Privacy Policy

1. Introduction and Scope

This Privacy Policy describes the personal information practices of Malleo Jafari, operating as FluxFront ("we", "us", "the Company"), a sole proprietorship registered in Ontario, Canada. FluxFront provides an artificial intelligence automation, communication, scheduling, and customer relationship management software platform (the "Services") to service-based businesses ("Tenants").

This Policy governs the processing of personal information for three categories of individuals:

• Marketing Visitors — individuals browsing fluxfront.ca or making direct inquiries.
• Tenants — service-business operators who subscribe to the Services.
• End-Consumers — customers of Tenants who interact with the Services through Tenant-facing surfaces (booking widgets, the AI voice agent "Aria", SMS, email).

Controllership Designation

Under PIPEDA, the GDPR, the CCPA, and Quebec Law 25:

• FluxFront is the Data Controller for personal data of Marketing Visitors and Tenants.
• FluxFront is the Data Processor (or "Service Provider" under the CCPA) for personal data of End-Consumers. The Tenant is the Data Controller. We process End-Consumer data only on the Tenant's documented instructions, expressed through their configuration and use of the Services.

2. Information We Collect

2.1 Data we collect as Controller (Marketing Visitors and Tenants)

• Identity and contact data: names, business addresses, email addresses, phone numbers.
• Authentication data: passwords (cryptographically hashed using a strong, industry-standard algorithm; never stored in plaintext); session tokens (only a one-way cryptographic hash is stored).
• Tenant onboarding data: business name, industry vertical, configuration, brand assets (logos, colors).
• Subscription and billing metadata: subscription tier, payment method indicators (card brand and last four digits only), invoice records, transaction history.
• Technical data: IP addresses, browser type, session identifiers (collected via strictly necessary cookies — see our Cookie Policy).

2.2 Data we process as Processor (End-Consumers, on behalf of Tenants)

• CRM records: names, normalized phone numbers, email addresses, dates of birth, custom fields configured by the Tenant.
• Communication content: voice call transcripts and AI-generated summaries; inbound and outbound SMS conversation logs; chat agent interaction logs; transactional email content.
• Scheduling and booking data: appointment histories, service preferences, staff assignments.
• Payment metadata: masked payment method indicators (brand, last four digits only), records of consent for off-session charges (no-show fee authorization and saved-card authorization for completed, customer-approved work orders), and payment and charge history.
• Customer notes and documents: unstructured staff notes, uploaded customer documents (intake forms, ID, consent forms — at the Tenant's option).
• Health-adjacent information (spa, med-spa, and similar Tenants only): medical notes, allergy notes, treatment records, intake forms uploaded by the Tenant. See Section 12.
• Vehicle data (mechanic vertical only): vehicle identification numbers (VINs), make, model, service history. See Section 13.
• Third-party-sourced data: lead form submissions received via advertising and lead-capture platforms the Tenant has authorized (name, email, phone, custom form fields).

2.3 What we do NOT collect or store

• Full credit card numbers, CVV codes, or magnetic stripe data — payments are processed exclusively by our payment processor; payment card information never touches our servers.
• Government-issued identifier numbers (Social Insurance Number, Social Security Number, driver's license numbers) — unless a Tenant uploads such information to a customer document, in which case the Tenant is the Data Controller for that information.
• Biometric voiceprints or persistent biometric identifiers — see Section 5.

3. Sources of Information

We collect personal information directly from you (when you sign up, fill out a contact form, or interact with our website) and indirectly through:

• Tenants providing data about their End-Consumers as part of using the Services.
• End-Consumers interacting with Tenant-facing surfaces (booking widgets, voice calls to Aria, replies to automated SMS).
• Third-party integrations operated on behalf of Tenants — primarily advertising and lead-capture platforms (lead forms submitted on social media and routed to FluxFront via the Tenant's authorized integration).
• Our payment processor, for payment processing metadata.

