Legal
Privacy Policy
Last updated: June 2025 · Vedha LLC
1. Who We Are
fluxd.news is operated by Vedha LLC ("we", "us", "our"). This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website and services. Our contact address is admin@vedhallc.com.
2. Data We Collect
We collect data in the following categories:
- Account data: Email address and password hash when you register. Optionally a display name.
- Subscription data: Billing tier (Free/Pro/Elite) and Stripe customer ID. We do not store raw card numbers — payment data is handled entirely by Stripe.
- Usage data: Pages visited, articles clicked, and features used. Collected via PostHog analytics (see Section 5).
- Newsletter: Email address if you subscribe to our digest. This is stored separately and you may unsubscribe at any time.
- Cookies & local storage: A consent preferences object (stored in your browser's localStorage), authentication session tokens (HTTP-only cookies managed by Supabase Auth), and advertising cookies placed by Google AdSense when you consent.
- Log data: Standard server logs including IP address, browser user-agent, and request timestamps. Retained for up to 30 days for security and debugging purposes.
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
- Contract: Processing necessary to provide you with the Service, including account management and subscription billing.
- Legitimate interests: Server logs and security monitoring to protect the integrity of our Service.
- Consent: Analytics tracking (PostHog), advertising cookies (Google AdSense), and personalised advertising. You may withdraw consent at any time via the cookie preferences panel.
- Legal obligation: Retaining billing records as required by applicable financial regulations.
4. How We Use Your Data
- To authenticate you and provide the Service
- To process subscription payments and manage billing
- To send newsletter digests you have opted into
- To improve the Service through aggregated analytics (PostHog)
- To display relevant advertisements (Google AdSense) when you consent
- To respond to support requests and enforce our Terms of Service
We do not sell your personal data to any third party.
5. Third-Party Processors
We share data with the following sub-processors, each bound by their own privacy commitments:
Supabase (database & auth)
Stores account, profile, and article data. Hosted on AWS. Data Processing Agreement available at supabase.com/privacy.
Stripe (payments)
Processes subscription billing. PCI-DSS Level 1 certified. See stripe.com/privacy.
PostHog (analytics)
Collects anonymised usage events when you consent to Analytics cookies. Self-hostable; we use the EU-hosted cloud at us.i.posthog.com. See posthog.com/privacy.
Google AdSense (advertising)
Displays advertisements and may set cookies to personalise ads when you consent to Advertisement and/or Personalisation purposes. See policies.google.com/privacy.
Vercel & Railway (hosting)
Our web application and background worker are hosted on Vercel and Railway respectively. Standard server-side log data is processed by these providers.
6. Cookies & Consent
We use the following categories of cookies and similar storage:
- Strictly necessary: Authentication session cookies required to keep you logged in. These cannot be disabled.
- Analytics: PostHog tracking to understand page performance and feature usage. Only active with your consent.
- Advertising: Google AdSense ad delivery cookies. Only active with your consent.
- Personalisation: Google AdSense personalisation for interest-based ads. Only active with your explicit consent.
You can review and update your cookie preferences at any time via the "Cookies" link in the navigation bar or footer.
7. Data Retention
- Account data: Retained as long as your account is active. Deleted within 30 days of an account deletion request.
- Billing records: Retained for 7 years to comply with financial regulations.
- Newsletter list: Retained until you unsubscribe.
- Analytics events: Aggregated; individual events are purged after 12 months.
- Server logs: Retained for up to 30 days.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your account and associated personal data.
- Portability: Receive your data in a structured, machine-readable format.
- Restriction & objection: Object to or restrict certain processing activities.
- Withdraw consent: Withdraw consent for analytics, advertising, or personalisation at any time via the cookie settings panel.
To exercise any of these rights, email us at admin@vedhallc.com. We will respond within 30 days. If you are in the EEA and believe we are not handling your data lawfully, you have the right to lodge a complaint with your local supervisory authority.
9. Data Transfers
Your data may be transferred to and processed in the United States. Such transfers are undertaken in compliance with applicable data protection law, either under Standard Contractual Clauses or through sub-processors that participate in recognised adequacy frameworks.
10. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where practicable, by email. Your continued use of the Service after changes are posted constitutes your acknowledgement of the revised policy.
12. Contact
For any privacy-related questions or to exercise your rights, contact us at admin@vedhallc.com.