Privacy Policy
This Privacy Policy explains how Reflux collects, uses, discloses, and protects personal data when you use our website, request access, communicate with us, or use Reflux software, hosted tools, simulator adapters, command-line tools, APIs, MCP interfaces, documentation, and related services.
Introduction
Reflux builds AI-assisted workflows for technical simulation software. Because these workflows can include engineering prompts, simulator case files, model outputs, adapter logs, and review notes, we treat product data and personal data with care. This policy describes our practices for the Reflux services we control.
If your employer, university, or other organization gives you access to Reflux, that organization may separately control data associated with your account or workspace. Commercial agreements, data processing addenda, security terms, or written instructions may also govern how Reflux processes customer data for those accounts.
1. Personal data we collect
We collect personal data in the following categories.
A. Personal data you provide directly
-
Account and contact information. We may collect your name, business email address, company, role, region, account credentials, and similar information when you request access, create an account, join a waitlist, or ask to hear from us.
-
Commercial information. If you buy or evaluate a paid Reflux service, we may collect billing, subscription, procurement, and payment-related information. Payment information may be processed by third-party payment providers.
-
Inputs, files, and workflow content. Reflux can process prompts, instructions, uploaded documents, simulator case references, flowsheet metadata, adapter commands, review comments, generated plans, run summaries, and simulator outputs that you choose to provide or connect to the service.
-
Communications and feedback. If you contact us, submit a form, respond to research questions, report an issue, or provide feedback, we collect the contents of those communications and related contact details.
B. Personal data we receive from your use of Reflux
-
Device and log information. We may receive IP address, browser type, operating system, device identifiers, timestamps, error logs, diagnostic events, and similar technical data.
-
Usage data. We may collect information about pages viewed, features used, access times, clicked links, product events, latency, failures, and other interactions with the services.
-
Simulator and adapter telemetry. When you use Reflux to plan, run, or review simulator workflows, we may process adapter status, execution traces, selected file paths, run state, error categories, and review records so the workflow can be completed and audited.
-
Cookies and similar technologies. We may use cookies, local storage, pixels, or similar technologies to keep preferences, understand site performance, remember theme settings, protect the service, and improve the user experience.
-
Approximate location. We may infer general location from IP address for security, compliance, analytics, and product availability.
C. Information we do not intentionally collect
Reflux is not intended for children under 18. We do not knowingly collect personal data from children. We also ask that you avoid sending sensitive personal data, regulated health information, payment card details outside approved payment flows, or unnecessary personal data inside simulator prompts, case files, comments, or logs.
2. How we use personal data
We use personal data to:
Provide, maintain, secure, and troubleshoot Reflux services.
-
Convert requests into reviewed plans, route work to simulator adapters, run approved workflows, summarize outputs, and preserve audit records.
Create, administer, and support accounts, trials, subscriptions, and teams.
Respond to messages, product inquiries, support requests, and feedback.
-
Improve Reflux, including debugging, measuring reliability, evaluating feature quality, and developing safer workflow review patterns.
Detect, prevent, and investigate fraud, abuse, security incidents, and policy violations.
Comply with law and protect the rights, safety, privacy, and property of Reflux, users, customers, and others.
We do not use private customer simulator files, prompts, generated workflow outputs, or engineering content to train general-purpose AI models unless you expressly agree or submit content to a feature that clearly states it is intended for that purpose. Third-party model providers or infrastructure vendors may process content only as needed to provide the requested service, subject to applicable agreements and safeguards.
We may aggregate or de-identify data so it no longer identifies a person or customer workspace. We may use that information for analytics, product improvement, research, and reporting, and we will not attempt to re-identify it except as allowed by law.
3. How we share personal data
We may disclose personal data in these circumstances:
-
Service providers. Vendors may help us with hosting, cloud infrastructure, AI model access, analytics, security, customer support, communications, payment processing, compliance, and business operations.
-
Customer and workspace administrators. If your access is provided through an organization, administrators may be able to manage your account, review usage, configure retention, and access workspace content according to their role.
-
Simulator, file, and third-party integrations. When you connect Reflux to local simulators, cloud services, repositories, documents, or other tools, information may be sent to those systems as necessary to perform the action you request.
-
Business transfers. We may disclose or transfer personal data in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets.
-
Legal compliance and protection. We may disclose personal data when we believe it is necessary to comply with law, legal process, or government requests, or to protect users, customers, Reflux, or others.
-
With your direction or consent. We may share personal data when you ask us to, enable a sharing feature, connect an integration, or otherwise consent.
We do not sell personal data, and we do not share personal data for cross-context behavioral advertising.
4. Retention
We retain personal data for as long as reasonably necessary to provide Reflux, support customer workspaces, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and improve reliability. The retention period depends on the type of data, the context in which it was collected, workspace settings, legal requirements, and customer agreements.
When personal data is no longer needed, we take steps designed to delete, de-identify, or anonymize it. Some data may remain in backups, security logs, audit records, or archives for a limited period where deletion is not technically immediate.
5. Security
We use administrative, technical, and organizational measures designed to protect personal data and customer workflow content from unauthorized access, loss, misuse, disclosure, alteration, and destruction. These measures may include access controls, encryption in transit, logging, review gates, least-privilege practices, and vendor diligence.
No internet or software service is perfectly secure. You are responsible for using Reflux with appropriate workspace controls, reviewing simulator actions before approval, and limiting unnecessary personal or confidential data in prompts and files.
6. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, transfer, restrict, or object to certain processing of personal data. You may also have the right to withdraw consent where processing is based on consent, or to appeal a denied privacy request.
You can make a privacy request through the Reflux contact form. We may need to verify your identity, confirm your authority to act for an account or workspace, and retain a record of the request. We will not discriminate against you for exercising privacy rights available under applicable law.
7. Jurisdiction-specific disclosures
Privacy laws in some places require additional disclosures. The categories of data we collect, the purposes for collection, the categories of recipients, and our retention practices are described above. Our legal bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of vital or public interests where applicable.
Reflux may process personal data in the United States and other jurisdictions where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.
8. Privacy policy changes
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users or customers, such as posting an updated policy with a new effective date or providing additional notice through the service.
9. Contacting us
Please contact the Reflux team through our contact form if you have questions about this Privacy Policy or want to submit a privacy request.