4. Purposes of Processing

We process personal information to:

• Provide, operate, and maintain the Services.
• Authenticate users and protect against unauthorized access.
• Facilitate autonomous booking, rescheduling, and cancellation of appointments through AI agents.
• Send transactional communications (booking confirmations, appointment reminders, payment receipts, security notifications).
• Process payments and authorized off-session charges (such as no-show fees, and approved work-order balances charged to a card the customer chose to save on file).
• Power AI-driven customer interactions (voice agent, SMS agent, chat agent) and AI-assisted features (call summaries, customer profile summaries, draft replies to public reviews).
• Deliver advertising performance reporting and lead capture for agency-vertical Tenants who have authorized an advertising integration.
• Detect, investigate, and prevent fraud, security incidents, and abuse.
• Comply with legal obligations and respond to lawful requests.
• Improve and develop the Services.

Lawful bases (where applicable, e.g., for EU/UK Data Subjects): performance of a contract; legitimate interests (security, fraud prevention, service improvement); legal obligation; consent (where required, particularly for marketing communications under CASL).

5. Voice Recording, Transcription, and Biometric Privacy

The Services include "Aria", an AI voice agent that answers inbound telephone calls on behalf of Tenants.

What happens during a call

• The audio of the call is processed in real time by our telephony and voice-AI providers.
• A text transcript and AI-generated summary of the call are stored in our database for the Tenant's records.
• Call recordings (audio files) are not retained by FluxFront. Authorized sub-processors may transiently process audio to generate responses; we contractually require sub-processors not to retain audio beyond what is necessary for service delivery.

Recording disclosure

At the start of each call, Aria plays a brief disclosure that the call may be recorded and transcribed for quality and service purposes. By continuing the call after the disclosure, the caller acknowledges and consents to the recording, transcription, and AI processing of the call.

Biometric privacy

We do not generate, store, or use biometric identifiers (such as voiceprints) to identify individuals across calls or systems. The transcripts we retain are textual representations of the conversation, not biometric data. Where applicable laws (such as the Illinois Biometric Information Privacy Act) impose additional restrictions, we have configured our processing to remain outside the scope of "biometric identifier" or "biometric information" definitions to the maximum extent technically practicable.

6. Artificial Intelligence and Automated Decision-Making

The Services rely on third-party large language models and conversational AI. Specifically:

• Voice interactions are processed by our voice-AI and telephony providers. The caller's name, phone number, prior call history (if any), and live audio are transmitted to power the conversation.
• SMS interactions are processed by a third-party AI provider. Up to the most recent 15 messages of conversation history, plus the End-Consumer's appointment history, are transmitted to inform autonomous responses.
• Chat interactions on Tenant websites are processed by a third-party AI provider.
• Drafting public review replies uses a third-party AI provider. The review text and Tenant business context are transmitted; the Tenant approves before any reply is posted.
• Customer profile summarization uses a third-party AI provider. Past appointments, communication history, and customer notes (which may include medical or allergy notes for spa/med-spa Tenants — see Section 12) are transmitted to generate summaries for Tenant staff.

Automated Decision-Making (ADM) Notice

Pursuant to PIPEDA, GDPR Article 22, and Quebec Law 25 Section 12.1, you are notified that:

• The AI voice agent ("Aria") may autonomously book, reschedule, or cancel appointments based on the Tenant's configured availability rules, without human review at the moment of decision.
• The AI SMS agent may autonomously book, reschedule, or cancel appointments based on incoming text messages.
• The AI chat agent autonomously responds to customer inquiries on Tenant websites.

The customer "temperature" classification (hot/warm/cold) used by some Tenants is manually entered by Tenant staff as of the date of this Policy. It is not currently algorithmic.

Right to human intervention

If you are concerned about a decision made by an automated system — including a refused booking, a charged fee, or a denied request — you may request human review by contacting the Tenant directly. The Tenant will, in turn, contact FluxFront where technical assistance is required to fulfill your request.

7. How We Share Personal Information

We do not sell personal information.

