Privacy Policy
Last updated 1 June 2026 · POPIA-aligned
This Privacy Policy explains how fluxems collects, uses, shares, and protects personal information, and the rights you have, in line with the Protection of Personal Information Act, 2013 ("POPIA"). It applies to personal information for which fluxems is the Responsible Party, principally the account, billing, and usage information of the people who sign in to the Service. Where we process personal information contained in Customer Data on a customer's instructions, that customer is the Responsible Party and we act as their Operator; this policy does not govern how customers handle that data in their own Workspaces.
1. Who we are
fluxems is a construction operations platform built and operated by Entrebyte Technologies, based in Johannesburg, South Africa. For personal information we control, Entrebyte Technologies (trading as fluxems) is the Responsible Party. Our Information Officer can be reached at support@entrebyte.com.
2. Scope & roles
We act as Responsible Party for account holders' personal information (registration, authentication, billing, and product-usage data). We act as Operator for personal information inside Customer Data, for example, the contact records, project participants, and correspondence a customer stores in their Workspace, which we process only to provide the Service. If your personal information appears in a customer's Workspace and you wish to exercise rights over it, please contact that customer.
3. Information we collect
- Account & profile - first and last name, username, primary and any secondary email, phone number, profile image, and bio.
- Authentication & security - hashed passwords, email-verification and password-reset tokens, last-login time, and session records including IP address, device, and browser.
- Workspace & usage - your Workspace and team memberships, role, notification and account preferences, storage used, and records of your activity in the Service (the audit trail).
- Billing - Plan, trial dates, and invoices. Card payments are handled by our payment provider; we do not store full card numbers.
- Communications - messages you send us (for example, support or sales enquiries) and your contact details.
- Customer Data - documents and records you upload, which may contain personal information about your own contacts and collaborators (processed by us as Operator).
4. How we collect it
We collect information directly from you when you register, configure a Workspace, or contact us; automatically as you use the Service (such as session, device, and usage data); and from others, for example when a colleague invites you to a Workspace or when our payment provider confirms a transaction.
5. How we use information
We use personal information to:
- create and administer your account and Workspaces, and authenticate you;
- provide, maintain, secure, and improve the Service and its features;
- send service messages, such as email verification, password resets, Workspace invitations, and event notifications you have subscribed to;
- process payments and manage subscriptions, trials, and limits;
- provide support and respond to your enquiries;
- monitor, prevent, and investigate security incidents, fraud, and misuse; and
- comply with our legal obligations and enforce our Terms.
Where we send marketing communications, we do so only as permitted by law, and you can opt out at any time.
6. Lawful basis
We process personal information on the bases POPIA recognises, including: performance of our contract with you (to provide the Service); our legitimate interests (to secure and improve the Service and run our business), balanced against your rights; your consent, where required (for example, certain marketing or non-essential cookies); and compliance with a legal obligation.
8. Storage & transfers
Workspace data is hosted in a South African region by default, with other regional options available for Enterprise customers. Some operators may process limited personal information outside South Africa. Where personal information is transferred across borders, we put in place the safeguards POPIA requires so that it continues to receive an adequate level of protection.
9. Security
We use appropriate, reasonable technical and organisational measures to protect personal information, including encryption in transit, hashed passwords, encrypted session tokens in HttpOnly cookies with automatic expiry, role-based and project-level access controls, isolated Workspaces, confidentiality levels on documents, time-limited download links, audit logging, and regular encrypted backups. No system is perfectly secure; if a breach affecting your personal information occurs, we will notify you and the Information Regulator as POPIA requires.
10. Retention
We keep personal information only for as long as necessary for the purposes described here or as the law requires. Account and profile data is retained while your account is active. Sessions expire automatically. After a Workspace is closed, Customer Data is available to export for 30 days and is then deleted in the ordinary course, subject to residual copies in routine backups that cycle out over time and to records we are required to keep (such as invoices). Audit-trail records are retained to support the accountability the Service provides.
11. Your rights
Subject to POPIA, you have the right to:
- request access to the personal information we hold about you;
- ask us to correct or update inaccurate or incomplete information;
- ask us to delete or destroy information we are no longer entitled to keep;
- object, on reasonable grounds, to certain processing, and to opt out of direct marketing;
- request a copy of certain information you provided to us (portability), for example by exporting your data; and
- complain to the Information Regulator (South Africa).
To exercise a right, contact support@entrebyte.com. We may need to verify your identity, and some rights have limits under POPIA.
12. Customer Data
When personal information sits inside a customer's Workspace, such as the names, email addresses, phone numbers, job titles, and addresses stored as contacts, or the participants named in projects, tenders, and correspondence, the customer determines how it is used and is the Responsible Party. We process it as Operator under our agreement and only to provide the Service. Requests about that data should be directed to the relevant customer.
14. Children
The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will take appropriate steps.
15. Changes
We may update this policy from time to time. We will change the "last updated" date above and, for material changes, provide additional notice. Your continued use of the Service after a change takes effect means you accept the updated policy.
16. Contact & complaints
To reach our Information Officer, or to raise a concern before contacting the Regulator:
fluxems by Entrebyte Technologies · Johannesburg, South Africa support@entrebyte.com