FLUXLAY

Privacy Policy

Last Updated: 2026-06-07

1. Information We Collect

We may collect the following information:

  • Account and profile information: Email address, username, display name, avatar, bio, website, and external service IDs (X / Instagram / GitHub, etc.) provided during account creation, authentication, and profile setup
  • Usage and behavioral data: Page views, interaction events such as viewing, acquiring, and applying wallpapers, and performance metrics such as Web Vitals (collected via analytics tools)
  • Technical information: IP address, user agent, and browser, OS, and device details
  • Error and diagnostic information: Crash logs, stack traces, and session replays for diagnosing issues in the app and website (collected via error-monitoring tools; includes IP address)
  • User content and information derived from it: Uploaded wallpapers (including code), images, video, text, and profiles, as well as analysis results, captions, and vectors (features) generated automatically for review, search, and recommendation
  • Payment information: Transaction amount, currency, and payment status. Payment instrument details such as credit card numbers are handled by our payment processor and are not retained by us.
  • Cookies and tracking data: We use cookies and similar technologies for session management and analytics. You may disable cookies in your browser settings, though some features may not function properly as a result.

2. How We Use Your Information

We use collected information for the following purposes. For users in the EU, the legal basis under GDPR (General Data Protection Regulation) is noted in parentheses.

  • Provide and operate the Service (Performance of a contract)
  • Authenticate users and verify identity (Performance of a contract)
  • Improve the Service and analyze usage (Legitimate interests)
  • Review and moderate content (including analysis by automated means such as AI) (Legitimate interests / Legal obligation)
  • Provide search and recommendation features (analyzing and vectorizing content) (Legitimate interests)
  • Process payments (Performance of a contract)
  • Detect and prevent misuse and unlawful content, and keep the Service safe (Legitimate interests)
  • Diagnose issues and improve quality (Legitimate interests)
  • Send important announcements, notifications, and transactional emails (Performance of a contract / Legitimate interests)
  • Respond to support requests (Performance of a contract / Legitimate interests)
  • Comply with legal obligations (Legal obligation)

3. Third-Party Services and Data Sharing

We do not share your information with third parties except:

  • With your consent
  • When required by law
  • With service providers bound by confidentiality agreements, as necessary to operate the Service

As necessary to provide the Service, we use the following categories of external service providers (processors), each subject to their own privacy policies. Where we detect serious unlawful content (such as child sexual exploitation), we may report it and provide information to the relevant authorities as required by law.

  • Cloud infrastructure and hosting providers: For authentication and databases, servers and CDN, storage, media transformations, and the search index.
  • Payment processors: For payment processing and payouts to creators. Payment instrument details are handled by these providers.
  • Analytics providers: For usage and behavioral analytics.
  • Error-monitoring providers: For error and crash diagnostics (includes IP address).
  • AI / machine-learning service providers: For automated analysis such as content review, captioning, and vectorization.
  • Email delivery providers: For sending emails.

4. International Data Transfers

The external service providers described above are based primarily in the United States or other countries outside Japan. Your data may be transferred outside your country of residence through these services. We ensure that appropriate safeguards are in place in accordance with each provider's privacy policy and applicable law (including appropriate transfer mechanisms such as Standard Contractual Clauses).

5. Data Retention and Security

We retain collected data for as long as necessary to provide the Service or as required by law, with appropriate security measures such as encryption in place. Data no longer needed is deleted or anonymized. However, even after you request deletion, we may retain certain data for a limited period where necessary to comply with the law, handle disputes, investigate fraud or unlawful activity, or for other legitimate business needs.

In the event of a personal data breach, we will notify the relevant supervisory authority within the timeframe required by applicable law (within 72 hours under GDPR). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

6. Your Rights

You have the right to:

  • Request access to, correction of, or deletion of your personal data
  • Request that we stop processing your personal data
  • Request a copy of your personal data in a machine-readable format (data portability)
  • Delete your account

To exercise these rights, please contact us through the in-service support channel.

7. Additional Rights for EU Residents and GDPR Compliance

If you are located in the European Union, you have the following additional rights under the General Data Protection Regulation (GDPR), in addition to those listed in Section 6:

  • Right to object: You may object to processing based on our legitimate interests at any time.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to restriction: You may request restriction of the processing of your personal data in certain circumstances.
  • Right to lodge a complaint: You have the right to lodge a complaint with the data protection supervisory authority in your EU member state.

Automated decision-making and profiling: We may use automated means, including AI, to review and moderate content. Where such means are used to make a decision that produces legal effects or similarly significant effects on you (such as unpublishing content or suspending an account) on a solely automated basis, you have the right to request human review (to appeal) of that decision (GDPR Article 22(3)).

To exercise these rights, please contact us through the in-service support channel.

8. Children's Privacy

Our Service is not directed at children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes on our website. Continued use of the Service after changes constitutes acceptance of the revised policy.

Contact

For questions about this Privacy Policy, please contact us through the in-service support channel.