Privacy Policy
1. Controller
Responsible for data processing on this website is:
Jan Herklotz
Birkenstr. 23
65187 Wiesbaden
Germany
Email: hello@washed.dev
2. Summary
Fluxer is a temporary video sharing service. When you upload a video, we process the file, generate a share link, create a thumbnail, and delete the video automatically after 30 days unless you delete it earlier. This policy describes our current processing practices and is not a legal guarantee of compliance.
3. Data We Process
- Account data such as email address, password hash, display name, and account status.
- Session data such as anonymous or logged-in session identifiers.
- Upload data such as filename, size, MIME type, thumbnail, video metadata, and timestamps.
- Account enforcement data such as restriction status, restriction reasons, audit log entries, and enforcement actions.
- Technical data such as IP address, browser type, user agent, request metadata, and log entries created by our hosting provider.
4. Purposes & Legal Bases
- Providing the website and secure operation: Art. 6(1)(f) GDPR.
- Managing sessions, uploads, and account functionality: Art. 6(1)(b) GDPR.
- Processing cookie consent and technically necessary storage: Art. 6(1)(c) and/or Art. 6(1)(f) GDPR, and where required Art. 25(2) TDDDG.
- Sending password reset emails: Art. 6(1)(b) GDPR.
- Preventing abuse, fraud, and security incidents: Art. 6(1)(f) GDPR.
5. Hosting & Processors
We use Cloudflare, Inc. for hosting and platform infrastructure, including Workers, D1, R2, request handling, and security features. We also use Resend for transactional email delivery, such as password reset emails.
These providers may process data outside the EU/EEA. Where required, transfers are based on appropriate safeguards such as the EU Standard Contractual Clauses and the providers' data processing terms.
We self-host our fonts from our own domain so the browser does not contact Google for font loading.
6. Cookies & Local Storage
Fluxer uses only technically necessary cookies and similar storage. We do not use analytics, marketing, or advertising cookies.
- fluxer_session: session cookie used for login, account, and upload sessions.
- fluxer_consent: stores your consent choice.
The consent choice is stored so we can remember your selection and avoid showing the banner on every visit. Uploading, thumbnail updates, password reset requests, and email verification requests require an accepted consent choice because they depend on the technically necessary session flow.
7. Uploads & Retention
Uploaded videos are stored in Cloudflare R2 and deleted automatically after 30 days. Video pages are unlisted and accessible to anyone who has the direct URL. We may also delete content earlier if you remove it or if we need to respond to a valid legal request.
8. Security & Abuse Prevention
We use Cloudflare security controls, request logs, IP addresses, user agents, and internal account-enforcement records to protect the service from abuse, fraud, spam, and attacks. When an account is restricted, we store the enforcement decision on the user record and revoke active sessions.
Access restrictions may also be enforced by Cloudflare at the edge. Rate-limit state and upload-session records are temporary, and account-enforcement logs are retained for up to 90 days unless a longer period is required for a specific security or legal reason.
9. Rights
You have the rights of access, rectification, erasure, restriction, portability, and objection under the GDPR, where applicable. You may also withdraw consent at any time with effect for the future.
10. Complaint Right
You have the right to lodge a complaint with a supervisory authority. In Hessen, this is the Hessian Commissioner for Data Protection and Freedom of Information.
11. No Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.
12. Contact
If you have questions about privacy or want to exercise your rights, contact us at hello@washed.dev.