Privacy Policy

Last Updated: March 1, 2025

This Privacy Policy describes the privacy practices of Fluxcoda, Inc. and our subsidiaries and affiliates (collectively, "Fluxcoda", "we", "us", or "our") in relation to personal information we collect about you when you use our websites, products or services, or otherwise interact with us, including any sales, marketing, or events (collectively, the "Services").

This Privacy Policy does not apply to our handling of personal information that we process on behalf of our customers as a service provider or processor. Our processing of that information is governed by our agreement with our customers, including our Data Processing Agreement.

Moreover, this Privacy Policy does not apply to the Match Booster platform and related services, which are governed by the Platform Privacy Notice.

1. Personal Information We Collect

Information you provide to us. Personal information our customers or prospects may provide to us through the Services or otherwise includes:

• Account and contact data, such as first and last name, username, password, email and mailing addresses, and phone number, that you may provide when you create an account with us or contact us for customer support.
• Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
• Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.

Third party sources.

• When you link, connect, or login to the Services with a third party service (e.g. Google, Microsoft or Single Sign-On), you direct the service to send us information such as your registration, name, email address, photo, and profile information as controlled by that service or as authorized by you via your privacy settings at that service.
• We may supplement the information that we collect from you (such as your email address) with additional information about you and your company obtained from publicly available and third-party databases or services that provide information about business people and companies (including an individual's name, job title, business contact information, and company information). This helps us update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you.

Automatic data collection. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online Services, such as:

• Device data, such as your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language preferences, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G).
• Online activity and usage data, such as pages or screens you viewed, how long you spent on a page or screen, which links you choose to click, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We collect this information using cookies and other similar technologies. For more information, please visit our Cookie Policy.

Fluxcoda Slack app. The Fluxcoda Slack app alerts customers of the Reverse ETL product about the status of their Fluxcoda syncs, workspace extensions, and important customer actions such as approval requests. It also facilitates sending information into the customer's Slack workspaces as configured in the customer's Fluxcoda sync settings. The app collects user and channel IDs to deliver these messages and alerts to our customers who use the Fluxcoda Slack app.

2. How We Use Personal Information

We use personal information for the following purposes or as otherwise described at the time of collection:

Legal Bases for Processing (GDPR)

Under the GDPR, we rely on the following legal bases to process your personal information:

• Contractual Necessity: When processing is necessary to perform our contract with you
• Consent: When you have given your explicit consent
• Legitimate Interests: When it is in our legitimate business interests (as detailed below)
• Legal Obligation: When necessary to comply with our legal obligations

Communicating with you about our Services. We use personal information to respond to your requests, provide customer support, and communicate with you about our Services, including by sending announcements, updates, security alerts and support and administrative messages. (Legal basis: Contractual Necessity, Legitimate Interests)

Improving, monitoring, personalizing, and protecting our Services. We use personal information to improve and keep our Services safe for our users, which includes:

• understanding your needs and interests, and personalizing your experience with the Services and our communications;
• troubleshooting, testing and research and to keep the Services secure; and
• investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.

(Legal basis: Legitimate Interests, Contractual Necessity)

Research and development. We may use personal information for research and development purposes, including to analyze and improve the services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the services and promote our business. (Legal basis: Legitimate Interests)

Direct marketing. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. (Legal basis: Consent, Legitimate Interests)

Interest-based advertising. We may engage third-party advertising companies to display our ads on their online services. We may also share information about our website users with these companies to facilitate advertising for our services to them or similar users on other online platforms. For more information, or to understand your choices, please visit our Cookie Policy. (Legal basis: Consent)

Compliance and protection. We may use personal information to comply with legal obligations and to defend us against legal claims or disputes, including to:

• protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements and internal policies;
• enforce the terms and conditions that govern the services;
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
• comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

(Legal basis: Legal Obligation, Legitimate Interests)

3. How We Share Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery, communications channels and website analytics services).

Advertising partners. Third party advertising companies for the interest-based advertising purposes described above. The disclosure of this information may constitute a data "sale" under certain privacy laws and requires explicit consent under GDPR.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Fluxcoda or our affiliates (including, in connection with a bankruptcy or similar proceedings).