We share personal information only with:

• Sub-processors that provide infrastructure, AI, payments, and communications services on our behalf, under written agreements requiring them to protect your data. These sub-processors are described — by category, function, and named provider — in our Data Processing Addendum.
• Tenants, where you are an End-Consumer of a Tenant — the Tenant is the Data Controller of your data within the Services.
• Authorities, courts, or other parties when required by law, legal process, or to protect rights, property, or safety.
• Acquirers, in the event of a merger, acquisition, financing, or sale of all or a portion of the business, subject to standard confidentiality protections and notice obligations.

8. International Transfers

FluxFront is operated from Ottawa, Ontario, Canada. Our primary servers, and most of our sub-processors, are located in the United States.

For Data Subjects in the European Economic Area, the United Kingdom, or other regions with cross-border transfer requirements, we rely on the Standard Contractual Clauses approved by the European Commission, our sub-processors' adequacy decisions where applicable, and Transfer Impact Assessments. For Data Subjects in Quebec, we comply with the cross-border transfer requirements of Law 25 by maintaining contractual protections with each sub-processor.

9. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, in accordance with PIPEDA's limiting-retention principle and any applicable legal retention requirements. Specifically:

• Tenant account data: duration of subscription + 90 days post-termination.
• End-Consumer CRM contact records: at Tenant's direction; default 24 months of inactivity, then anonymization or deletion.
• Voice call transcripts and summaries: 24 months active; longer if required for legal or audit reasons.
• SMS and chat conversation logs: 24 months active.
• Email transactional logs: 24 months active.
• Raw webhook payloads from third-party providers: 90 days.
• Financial transaction records and invoices: 7 years (Canada Revenue Agency requirement).
• Subscription billing records: 7 years.
• Authentication logs: 12 months.
• Account deletion grace period: 30 days, then hard delete.

Specific retention periods may be adjusted based on legal obligations, ongoing investigations, or technical limitations. Where information is retained beyond active use for legal or audit purposes, it is segregated from production systems and access is restricted.

10. Your Privacy Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete your personal information ("right to be forgotten" / right to erasure) — see Section 11.
• Withdraw consent for processing where consent is the basis (including SMS via "STOP", email via the unsubscribe link, and voice processing via instructions to a Tenant).
• Receive your data in portable form.
• Object to or restrict certain processing.
• Lodge a complaint with a privacy regulator (in Canada, the Office of the Privacy Commissioner of Canada or the relevant provincial commissioner; in the EU, your local data protection authority).

How to exercise your rights

• If you are a Tenant or Marketing Visitor: email support@fluxfront.ca with your request and reasonable verification of identity.
• If you are an End-Consumer of a Tenant: because FluxFront is a Data Processor for your data, please contact the Tenant (the business you booked with, called, or received messages from) directly. The Tenant will contact us where technical assistance is required.

We will respond to verifiable requests within 30 days, in accordance with PIPEDA. We do not charge a fee for reasonable requests.

11. Requesting Deletion of Your Data

You can ask us to delete personal information we hold about you. The process depends on whether you are a Tenant or an End-Consumer.

If you are a Tenant or Marketing Visitor

Email support@fluxfront.ca with the subject line "Data Deletion Request", your full name, the email address associated with your FluxFront account (or, for Marketing Visitors, the email you used to contact us), and a brief description of what you want deleted. We will respond within 30 days to confirm receipt and explain next steps.

If you are an End-Consumer

Because FluxFront acts as a Data Processor on behalf of the business you interacted with, we are not authorized to delete your data without that business's instructions. Please contact the business directly (the barbershop, salon, agency, etc. you booked with or received messages from) and ask them to process your deletion request.

If you cannot reach the business, or if you believe a Tenant business is using FluxFront in a way that violates your privacy rights, email us at support@fluxfront.ca with the subject line "End-Consumer Data Deletion Inquiry", the name of the business you interacted with (if known), an identifier the business may have used to contact you (phone or email), and a brief description of what happened. We will work with the Tenant business to process your request within 30 days.

