Privacy Policy

Who controls this policy

Flucsi is operated by Cosmin Seviciu, based in Romania. Flucsi is not currently operated by a registered company.

For privacy, data rights, copyright, legal, and security requests, email [email protected] or use the Contact page with the Legal topic selected.

Local editor media

When you import audio, images, artwork, or other media into a regular editor project, Flucsi processes those source files locally in your browser. Flucsi does not upload the full underlying source files as part of normal editing, autosave, or browser export.

Local media may be stored by your browser so the same browser can restore the project. Clearing browser data, using another device, or opening the project in another browser may remove access to those local files.

Project documents and previews

If you sign in and save or autosave a project, Flucsi may store project data such as project name, visual settings, selected presets, file names, labels, timestamps, local file references, and other metadata you choose to include.

For saved projects, Flucsi may also store a small generated project preview image so the project library can show thumbnails across devices.

The project data and thumbnail are not the underlying source song, full image, artwork, or other full editor media file. Regular project media stays in browser storage unless you explicitly submit files through a separate workflow that says files will be sent.

Avoid using sensitive client names, private unreleased titles, or confidential information in project names, file names, or asset labels if you do not want that information stored in server project configuration.

Files you explicitly submit

Some separate workflows may transmit files to Flucsi, such as support screenshots, project thumbnails, preset/media admin workflows, or other flows that clearly ask you to submit a file. Those files are used for the purpose shown in that workflow.

Do not submit passwords, payment card numbers, government IDs, private unreleased media, confidential client material, or highly sensitive personal data to Flucsi.

Google sign-in data

If you sign in with Google, Flucsi receives and stores the minimum account data needed to identify your account: Google account identifier, email, email verification state, display name where available, avatar URL where available, login timestamps, and internal account status needed to operate the service.

Google handles the Google sign-in flow under Google terms and privacy notices. You can manage or revoke Google account access from your Google account settings.

Authentication and essential cookies

Signed-in users receive an essential session cookie. It is used for authentication, account security, and abuse prevention. It currently expires after 30 days.

This cookie is strictly necessary for signed-in account features. It is not an analytics, advertising, or marketing cookie.

Browser storage

Flucsi uses browser storage for local projects, imported editor media, local fallback previews, autosave drafts, cached audio analysis, theme, editor preferences, privacy notice acknowledgement, and similar product state.

Browser storage stays on your device unless a feature clearly says it syncs data to Flucsi. You can remove local browser data through browser settings, but doing so may permanently delete local projects and local media from that browser.

Contact messages

If you contact Flucsi, we may store your email, optional name, selected topic, message, optional image attachments, user-agent information, status, and timestamps so we can reply, investigate issues, handle legal requests, and prevent abuse.

Contact attachments are intended for screenshots. They may be resized, converted, rejected, restricted, or deleted for safety, privacy, storage, or abuse-prevention reasons.

No payments in alpha

Flucsi is currently offered as a free alpha service. Flucsi does not currently process subscription payments through the service.

If paid subscriptions are introduced later, billing, tax, invoices, renewals, cancellations, and refunds may be handled by a Merchant of Record. This policy and the Terms will be updated before paid plans become available.

Analytics and marketing

Flucsi uses optional Google Analytics only after you accept analytics in the privacy choices modal. Google Analytics may receive page and usage events, browser and device information, approximate location derived from network data, and similar analytics signals. It is used to understand public site and editor usage and improve the product.

Advertising, marketing pixels, ad personalization, and campaign attribution cookies are not active. You can reject or withdraw optional analytics consent from the privacy choices modal.

Legal bases

Flucsi processes personal data only when a lawful basis applies. For account features, saved project configuration, and support requests, processing is needed to provide the service you request.

For security, abuse prevention, rate limits, debugging, reliability, service improvement, and legal protection, Flucsi relies on legitimate interests. Optional Google Analytics runs on consent where required. Flucsi may also process data where needed to comply with legal obligations.

Security and server logs

When you use Flucsi, servers and infrastructure providers may process security and operational logs such as IP address, request information, timestamps, browser information, sign-in events, errors, abuse-prevention events, and security signals.

