FluxOrders Privacy Policy

Last updated: October 11, 2025

FluxOrders is a B2B ordering platform operated by OG Web Design Inc. This Privacy Policy describes how we collect, use, disclose, and protect information when businesses and their authorized users access our mobile apps (iOS/Android) and backend API/services.

This policy is written for business customers and their authorized staff. FluxOrders is not intended for individual consumers or children.

1) Who we are

• Legal entity: OG Web Design Inc.
• Mailing address: 700 Third Line, Oakville, ON L6L 4B1, Canada
• Support & privacy contact: og@ogwebdesign.ca
• Website: https://fluxorders.com

2) Scope

This policy applies to:

• The FluxOrders mobile apps (iOS and Android) used by your staff to place and manage orders;
• The FluxOrders web/API used by your organization’s users;
• Integrations that you enable (e.g., QuickBooks).

This policy does not cover third-party software that you operate independently (e.g., your email clients, your QuickBooks account portal), which are governed by their own privacy terms.

3) What information we collect

We process information that is typical for B2B ordering systems. Depending on how your account is configured, we may collect:

A. Identity & Contact

• First and last name, business email, phone number, account identifiers, role/type.

B. Business & Customer Records

• Company name, customer lists, groups, and related identifiers from your account or imports (including QuickBooks sync).

C. Order & Commerce Data

• Orders, items, quantities, prices, purchase order numbers, shipping instructions/notes, and references to related accounting documents (e.g., QuickBooks estimate/invoice IDs).

D. Addresses & Location Fields

• Billing and shipping addresses (including city, province/state, postal code, country).
• Optional coordinates (latitude/longitude) if you store them in address records.

E. Authentication & Security

• Password (stored as a secure hash), API access tokens (Laravel Sanctum), and session identifiers.
• OAuth tokens/credentials that you authorize for integrations (e.g., QuickBooks), so we can perform actions on your behalf.

F. Device/Session Information

• IP address, user agent, and session metadata as part of secure session management.

G. Files & Media

• Product or group images you upload.
• CSV files that you upload for customer imports (processed and not retained as files).

H. Mobile Capabilities

• The apps use device camera only to scan barcodes/QR codes you choose to scan within the app.
• We do not use advertising identifiers.
• Push notifications and mobile advertising SDKs are not used unless explicitly enabled in future releases.

No special-category (sensitive) personal data (e.g., health, biometrics) is intentionally collected.

4) How we collect information

• Directly from you (forms, uploads, scans, CSV imports).
• Automatically via application logs/sessions for security and debugging.
• From integrations you enable (e.g., pulling customer/address data from QuickBooks).

5) How we use information

• Provide and maintain FluxOrders services for your business (contractual necessity);
• Authenticate users and secure accounts;
• Create and manage orders, estimates, invoices, and related records;
• Facilitate integrations you enable (e.g., synchronize customers/items, create estimates or invoices in QuickBooks);
• Operate, maintain, and improve reliability and security;
• Respond to support requests and communicate about changes to the service.

Legal bases (where applicable): Contract, legitimate interests, and legal obligations.

6) Sharing and disclosures

We share data only as necessary to run the service you’ve requested:

• Processors/Integrations you enable: QuickBooks (Intuit) to sync customers/items and create estimates/invoices using your authorized OAuth connection.
• Hosting and storage providers: Cloud infrastructure used to host the application, databases, and storage (e.g., object storage for images).
• Professional services or legal compliance: If required to comply with law or protect our rights.

We do not sell personal information.

7) Data retention (aligned to your current configuration)

• User, customer, order records: Kept while the account is active. Soft-deleted records remain in the database (marked with a deletion timestamp) until purged by your administrator or operations process.
• Sessions: Stored in the database with a configurable lifetime (commonly 120 minutes) and standard “lottery” sweeping.
• API tokens (Sanctum): Tokens remain valid until revoked or expired if an expiration is configured. If no expiration is configured, tokens do not automatically expire.
• Files (product/group images): Retained while the related records exist.
• Backups: Retention and storage locations are managed by operations. Contact us for environment-specific details.

8) Security

We use industry-standard technical and organizational measures to protect information, including TLS (HTTPS) in transit and role-based access controls. Passwords are stored as cryptographic hashes. Where integrations are enabled (e.g., QuickBooks), FluxOrders stores the OAuth tokens and configuration needed to perform the actions you authorize; these secrets are protected by access controls and operational safeguards.

No method of transmission or storage is 100% secure. We continuously improve safeguards in line with applicable standards and our B2B threat model.

9) International transfers

FluxOrders primarily serves organizations in Canada and the United States. Depending on your hosting and integrations, data may be processed in either country and may be transferred cross-border to provide the service (e.g., to QuickBooks’ cloud). Where required, we will take appropriate steps to ensure transfers comply with applicable law.

10) Your rights & choices

• Access, correction, deletion: Business administrators may correct or delete records in-app. You may also request access, correction, or deletion by contacting us at og@ogwebdesign.ca.
• Export: Upon request, we will provide a copy of your data in a commonly used format within a reasonable time.
• Opt-outs: If push notifications or similar features are introduced, you can control them through system settings.

Jurisdictions: This policy is designed for customers in Canada (PIPEDA) and the United States. At this time, FluxOrders is not onboarding California consumers and the CCPA does not apply to our service configuration. If your organization later includes California or EU data subjects, contact us so we can enable the appropriate compliance addenda.

11) Children

FluxOrders is for business use only and not directed to children. We do not knowingly collect personal information from children.

12) Changes to this policy

We may update this policy to reflect changes to our practices or applicable laws. If we make material changes, we will notify account owners by email or in-app notice. The “Last updated” date at the top will indicate the latest revision.

13) Contact

Questions or requests about this policy can be sent to: og@ogwebdesign.ca
OG Web Design Inc., 700 Third Line, Oakville, ON L6L 4B1, Canada