Privacy Policy

Last updated: 2 April 2026

Solarisflux - Unipessoal Lda · VAT PT518304426

Governing law: Portugal & European Union (including GDPR)

The software and services described herein are marketed as EcomFlux.

1. Who we are

This Privacy Policy describes how Solarisflux - Unipessoal Lda(“Solarisflux”, “we”, “us”) processes personal data in connection with the EcomFlux platform. We are established in Portugal (VAT PT518304426) at Rua Dom Afonso Henriques 132, 4950-854 Monção, Portugal.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and related Portuguese law, we typically act as a data controller for account, billing, and service-usage data relating to our business customers. Where we process personal data on your documented instructions solely to deliver EcomFlux to you, we act as a data processor—see Section 3 and our Data Processing Agreement.

2. Scope

This Policy applies to visitors to our marketing website, trial users, and paying customers. It should be read together with our Terms of Service and, for B2B customers, the Data Processing Agreement at /legal/dpa.

3. EcomFlux as processor (end-customer PII)

When you use EcomFlux to sync and manage orders, we may process personal data relating to your end customers—such as names, delivery addresses, contact details, and order-related identifiers—strictly for the purpose of providing the Service you subscribed to (for example order ingestion, fulfilment workflows, label generation, and related automation). In that capacity, we process such data only on your instructions (including your integration settings and lawful use of the platform), unless EU or Portuguese law requires otherwise.

You remain responsible for establishing a lawful basis under GDPR for your use of end-customer data in your business (e.g. contract performance with your customer) and for providing any required notices to data subjects, except where we are directly obligated as controller for a specific processing activity.

4. Categories of data we process

  • Account & contact data: name, email, company, role, authentication identifiers.
  • Billing data: billing contact and transaction references processed via our payment provider; we do not store full payment card numbers.
  • Service & technical data: logs, device/browser metadata, security signals, usage analytics, support tickets.
  • Integration & operational data: data imported from channels you connect (orders, SKUs, shipment events, etc.), which may include personal data of your staff or end customers.

5. Purposes and legal bases (controller activities)

Where we act as controller, we rely on appropriate bases such as:

  • Contract: to provide the Service, authenticate users, and manage subscriptions.
  • Legitimate interests: to secure the platform, prevent abuse, improve reliability, and communicate service messages—balanced against your rights.
  • Legal obligation: for tax, accounting, or regulatory requirements applicable to Solarisflux.
  • Consent: where required for specific communications or non-essential cookies/analytics, as disclosed at collection.

6. Recipients and international transfers

We use vetted infrastructure and service providers (sub-processors) to host and operate EcomFlux. Some providers may process data outside the European Economic Area. Where required, we implement appropriate safeguards (e.g. Standard Contractual Clauses approved by the European Commission) in addition to technical and organisational measures.

7. Retention

We retain personal data only as long as necessary for the purposes described:

  • Account data: for the life of the contract and a reasonable period thereafter for disputes, backups, and legal claims.
  • Operational / synced data: according to your plan, product settings, and deletion or export requests, subject to minimum retention needed for security logs and legal compliance.
  • Tax & billing records: for periods required under Portuguese and EU law (often up to ten (10) years where applicable).

Backup systems may retain encrypted copies for a limited technical window before overwriting.

8. Security

We implement appropriate technical and organisational measures—including encryption in transit, access controls, least-privilege administration, and monitoring—to protect personal data. No method of transmission or storage is completely secure; we commit to notifying you and regulators where required in case of a personal data breach affecting your data.

9. Your GDPR rights

Subject to conditions in GDPR, you may request access, rectification, erasure, restriction, portability, and object to certain processing. You may lodge a complaint with the Portuguese supervisory authority (Comissão Nacional de Proteção de Dados — CNPD) or your local authority.

10. Changes

We may update this Policy. Material changes will be communicated via the website or email. The “Last updated” date reflects the latest revision.

11. Contact

Data protection enquiries: privacy@ecom-flux.com

Solarisflux - Unipessoal Lda
VAT: PT518304426
Rua Dom Afonso Henriques 1324950-854 MonçãoPortugal