Privacy Policy
Last updated: March 7, 2026
1. Overview
Fluidgenius, LLC ("Company," "we," "us," or "our") operates the Fluidgenius digital publishing platform ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
2. Information We Collect
2.1 Information You Provide
| Data Type | When Collected | Purpose |
|---|---|---|
| Name, email | Account registration | Account identity, communications |
| Organization name, slug | Publisher registration | Multi-tenant platform access |
| Payment information | Subscription purchase | Billing (processed by Stripe) |
| Publication content | Publisher upload | Content hosting & display |
| Branding assets | Brand Studio configuration | Organization customization |
2.2 Information Collected Automatically
| Data Type | Collection Method | Purpose |
|---|---|---|
| IP address, browser type | Server logs | Security, abuse prevention |
| Pages viewed, time on page | Analytics (first-party) | Platform improvement |
| Device type, screen size | Browser API | Responsive design optimization |
| Interaction events | First-party analytics | Feature usage, engagement metrics |
2.3 Information from Third Parties
When you sign in using Google, we receive your name, email address, and profile photo from Google. We do not receive your Google password.
3. How We Use Your Information
We use your information for the following purposes:
- Account management — Creating, maintaining, and securing your account
- Service delivery — Hosting and displaying publications, processing subscriptions
- Billing — Processing payments and managing subscriptions (via Stripe)
- Communications — Sending account notifications, verification emails, and service updates
- Security — Detecting fraud, abuse, and unauthorized access
- Analytics — Understanding usage patterns to improve the Platform (aggregated, non-personally-identifiable data)
- Legal compliance — Meeting legal obligations and responding to lawful requests
4. Cookies & Tracking Technologies
4.1 What We Use
| Cookie/Technology | Type | Purpose | Duration |
|---|---|---|---|
| Firebase Auth token | Essential | Authentication | Session |
| Cookie consent preference | Essential | Storing your cookie choice | 1 year |
| Service Worker cache | Performance | Offline access, faster loading | Until cleared |
| First-party analytics | Analytics | Page views, engagement | Session |
4.2 Managing Cookies
You can manage your cookie preferences through the cookie consent banner displayed on your first visit. Essential cookies cannot be disabled as they are required for the Platform to function.
You can also manage cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.
5. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Firebase | Authentication | Email, name, auth tokens | Link |
| Google Cloud Platform | Infrastructure, hosting | Server logs, stored content | Link |
| Stripe | Payment processing | Name, email, payment details | Link |
| Lulu Press | Print-on-demand | Shipping address, order details | Link |
| Google Gemini AI | AI chat, content assistance | Chat messages (no PII stored) | Link |
6. Data Sharing & Disclosure
We may share your information in the following circumstances:
- With Publishers — Publishers can see the names and emails of their subscribers for customer relationship purposes
- With service providers — Third-party services listed in Section 5, bound by data processing agreements
- For legal compliance — When required by law, subpoena, or court order
- Business transfers — In connection with a merger, acquisition, or asset sale
- With your consent — When you explicitly authorize sharing
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services:
- Account data — Retained until account deletion
- Publication content — Retained while the Publisher's account is active + 30 days after deletion
- Payment records — Retained for 7 years per tax/legal requirements
- Server logs — Retained for 90 days
- Analytics data — Aggregated and anonymized after 24 months
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your personal data
- Portability — Request your data in a machine-readable format
- Restriction — Request we limit processing of your data
- Objection — Object to processing based on legitimate interests
- Withdraw consent — Where processing is based on consent
To exercise any of these rights, contact us at privacy@fluidgenius.com. We will respond within 30 days.
8.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act. We do not sell personal information. You may request disclosure of the categories of personal information collected and the purposes for which it is used.
8.2 European Residents (GDPR)
If you are in the European Economic Area, our legal basis for processing your data is: contract performance (for service delivery), legitimate interest (for security and analytics), and consent (for optional cookies). You have the right to lodge a complaint with your local data protection authority.
9. Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted via HTTPS/TLS
- Database connections require SSL encryption
- Automated daily backups with 14-day retention
- Firebase JWT token verification on all authenticated endpoints
- Rate limiting to prevent abuse (Redis sliding-window)
- Cloud Run services hardened with internal-only ingress
- Secrets stored in Google Cloud Secret Manager
- Stripe webhook signature verification (HMAC)
No system is 100% secure. If you discover a security vulnerability, please report it immediately to security@fluidgenius.com.
10. Children's Privacy
The Platform is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@fluidgenius.com.
11. International Data Transfers
Your data may be processed in the United States, where our servers are located. If you are accessing the Platform from outside the United States, your data will be transferred to and processed in the United States. By using the Platform, you consent to this transfer.
We rely on standard contractual clauses and other transfer mechanisms where required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform or sending an email. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact Us
For privacy-related questions or to exercise your data rights:
- Privacy: privacy@fluidgenius.com
- General support: support@fluidgenius.com
- Security: security@fluidgenius.com
Fluidgenius, LLC
Atlanta, Georgia, United States