These logs are used for security, debugging, abuse prevention, reliability, legal protection, and keeping the service available.

Processors and third parties

Flucsi uses service providers to operate the service. Current providers include Hetzner for hosting, Cloudflare for DNS, security, storage, and backups, Google for Google Sign-In, and Google Analytics for optional analytics when you consent.

Cloudflare storage may hold project thumbnails, contact/support attachments, preset/admin media, and encrypted backups. Where configured, Flucsi uses Cloudflare’s EU data location option.

Encrypted backups may include server-held account data, saved project data, contact/support records, and related metadata. They do not include regular editor source songs, full images, artwork, or media files that stay in your browser.

Possible future providers may include email delivery, monitoring or error tracking, customer support, and paid subscription or Merchant of Record services. Future providers will be listed before they are used for public production users.

Flucsi does not sell personal data. Flucsi does not sell project media. Flucsi does not use regular editor audio or images for advertising profiles. Flucsi does not use Google sign-in data for hidden secondary purposes.

International transfers

Flucsi is operated from Romania. Some providers, such as Cloudflare or Google, may process data through global infrastructure or support teams.

If personal data is transferred outside the European Economic Area, Flucsi relies on lawful transfer safeguards, such as an adequacy decision, standard contractual clauses, or another mechanism allowed by GDPR.

Security

Flucsi uses reasonable safeguards for the alpha stage, including HTTPS in production, secure session handling, authorization checks, access controls, upload limits, and encrypted backups.

No internet service can guarantee perfect security. Keep your Google account secure, do not share credentials, keep local backups of important source files and exports, and avoid submitting sensitive secrets through support forms.

Retention

Local projects and media stay in your browser until you delete them, clear browser storage, or the browser removes them. Flucsi cannot restore local media after it is removed from your browser.

Server account records, saved project data, and project thumbnails are generally kept while your account or saved project exists or until deletion is completed, subject to legal, security, backup, abuse-prevention, dispute, or compliance needs.

Contact messages and attachments explicitly submitted through contact/support are generally kept only as long as needed for support, legal, security, and abuse-handling purposes, and may be kept for up to 24 months or longer where needed for disputes, abuse prevention, legal compliance, or service protection.

Operational and security logs are generally kept for a limited period, usually up to 90 days, but may be kept longer where needed for security, abuse prevention, debugging, legal compliance, disputes, or service protection.

Encrypted backups are generally retained for up to about 12 months. Deleted data may remain in encrypted backups until those backups expire or are replaced.

Your data rights

Depending on your location, you may request access, correction, deletion, restriction, portability, objection to certain processing, and withdrawal of consent for optional processing. Flucsi may need to verify that you control the account or email address connected to the request before acting on it.

Flucsi aims to respond to verified data rights requests without undue delay and generally within one month. Where allowed by law, this period may be extended by up to two additional months for complex or numerous requests, and Flucsi will notify you if an extension is needed.

Some data may be retained where required or permitted for legal claims, security, fraud prevention, compliance, backups, or records that Flucsi must keep. Account deletion does not automatically delete local browser data, so you may also need to clear local browser storage.

Automated decision-making

Flucsi does not currently use automated decision-making or profiling that produces legal or similarly significant effects for users.

Children

Flucsi is not intended for children under 13. In the European Economic Area, including Romania, users under 16 should not create an account or submit personal data unless allowed by applicable law and, where required, with consent or authorization from a parent or guardian.

If Flucsi learns that an account was created unlawfully by a child, Flucsi may delete or restrict the account and related data.

Complaints

EU users may contact their local data protection authority if they believe a valid request was not handled correctly. Romania’s supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Law enforcement and legal requests

Flucsi may preserve, disclose, restrict, or remove information where reasonably necessary to comply with valid legal process, protect users, protect Flucsi, investigate abuse, enforce terms, or prevent harm.

Changes and contact

Flucsi may update this Privacy Policy as the alpha changes. Material changes will be posted clearly, and continued use after an update means the updated policy applies.

Email [email protected] or use the Contact page with the Legal topic for privacy questions, access requests, correction, deletion, portability, objections, consent withdrawal, copyright notices, and security concerns.