Flux legal
Privacy Statement
This Privacy Statement explains how Flux processes personal data when you use onflux.nl and group-specific subdomains, such as example.onflux.nl.
Flux is a registered trade name (handelsnaam) of Tryfe B.V.
Tryfe B.V.KvK number: 84737107
Address: Pierre Lallementstraat 288, 1097JR Amsterdam, The Netherlands
VAT number: NL863345839B01
Privacy contact: privacy@onflux.nl
1. Our role
Tryfe B.V. operates Flux and is responsible for the personal data it processes to provide and secure the platform, including accounts, authentication, event signups, payments, communications, support, and security.
Event organizers may also process attendee data for their own events. In those cases, the organizer may be separately responsible for how it uses attendee data, for example for admission, event management, refunds, safety, or follow-up communication.
2. Personal data we process
Depending on how you use Flux, we may process:
- your name;
- your phone number;
- your email address, if you verify or use one;
- your event signups, ticket type, check-in status, and group membership information;
- payment and refund information for paid events;
- event eligibility information, such as verified email-domain access;
- technical and security information, such as IP address, device/browser information, session identifiers, request logs, and security events;
- communications we send or receive in relation to your account, signup, payment, support request, or privacy request.
Phone numbers are the primary way Flux identifies users.
Where logs contain personal data, Flux masks sensitive values such as phone numbers where applicable.
3. Why we process personal data
We process personal data to:
- create and manage user access;
- verify phone numbers and email addresses;
- enable event signups and group access;
- send signup confirmations, verification messages, and service updates;
- process paid event checkouts, refunds, and payment administration;
- enforce capacity, eligibility, duplicate signup, and checkout rules;
- support event check-in and ticket validation;
- provide support and respond to requests;
- secure Flux, prevent abuse, and investigate errors or incidents;
- comply with legal, tax, accounting, and administrative obligations;
- handle complaints, disputes, and legal claims.
4. Legal bases
We process personal data on the following legal bases:
- Contract: to provide Flux, process signups, manage accounts, send confirmations, and support payments.
- Legal obligation: for tax, accounting, payment, compliance, and legal recordkeeping obligations.
- Legitimate interests: to secure Flux, prevent fraud and abuse, diagnose errors, enforce capacity and eligibility rules, support organizers, and handle disputes.
- Consent: where specific consent is required by law.
5. Payments
Paid events may be processed through Mollie B.V.. Mollie and the relevant banks or payment providers may process payment data under their own terms and privacy notices.
Flux stores payment and refund records needed to complete checkout, reconcile payments, handle refunds, prevent fraud, and meet compliance obligations.
Checkouts may expire after approximately 30 minutes. If payment succeeds but capacity is no longer available, Flux or the organizer may reject the signup and start a refund process.
6. Communications
Flux may send:
- SMS verification codes;
- email verification messages;
- event signup confirmations;
- payment, checkout, refund, and service messages;
- support and security messages.
Flux uses service providers such as Bird B.V. for SMS and email delivery.
7. Cookies
Flux only uses cookies that are necessary for authentication, security, session management, CSRF protection, and secure operation of the platform.
- __Http-at: access token for web sessions;
- __Http-rt: refresh token for web sessions;
- __Secure-csrf: CSRF protection token readable by the browser;
- __Http-autht: temporary cookie used during phone verification;
- __Http-anon_id: anonymous cross-subdomain tracing cookie used for security, abuse prevention, diagnostics, and request correlation. Its default lifetime is one year.
Flux uses these cookies for security and platform operation only, not for marketing or advertising.
8. Service providers
Flux uses trusted service providers to operate the platform, including:
- Bird B.V. for SMS and email delivery;
- Mollie B.V. for payment processing;
- Hetzner Online GmbH for hosting and storage infrastructure;
- BunnyWay d.o.o. for content delivery and image optimization through bunny.net.
These providers may only process personal data where needed to provide their services, comply with law, or protect their systems.
9. Retention
Flux keeps personal data only for as long as reasonably necessary.
By default, event registrations and payment records are kept for 2 years for compliance, administration, dispute handling, and financial recordkeeping.
A user may request that their attendance is hidden before the end of that period, unless Flux or an organizer needs to keep certain data for legal, payment, security, fraud prevention, accounting, or dispute reasons.
Technical logs are kept only as long as needed for security, diagnostics, and operations, unless longer retention is required for an incident, dispute, or legal obligation.
10. Security
Flux uses technical and organizational measures to protect personal data, including secure authentication, session protection, CSRF protection, restricted internal access, encrypted storage of sensitive merchant payment tokens, and masking of personal data in logs where applicable.
No system is perfectly secure. If you believe your account or data has been misused, contact us at privacy@onflux.nl.
11. Your rights
You may have the right to:
- access your personal data;
- correct inaccurate data;
- request deletion of your account or data;
- request a data export;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
Flux is in an early stage and does not yet provide automated export or deletion tools. You can exercise your rights by emailing privacy@onflux.nl.
We may need to verify your identity before handling your request. In some cases, we may need to retain certain data for legal, payment, security, fraud prevention, accounting, or dispute reasons.
12. International transfers
Where possible, Flux uses providers and infrastructure suitable for Netherlands/EU-facing services. If personal data is transferred outside the European Economic Area, Flux will use appropriate safeguards where required by law.
Flux uses providers and infrastructure suitable for Netherlands/EU-facing services.
13. Children
Flux is not specifically aimed at children. Events may have their own age or eligibility requirements. Organizers are responsible for making those requirements clear where relevant.
Flux does not have a minimum age or parental-consent rule.
14. Changes
We may update this Privacy Statement as Flux develops. The latest version will be published on Flux.
15. Contact
Tryfe B.V.Trade name: Flux
KvK number: 84737107
Address: Pierre Lallementstraat 288, 1097JR Amsterdam, The Netherlands
Email: privacy@onflux.nl