Privacy Policy

FluxStore ("we", "us", or "our") is operated by SiriusMC Networks. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform at fluxstore.net and any associated services (the "Service").

FluxStore is a hosted e-commerce platform that enables Minecraft server owners and communities ("Store Owners") to create online stores and sell digital goods to their players ("Buyers"). This policy covers how FluxStore as the platform handles data. It does not cover how individual Store Owners use the data they receive. The next section explains roles and responsibilities in more detail.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

FluxStore plays different roles depending on whose data is involved. Understanding this helps you know who is responsible for what.

FluxStore (the platform)

FluxStore provides the technology infrastructure, including hosting, checkout, payment processing integrations, command delivery, and storefront tools. We are not the seller of the digital goods listed on any storefront.

For Buyer transaction data (order details, Minecraft username, email, payment status), FluxStore acts as a data processor. We handle this data on behalf of the Store Owner to facilitate the transaction and deliver the purchased goods.

For Store Owner account data (your FluxStore login, dashboard usage, store configuration), FluxStore is the data controller. We decide how and why this data is processed.

For technical and platform data (IP addresses, browser information, analytics, error logs), FluxStore is also the data controller. We collect this data for our own purposes, including platform security, fraud prevention, performance monitoring, and service improvement, regardless of whether the visitor is a Store Owner or a Buyer.

Store Owners (the merchant of record)

Each Store Owner is the merchant of record for sales made through their storefront. This means the Store Owner is the seller, their name (or their payment provider's descriptor) appears on the Buyer's payment statement, and the purchase contract is directly between the Store Owner and the Buyer. The Store Owner is the data controller for their Buyers' personal data and is independently responsible for:

• Complying with applicable privacy laws (GDPR, CCPA, etc.) for their customers
• Having their own privacy policy if required by law
• Responding to data subject requests from their Buyers
• How they use, store, or share Buyer data outside of FluxStore
• Ensuring their storefront meets age-related regulations for their audience

What this means for Buyers

When you make a purchase on a FluxStore-powered storefront, your transaction is with the Store Owner, not with FluxStore. The Store Owner receives your checkout information (such as your Minecraft username, email address if provided, and order details). If you have questions about how a specific store handles your data, you should contact that Store Owner directly. For questions about how the FluxStore platform itself handles data (such as technical logs or analytics), contact us using the details at the bottom of this page.

The data we collect depends on how you interact with FluxStore, whether you are a Store Owner managing a store or a Buyer making a purchase.

Store Owner data (FluxStore as controller)

• Email address, username, and display name for your FluxStore account
• Authentication data provided through Auth0 (including social login via Discord, Google, GitHub, or Microsoft)
• Two-factor authentication secrets and recovery codes (encrypted at rest)
• Store configuration, theme settings, package and category details
• API keys, webhook endpoints, and server connection details (encrypted at rest)
• Team member invitations and role assignments
• Discord server integration settings (server ID, notification channels, role assignments)
• Dashboard usage and analytics

Buyer data (FluxStore as processor on behalf of the Store Owner)

When a Buyer makes a purchase on a FluxStore-powered storefront, the following data is processed through our platform to facilitate the transaction. The Store Owner is the controller of this data, and FluxStore processes it on their behalf.

• Minecraft username and UUID
• Email address (if collected by the Store Owner at checkout)
• Purchase history, order details, and payment status
• Billing information processed by the Store Owner's connected payment provider (Stripe with their own API key, Stripe Connect, or PayPal with their own API key). When Stripe Connect is used, FluxStore can also access transaction details such as payment amount, status, partial card information (last 4 digits), and charge or dispute identifiers via the Stripe API.
• Currency preferences and gift card or coupon usage
• IP address at the time of purchase

Technical and platform data (FluxStore as controller, all visitors)

FluxStore collects the following data for its own purposes, including platform security, fraud prevention, error monitoring, and service improvement. We are the data controller for this data.

• IP address (anonymized for analytics), browser type and version, operating system
• Device type, timezone, and language settings
• Country (derived from IP address via Cloudflare)
• Referral source, UTM campaign parameters, and pages visited
• Analytics events such as page views, button clicks, and session duration
• Error reports, performance traces, and session replay recordings collected via Sentry for debugging and stability monitoring (see below)

Support data

• Messages, tickets, or communications submitted to our support channels

We do not knowingly collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation.

We collect personal information through three primary methods:

Direct interactions

When you create an account, set up a store, make a purchase, configure settings, or contact support, you provide information directly to us.

