata (originating/destination numbers, SIP headers)
SMS Aggregators SMS message routing and delivery Message routing metadata (originating/destination numbers, segment count)

All third-party service providers are bound by data processing agreements (DPAs) that require them to process data only for the specified purpose, implement appropriate security measures, and comply with GDPR requirements.

9 Data Retention

We retain your data only as long as necessary for the purposes described in this policy or as required by law. Our specific retention periods are:

18 months
Call Detail Records (CDRs).

CDRs are retained for 18 months from the date of the communication event. After this period, CDRs are permanently deleted. This retention period reflects telecommunications regulatory requirements and our need to resolve billing disputes.

7 years
Billing and Financial Records.

Invoices, payment records, and associated financial data are retained for 7 years from the date of the transaction, as required by Irish tax and accounting regulations.

Active
Trust Scores and Compliance History.

Trust tier data and compliance event history are retained for the duration of your active account. Upon account termination, trust data is retained for an additional 12 months for dispute resolution and regulatory purposes, then permanently deleted.

Permanent
Blockchain Compliance Ledger.

Records on the blockchain compliance ledger are immutable by design. However, as described in Section 6, these records contain only hashed identifiers and event types -- no PII. The mapping between hashed identifiers and your account is deleted according to the trust data retention schedule above.

When data reaches the end of its retention period, it is permanently deleted or irreversibly anonymized. We do not archive data beyond these periods.

10 Your Rights

Under GDPR and applicable data protection legislation, you have the following rights with respect to your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data where it is no longer necessary for the purposes it was collected, subject to legal retention obligations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data.

Right to Object

You have the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.

How to Exercise Your Rights

To exercise any of these rights, email privacy@fluxcybers.polsia.app with the subject line "Data Subject Request" and include your FluxMobile account email address for identity verification. We will respond within 30 days as required by GDPR. There is no fee for exercising your rights.

If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie.

11 Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  1. Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
  2. Access controls with role-based permissions and multi-factor authentication for administrative access;
  3. Regular security assessments and vulnerability testing;
  4. Audit logging of all access to personal data;
  5. Incident response procedures with notification within 72 hours of a confirmed breach, as required by GDPR Article 33.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12 International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our carrier partners and infrastructure providers operate. When such transfers occur, we ensure appropriate safeguards are in place, including:

  1. EU Standard Contractual Clauses (SCCs) approved by the European Commission;
  2. Transfers to countries with an adequacy decision from the European Commission;
  3. Binding corporate rules where applicable.

You may request information about the specific safeguards applied to international transfers of your data by contacting dpo@fluxcybers.polsia.app.

13 Children's Privacy & Family Accounts

Family Accounts: Parents & Guardians Can Open Accounts for Minors

FluxMobile supports Family Accounts where a parent or legal guardian registers on behalf of a minor. The adult account holder assumes full legal responsibility for the minor's use of the Services.

Data Processing for Family Accounts

  1. Parental Consent. When a parent or guardian opens a Family Account, they provide explicit consent for the collection and processing of any personal data associated with the minor sub-user, in accordance with Article 8 of the GDPR and applicable national laws.
  2. Data Minimisation. We collect only the minimum personal data necessary to provide telecommunications services to minor users. We do not use minor users' data for marketing, profiling, or any purpose beyond service delivery and safety compliance.
  3. Restricted Processing. Personal data associated with minor users is subject to stricter access controls and is not shared with third parties except where strictly necessary to provide the Services or comply with legal obligations.
  4. Parental Access. The registered parent or guardian may at any time request access to, correction of, or deletion of personal data associated with a minor sub-user on their Family Account by contacting privacy@fluxcybers.polsia.app.

Inadvertent Collection. FluxMobile does not knowingly collect personal data from individuals under 18 without appropriate parental consent (outside of Family Accounts). If you believe we have inadvertently collected data from a minor without parental consent, please contact us immediately at privacy@fluxcybers.polsia.app and we will take prompt action to delete that data.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  1. Notify you by email at your registered address at least 30 days before the changes take effect;
  2. Post the updated policy on our website with a revised effective date;
  3. Provide a summary of the material changes.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

15 Contact Information

For privacy-related inquiries, data subject requests, or complaints, use the appropriate contact below:

Privacy & Data Rights

Privacy Team

Data subject requests, DSAR, general privacy enquiries

privacy@fluxcybers.polsia.app

Data Protection Officer

DPO

GDPR complaints, regulatory enquiries, cross-border transfers

dpo@fluxcybers.polsia.app

Legal

Legal Department

Legal notices, law enforcement requests, policy matters

legal@fluxcybers.polsia.app

Customer Support

Support Team

Account help, Family Accounts, billing enquiries

support@fluxcybers.polsia.app

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC), the supervisory authority for data protection in Ireland: www.dataprotection.ie.