LOGIN Try Free

Made for performance-first creators.

Less is enough.

Privacy Policy

1. About This Privacy Policy and Who We Are

This Privacy Policy explains how LessFlux S.R.L. (“LessFlux”, “we”, “our”, or “us”) collects, uses, stores, and protects personal data when you visit our website, create an account, use our optimization Services, install our WordPress plugin, or interact with us.

This Policy applies to:

  • the LessFlux presentation website (lessflux.com),
  • the LessFlux application platform (app.lessflux.com),
  • the LessFlux WordPress plugin and API, and
  • all related tools and features provided by LessFlux.

The Services are operated by:

LessFlux S.R.L, Strada Petunilor Nr. 14, Sat Preajba, Comuna Malu Mare, Județ Dolj, Romania, CUI: 52902421
Email: [email protected]

Under the GDPR, LessFlux acts as:

  • Data Controller for account data, billing data, communications, and platform usage information;
  • Data Processor for images, videos, and other content you submit for optimization through the plugin or API.

By accessing or using the Services, you confirm that you have read and understood this Privacy Policy.

 

2. What Data We Collect

We collect only the information necessary to operate the Services, process optimization requests, maintain security, and fulfill our legal obligations. The categories of data we process include:

Account Information
When you create an account on app.lessflux.com, we collect your name, email address, password (hashed), IP address at registration, and account configuration details.

Billing and Payment Information
When you complete a subscription or token purchase, we collect the information required to issue invoices and process payments: first and last name, billing email, phone number, billing address (street, city, state or province, postal code, and country), and, when applicable, company name and VAT number. We also store invoice details, transaction identifiers, purchase history, and the IP address used during checkout. Payment card details are handled exclusively by our payment providers and are never stored by LessFlux.

Service Usage Data
We collect operational data generated when you use the dashboard or API, including login timestamps, API request logs, token consumption, connected domains, optimization history, and related usage metrics.

Technical and Diagnostic Data
To ensure proper functioning of the Services, we process technical information such as the IP address of your server during optimization requests, request metadata, and system-level details. Additional diagnostic data—such as WordPress version, PHP version, hosting environment, or a list of installed plugins or themes—is collected only if you choose to provide it for troubleshooting.

Optimization Request Metadata
When you submit media for processing, we collect metadata necessary to execute the job, including file URLs, file sizes, compression settings, job identifiers, timestamps, processing results, and any error information.

Operational Logs
Servers involved in the optimization workflow generate logs for security, performance, and debugging purposes. These logs may contain the initial file URL, your server’s IP address, compression parameters, callback URLs, timestamps, and error messages. Logs do not contain EXIF data or copies of the files. They are retained only for the minimum period necessary for operational purposes.

User Content (Images and Videos)
When you send media to the Services, LessFlux temporarily downloads and processes the files on EU-based infrastructure, stores optimized results for a short period, and deletes temporary copies once processing is complete. User Content is not used for analytics, training, advertising, or any purpose beyond providing the Services.

 

3. How We Use Personal Data

We use the personal data we collect only for purposes that are lawful, necessary, and directly related to the operation and improvement of the Services.

To Provide and Operate the Services
We process account data, optimization metadata, technical information, and User Content as required to authenticate your access, process optimization requests, deliver optimized assets, manage token usage, and maintain core functionality.

To Process Payments and Issue Invoices
Billing information is used to generate invoices, manage subscriptions, process transactions through third-party payment providers, and comply with accounting and tax requirements.

To Maintain Security and Prevent Misuse
We use operational logs, IP addresses, request metadata, and other technical data to detect errors, prevent abuse, monitor system integrity, and investigate suspicious or unauthorized activity.

To Provide Support and Communicate With You
We use the contact information you provide to respond to support requests, verify account ownership, notify you of account-related issues, and communicate updates that are required to operate or maintain the Services.

To Send Marketing Communications (Based on Your Consent)
If you choose to opt in using the marketing consent checkbox at signup, we will use your name and email address to send product updates, promotional offers, and other marketing communications. You may withdraw your consent at any time by using the unsubscribe link in the email or by contacting us.

To Improve the Services
We analyze aggregated, non-identifiable technical data—such as compression ratios, performance trends, and system usage patterns—to improve reliability and efficiency. We do not analyze, review, or otherwise use the contents of User Content for these purposes.

To Comply With Legal Obligations
Certain data may be processed to meet regulatory requirements, maintain financial records, or respond to lawful requests from authorities.

 

4. How We Process User Content (Images & Videos)

When you submit images, videos, or other media through the Plugin or API, LessFlux processes this User Content solely to provide the optimization Services. We do not use User Content for analytics, model training, marketing, or any secondary purpose.

Temporary Download and Processing
To generate optimized assets, LessFlux temporarily downloads your media from the URLs you provide and processes the files on EU-based optimization servers. These files are held only for the duration required to complete the processing task.

Temporary Storage of Optimized Files
After processing, optimized assets are stored in EU-based temporary storage for a short period (up to 24 hours) to allow your website or application to retrieve them. After this window expires, temporary storage is automatically cleared.

Deletion of Temporary Copies
Temporary copies of both original files and optimized files are deleted once processing is complete or after the temporary storage period ends. LessFlux does not archive, host, or retain User Content beyond what is technically required.

No Content-Based Analysis
LessFlux does not inspect, classify, analyze, or extract information from the contents of User Content. Our processing operations are strictly limited to technical optimization (compression, format conversion, and delivery).

User Responsibility for Rights and Permissions
You are responsible for ensuring that you have all rights and permissions necessary to submit User Content for processing and for complying with applicable laws governing that content.