Automated technologies

When you visit our platform, we automatically collect technical and usage data through server logs, cookies, and our built-in analytics system. Our first-party analytics system respects the Do Not Track (DNT) browser setting and the Global Privacy Control (GPC) signal. If you have either enabled, we will not collect analytics data from your session. Error monitoring and session replay via Sentry operates separately and is not affected by DNT/GPC signals. See the Cookies section for more detail.

Third-party sources

We may receive information from the following third-party services:

• Auth0: authentication and identity data when you sign in via Discord, Google, GitHub, or Microsoft
• Stripe and PayPal: payment confirmation, transaction status, and dispute details
• Mojang / Microsoft and PlayerDB: Minecraft username and UUID lookups to verify player identity
• Cloudflare: performance, security, DNS, and country-level geolocation data derived from your IP address
• Discord: guild and role information when Store Owners connect their Discord server for notifications or role syncing

The table below covers data we process as a data controller. For Buyer transaction data where FluxStore acts as a processor, our processing is governed by the Store Owner's instructions and their own lawful basis.

You have the right to object to processing based on legitimate interest at any time. If you object to direct marketing, we will stop immediately. For other legitimate interest processing, we will assess your request and stop unless we have compelling grounds to continue.

We do not sell or share your personal data for advertising purposes. We share information only with the following categories of recipients, and only to the extent necessary:

Store Owners (for Buyer data)

When you make a purchase on a FluxStore-powered storefront, the Store Owner, as the merchant of record and data controller, receives your Minecraft username, order details, email (if collected), and any other information you provide during checkout. FluxStore facilitates this data flow as a processor. The Store Owner independently determines how they use this data beyond the transaction. FluxStore does not control how Store Owners handle Buyer data outside of our platform, and we encourage Buyers to review the Store Owner's own privacy policy before making a purchase.

Payment processors

Payment processing on FluxStore operates at two levels:

• Storefront payments (Buyer purchases): each Store Owner connects their own payment provider to accept payments on their storefront. FluxStore never accesses or stores full payment card details (card numbers, CVCs) regardless of which payment method is used. However, the level of transaction data visible to FluxStore differs depending on the payment method:
  • Stripe Connect: because the Store Owner's Stripe account is linked to FluxStore's platform Stripe account, FluxStore can access transaction data on the connected account via the Stripe API. This includes payment amounts, payment status, partial card details (last 4 digits and card type), charge and dispute identifiers, and associated Buyer information (such as email address if provided). This access is necessary to facilitate order fulfilment, command delivery, and to display transaction history in the FluxStore dashboard.
  • Stripe (own API key) or PayPal (own API key): payment data is processed entirely through the Store Owner's own account. FluxStore cannot access transaction details on these accounts. We receive only the confirmation data sent to us via webhooks or checkout callbacks (such as payment status and transaction ID) needed to process the order.
• Platform billing (Pro plan purchases): when a Store Owner purchases a Pro plan, the payment is processed via Stripe Managed Payments on behalf of FluxStore. In this case, FluxStore is the merchant and Stripe receives the Store Owner's billing and transaction data necessary to complete the purchase.

In both cases, the payment provider's use of your data is governed by their own privacy policies.

Infrastructure and service providers

• Cloudflare: CDN, DDoS protection, DNS, domain routing, and SSL. Cloudflare may process your IP address, request headers, and country information.
• Auth0: authentication and identity management for Store Owner accounts.
• Sentry: error tracking, performance monitoring, and session replay. Sentry receives error reports, performance traces, and anonymized session replay recordings (which capture page interactions to help us reproduce and fix bugs). Sentry may process technical data such as IP addresses, browser details, and URLs visited at the time of an error.
• Backblaze B2: cloud object storage for user-uploaded images and store assets.
• SMTP2Go: email delivery service for transactional emails (receipts, order notifications, verification emails).

Legal and regulatory authorities

We may disclose personal data if required by law, regulation, legal process, or enforceable governmental request.

Business transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change.

We use cookies and similar technologies to operate the platform and improve your experience.

Essential cookies

Required for core functionality including authentication (session token, user ID), cart state, and currency preferences. These cannot be disabled without breaking the platform.

Analytics

We use a built-in, first-party analytics system (not Google Analytics or similar third-party trackers) to understand how users interact with the platform. Analytics data is based on session identifiers stored in your browser's session storage (not persistent cookies) and IP addresses are anonymized before storage. Our first-party analytics respect the Do Not Track (DNT) and Global Privacy Control (GPC) signals. If either is enabled in your browser, first-party analytics data will not be collected.

Local storage

We use browser local storage to cache non-sensitive UI preferences (such as your user profile display name) for a smoother experience. This data stays in your browser and is not sent to third parties.