What gets deleted

• Tenant accounts: all account data, configuration, and Tenant-uploaded content (logos, brand assets, etc.).
• End-Consumer records (when authorized by the Tenant): name, contact information, communication history, appointment history, customer notes, customer documents, and ingested lead records.
• Saved payment cards: if you saved a card on file with a business, you can ask that business to remove it at any time. Removing the saved card also withdraws your authorization for any future charges to it.

What we may retain after deletion

We may retain a minimal amount of information after a deletion request, only where we are legally required or have a legitimate basis to do so: financial transaction records required by the Canada Revenue Agency for 7 years; aggregated, de-identified analytics that do not identify you; backup copies for up to 30 days, after which backups are purged; and a record of the deletion request itself for audit purposes. We will not use retained financial or audit records for any purpose other than legal and accounting compliance.

Verification and timeline

To prevent unauthorized deletion requests, we may ask you to verify your identity before processing the request. We will respond to a verified deletion request within 30 days, in accordance with PIPEDA, and will instruct our sub-processors to delete the relevant data they hold on our behalf. Some sub-processors retain logs and metadata for their own legal or operational purposes.

12. Health-Adjacent Information (Spa and Med-Spa Tenants)

When Tenants in the spa, medical-spa, or wellness industries use the Services, they may store medical notes, allergy notes, treatment records, or uploaded consent or intake forms. For this category of data, FluxFront acts only as Processor; the Tenant is the Controller and is responsible for compliance with applicable health-information law (including Ontario's Personal Health Information Protection Act (PHIPA) and equivalent provincial frameworks).

Tenants handling personal health information are required to execute FluxFront's Electronic Service Provider Addendum prior to uploading such information. Tenants are responsible for assessing whether FluxFront's technical and organizational measures meet their regulatory obligations.

13. Vehicle and Telematics Data (Mechanic Vertical)

When Tenants in the automotive-services industry use the Services (planned mechanic vertical, expected 2026), the Services may process vehicle identification numbers (VINs), vehicle make and model, service histories, and (where the Tenant chooses to ingest it) telematics data. We treat VINs as personal information when associated with an identifiable individual. Tenants are the Data Controllers for vehicle data and are responsible for obtaining any consents required under provincial law for telematics ingestion.

14. Cookies and Tracking

See our separate Cookie Policy at fluxfront.ca/cookies. In summary: we use only strictly necessary cookies for authentication, security, and payment processing. We do not use third-party analytics, advertising, or behavioral-tracking tools as of the date of this Policy. We will update this Policy and the Cookie Policy with at least 30 days' notice if this changes.

15. Children's Information

The Services are not directed to children under 13. We do not knowingly collect personal information directly from children under 13. However, Tenants in industries that serve minors (such as barbershops cutting children's hair) may have appointments booked by a parent or guardian on a child's behalf. Such bookings should be made by the parent or guardian with the parent or guardian's information; FluxFront is not the Controller of any child's information processed in this manner.

If you believe we have inadvertently collected information from a child under 13, contact us at support@fluxfront.ca and we will delete it.

16. Security

We implement technical and organizational safeguards appropriate to the sensitivity of the data, including:

• Encryption of data in transit.
• Strong, industry-standard one-way hashing of passwords and session tokens — credentials are never stored in a recoverable form.
• Strict tenant isolation enforced at the application layer (every database query is filtered by tenant identifier).
• Cross-site request forgery (CSRF) protection on state-changing endpoints.
• Rate limiting on authentication endpoints.
• Written sub-processor agreements that include encryption and security commitments.

No system is perfectly secure. If we become aware of a confirmed personal data breach affecting your information, we will notify the affected Data Controller (or, where we are Controller, you) without undue delay, in accordance with applicable breach-notification law.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by:

• Updating the "Last Updated" date at the top of this Policy.
• Where required, providing at least 30 days' advance notice to Tenants by email.
• Where the change affects our sub-processors, posting an update in our Data Processing Addendum.

18. Contact Us

If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information (cai.gouv.qc.ca).