4. Privacy Rights And Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us as provided in the "How to Contact Us" section below. You may continue to receive services-related and other non-marketing emails.

Online tracking opt out. You can opt out of third-party cookies as described in our Cookie Policy.

GDPR Data Subject Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, you have these specific rights under GDPR:

• Right to access - You have the right to request copies of your personal data.
• Right to rectification - You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to erasure - You have the right to request that we erase your personal data, under certain conditions.
• Right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.
• Right to data portability - You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Rights related to automated decision-making and profiling - You have the right not to be subject to a decision based solely on automated processing.
• Right to withdraw consent - You have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

For personal information requests, we will respond within 30 days as required by GDPR. To make a request, please email us or write to us as provided in the "How to Contact Us" section below or use our webform. We may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an "authorized agent" to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the "How to Contact Us" section below.

Right to complain to a supervisory authority. If you are in the European Economic Area or United Kingdom, you have the right to lodge a complaint with a data protection supervisory authority in the country where you live, work, or where you believe a violation has occurred. A list of EU data protection authorities is available here.

5. Job Applicants

When you apply for one of our open positions, we collect the information that you provide in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or that you may provide during the interview process. This may also include demographic or diversity information that you voluntarily provide. We may also conduct background checks and receive related information. We also collect personal information from other sources where relevant for your application, such as employment research firms, recruiters, identity verification services, and information that you make publicly available on websites or social media platforms (for example, LinkedIn). Throughout the recruitment process, we may supplement your personal information in connection with the assessment of your application. For example, we may record the views of those considering your application about your suitability for the role for which you have applied and retain interview notes. We may also collect information about you using cookies and other similar technologies as described in our Cookie Policy. If you accept an offer from us, your personal information will be incorporated into and used as part of your employee record.

We use applicants' information to facilitate our recruitment activities, process employment applications and personalize candidate communication, including evaluating candidates and monitoring recruitment statistics. We also use successful applicants' information to administer the employment relationship. We may also use and disclose applicants' information to improve our Service and for the compliance and protection purposes described above. (Legal basis: Contractual Necessity, Legitimate Interests, Consent for certain sensitive information)

6. Other Sites And Services

The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

7. Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Staff training on data protection and security practices
• Physical security measures for our facilities

However, no security measures are failsafe and we cannot guarantee the absolute security of your personal information.

8. International Data Transfer

As an EU-based company, we primarily process data within the European Economic Area (EEA). However, we may transfer personal information to our affiliates and service providers in other jurisdictions. When we engage in such transfers outside the EEA, UK, or Switzerland, we implement appropriate safeguards to ensure that your personal information remains protected according to this Privacy Policy and applicable law.

For transfers outside the EEA, UK, or Switzerland, we rely on:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules, where applicable
• Adequacy decisions by the European Commission for countries that provide adequate protection
• Additional supplementary measures as required by the Schrems II decision

You can request a copy of these safeguards by contacting us as set out in the "How to Contact Us" section below.

9. Children

The Services are not intended for use by children under 16 years of age in the EU (or under 13 years of age in other jurisdictions). If we learn that we have collected personal information through the Services from a child under the applicable age without the consent of the child's parent or guardian as required by law, we will delete it.

10. Retention Of Personal Information

We follow specific data retention principles:

• For our AI data processing services: We maintain a backup of unprocessed data for no more than 1 day as a precautionary measure against potential data loss during AI processing. This backup is automatically deleted after 1 day and can be disabled at your request, though you would assume full responsibility for any data loss that might occur during processing if this safety feature is disabled.
• For account information: Retained for the duration of your relationship with us plus a limited period necessary for legal purposes.
• For marketing information: Retained until you opt-out or withdraw consent.
• For job applicant information: Retained for the duration of the application process plus a limited period for legal purposes or with your consent.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

You have the right to request deletion of your data at any time, subject to legal retention requirements.

11. Changes To This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will post the updated Privacy Policy on the website and change the "Last Updated" date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we will provide notice through our Services or by other means, such as email. We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices.

12. How To Contact Us

Data Controller. Fluxcoda, Inc. is the entity responsible for the processing of personal information under this Privacy Policy (as a data controller, where provided under applicable law).