Third-party cookies

Payment providers (Stripe, PayPal) and infrastructure services (Cloudflare) may set their own cookies when you interact with their services during checkout or page loading. These are governed by their respective privacy policies.

FluxStore and its infrastructure providers operate globally. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection.

Where we transfer personal data outside the European Economic Area (EEA) or United Kingdom, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where available.

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it. These include:

• All connections encrypted in transit via TLS/SSL
• Encrypted storage of API keys, credentials, 2FA secrets, and payment-related data at rest
• Role-based access controls for team members and platform administrators
• Regular security reviews and monitoring
• Cloudflare-managed DDoS protection and WAF (Web Application Firewall)
• Rate limiting on API endpoints to prevent abuse

While we take reasonable precautions, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials and should not share your password or allow unauthorized access to your account.

Data breach notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay. Where FluxStore is acting as a processor, we will notify the affected Store Owner (as data controller) without undue delay so they can fulfil their own notification obligations.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

Store Owner account data

Retained while your account is active. If you delete your account, we will remove or anonymize your personal data within 30 days, except where retention is required for legal or regulatory purposes.

Buyer transaction data

Transaction records processed through our platform are retained for up to 7 years after the transaction date. This is necessary to comply with applicable tax and accounting legislation (such as HMRC requirements and VAT regulations). FluxStore retains this data both as a processor (on behalf of the Store Owner) and as a controller (for our own tax and financial record-keeping obligations related to platform fees). Store Owners may independently retain Buyer data outside FluxStore according to their own policies.

Technical and usage data

Server logs, analytics data, and error reports are typically retained for up to 12 months and then aggregated or deleted.

Support and email data

Support correspondence and transactional email logs are retained for up to 2 years after the last interaction, unless needed for ongoing disputes or legal matters.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: request that we limit how we use your data
• Right to data portability: request your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests, including the absolute right to object to direct marketing at any time
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

Who to contact

Store Owners: to exercise rights regarding your FluxStore account and dashboard data, contact us at the email address below. We will respond within 30 days.

Buyers: for data related to a specific purchase or storefront, contact the Store Owner directly, as they are the data controller for your transaction data. If you need to exercise rights regarding data that FluxStore holds as a controller (such as technical logs or analytics), you can contact us directly. For data we hold as a processor, we will coordinate with the relevant Store Owner to assist with your request.

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection authority (for example, the UK Information Commissioner's Office) if you believe your rights have been violated.

California residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA):

• Right to know: request the categories and specific pieces of personal information we have collected about you
• Right to delete: request deletion of your personal information
• Right to opt out: we do not sell or share personal information as defined by the CCPA, so no opt-out is necessary
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

Categories of personal information we collect (as defined by the CCPA): Identifiers (name, email, username, IP address, Minecraft UUID); Internet activity (browsing history, interaction with our platform); Commercial information (purchase history, transaction records); Geolocation data (country, derived from IP address). We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service.

We recognise that Minecraft has a diverse player base that includes younger users. FluxStore takes a layered approach to children's privacy:

FluxStore platform accounts (Store Owners)

FluxStore account registration and the dashboard are not directed at children under 16. We do not knowingly allow children under 16 to create a FluxStore account. If you believe a child under 16 has created an account, please contact us and we will delete it promptly.

Storefront purchases (Buyers)

FluxStore does not require Buyers to create an account to make a purchase. We minimise data collection at checkout by default. Typically only a Minecraft username is required, with email being optional and configured by each Store Owner. We do not build profiles of Buyers, do not send marketing to Buyers, and do not use Buyer data for behavioural advertising.

Store Owners, as the merchant of record and data controller for their customers, are responsible for ensuring their storefronts comply with applicable age-related regulations (such as COPPA in the US, GDPR age-of-consent requirements in the EU, or the UK's Age Appropriate Design Code) and for obtaining any necessary parental consent for their audience. If you have concerns about a specific store's practices, you may contact that Store Owner directly or reach out to us.

Our platform integrates with and may link to third-party services. Each of these services has its own privacy policy governing how they handle your data. We encourage you to review them:

• Stripe Privacy Policy
• PayPal Privacy Policy
• Cloudflare Privacy Policy
• Auth0 Privacy Policy
• Sentry Privacy Policy
• Discord Privacy Policy
• Backblaze Privacy Policy

Store Owner storefronts may also contain their own links to external websites or services. FluxStore is not responsible for the privacy practices of those external sites.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will update the effective date and version number at the top of this page.

We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please get in touch:

We aim to respond to all privacy-related inquiries within 30 days.