FluxiSign in

Data Processing Agreement

Last updated: 2026-04-17

This Data Processing Agreement ("DPA") is entered into between the customer ("Controller") and Fluxi Intelligence S.L. ("Processor"), and forms part of the Fluxi Terms of Service. It reflects the parties' agreement with respect to the processing of personal data in accordance with Regulation (EU) 2016/679 (GDPR).

1. Subject matter and duration

The Processor processes personal data on behalf of the Controller for the purpose of providing the Fluxi platform. The duration is the term of the service subscription.

2. Nature and purpose of processing

The Processor performs the following processing activities:

  • Storing and organizing CRM data imported from authorized integrations.
  • Analyzing data to generate revenue intelligence, forecasts, and recommendations.
  • Executing automated workflows configured by the Controller.
  • Sending notifications via authorized channels (email, Slack).
  • Operating security measures and audit logging to detect and prevent abuse.

3. Categories of data

  • Contact information (name, email, phone, job title).
  • Company data (name, domain, industry, size).
  • Sales data (deals, stages, amounts, activities).
  • Communication metadata (email subjects, timestamps).
  • User account and usage data.

4. Categories of data subjects

  • The Controller's employees and users of the platform.
  • The Controller's customers, prospects, and business contacts.

5. Processor obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller.
  • Ensure that persons authorized to process the data are bound by confidentiality.
  • Implement appropriate technical and organizational measures, including encryption at rest and in transit, access controls, tenant isolation, security monitoring with audit logging, and regular security reviews. See Security Overview for additional context.
  • Assist the Controller in responding to data subject requests.
  • Assist the Controller in ensuring compliance with GDPR obligations (security, breach notification, DPIAs).
  • Delete or return all personal data at the end of the service, unless legally required to retain it.
  • Make available all information necessary to demonstrate compliance and allow audits.

6. Sub-processors

The Controller authorizes the Processor to use the sub-processors listed in the Security Overview. The Processor will notify the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object.

7. International transfers

Personal data may be transferred to sub-processors located outside the EEA. Such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Data sent to AI providers is limited to the minimum necessary to generate responses.

8. Data breach notification

The Processor will notify the Controller without undue delay, and in any event within 72 hours, of becoming aware of a personal data breach. Notifications include the nature of the breach, categories of data and subjects affected, likely consequences, and measures taken or proposed.

9. Data subject rights

The Processor will assist the Controller, by appropriate technical and organizational measures, in responding to requests from data subjects exercising their rights under GDPR (access, rectification, erasure, portability, restriction, objection).

10. Audits

The Processor will, upon reasonable notice, make available to the Controller information necessary to demonstrate compliance with this DPA and allow audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

11. Termination

Upon termination of the service, the Processor will, at the Controller's choice, delete or return all personal data, unless retention is required by law.

12. Governing law

This DPA is governed by Spanish law and the GDPR.

13. Contact

Fluxi Intelligence S.L.
Calle Andarella 2, 46950 Valencia, Spain
Email: legal@fluxilabs.com

A signed copy of this DPA is available upon request for enterprise customers. Email legal@fluxilabs.com to request a countersigned version.