 

5. Legal Bases for Processing (GDPR)

LessFlux processes personal data only when a valid legal basis under the GDPR applies. The legal bases we rely on are:

Performance of a Contract
We process account data, optimization metadata, technical information, and User Content as necessary to provide the Services you requested, authenticate your access, deliver optimized assets, manage your Account, process payments, and fulfill contractual obligations.

Legitimate Interests
We process certain data to maintain the security, stability, and performance of the Services. This includes operational logs, fraud-prevention measures, server IP addresses, system diagnostics, and aggregated technical metrics. These activities are essential to operate the platform safely and do not override your rights or freedoms.

Compliance With Legal Obligations
We process billing information, transaction details, and certain account records to comply with accounting, tax, anti-fraud, and other regulatory requirements, and to respond to lawful requests from authorities.

Consent
When you choose to opt in using the marketing consent checkbox at signup, we rely on your consent to send newsletters, product updates, promotional offers, and other marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing performed before withdrawal.

 

6. Cookies and Similar Technologies

LessFlux uses cookies and similar technologies to operate the Services, understand how the website is used, and support our marketing activities. Cookies fall into the following categories:

Essential Cookies
These cookies are required for the LessFlux application to function, including secure authentication, maintaining login sessions, and enabling core platform features. They cannot be disabled through the cookie banner.

Analytics Cookies
We use analytics tools to understand how users interact with our website and to improve performance. These cookies collect aggregated, non-identifiable usage data. Analytics cookies are used only when you choose to enable them through the cookie consent banner.

Marketing and Advertising Cookies
We may use advertising and retargeting technologies (such as pixels or tags) to measure the effectiveness of our marketing campaigns and to deliver relevant advertisements. These cookies are used only if you provide explicit consent through the cookie banner.

Your Choices
Upon your first visit, you will be shown a cookie consent banner. You may accept, reject, or customize cookie settings and can change your preferences at any time. Most browsers also allow you to manage or block cookies manually.

 

7. Subprocessors and Third-Party Providers

LessFlux uses third-party service providers to operate the Services, process optimization requests, deliver optimized assets, and support billing, security, and infrastructure needs. These providers may act as subprocessors when they handle personal data on our behalf.

We limit subprocessors to what is strictly necessary for providing the Services and require all of them to implement appropriate technical and organizational measures to protect personal data. Whenever possible, we use providers located within the European Union.

Infrastructure and Processing Providers
We use cloud and infrastructure services to operate the LessFlux dashboard, run background processes, store temporary optimization results, and deliver assets. These providers may process technical metadata, operational logs, or temporary copies of media files as required for the functionality of the Services.

Billing and Payment Providers
Payments and billing operations are handled through external payment processors, which process payment details, transaction metadata, and invoice information. LessFlux does not store payment card details.

Analytics and Marketing Providers
When you consent to the use of analytics or marketing cookies, certain third-party providers may process pseudonymous identifiers or usage information to help us measure website performance and marketing effectiveness.

Content Delivery Providers
Optimized assets may be distributed through a global content delivery network (CDN). CDN routing may involve temporary caching of assets to provide fast delivery.

Subprocessor List
A current list of active subprocessors is available upon request by contacting [email protected]. We update this list as our infrastructure evolves and may notify users in advance when required by applicable data protection laws.

 

8. Data Retention

We retain personal data only for as long as necessary to provide the Services, meet legal requirements, resolve disputes, and maintain security. Retention periods vary depending on the type of data and its purpose.

Account Information
We retain account data—including your name, email, and account configuration—while your Account remains active. If you request Account deletion, this data is removed unless retention is required by law.

Billing and Payment Information
Invoices, transaction records, and related billing information are retained as required by Romanian accounting and tax regulations. This generally requires storing such data for a minimum of 5 years.

Service Usage Data
Usage logs related to API calls, optimization actions, login records, and token consumption are retained only for the period necessary to ensure service integrity and to support debugging and security processes.

Operational Logs
Logs generated by optimization and infrastructure servers—including URLs, processing parameters, IP addresses, timestamps, and error details—are retained for a limited period (typically up to 30 days) strictly for security, performance monitoring, and troubleshooting.

Temporary Storage of User Content
Temporary copies of optimized files are stored in EU-based temporary storage for up to 24 hours to allow your system to retrieve them. After this period, temporary storage is automatically cleared.

Diagnostic Information
Any diagnostic data you voluntarily provide during support interactions—such as WordPress version, plugin information, or hosting details—is retained only for as long as needed to resolve your issue.

When retention is no longer necessary, data is securely deleted or anonymized.

 

9. International Data Transfers

Whenever possible, LessFlux processes and stores personal data within the European Union. Optimization servers, temporary storage, and operational logs are hosted on EU-based infrastructure.

Media Processing and Temporary Storage
User Content submitted for optimization is processed and temporarily stored exclusively on servers located in the European Union. No User Content is transferred outside the EU during the optimization workflow.

Dashboard and Account Data
Account information, billing details, and platform usage data are stored on EU-based infrastructure unless otherwise required by external payment processors or communication providers. Any such providers implement appropriate safeguards under GDPR, including Standard Contractual Clauses where applicable.

Content Delivery Network (CDN)
Optimized assets delivered through our CDN may be cached in geographically distributed locations outside the EU. This caching is necessary for global performance and occurs only when your users access content from those regions. CDN caches hold only the optimized assets and limited technical metadata required for delivery.

Safeguards
Where personal data is transferred or accessed outside the EU—such as through global CDN caching or international service providers—we rely on GDPR-approved safeguards, including Standard Contractual Clauses, strict contractual controls, and technical measures designed to limit access.

LessFlux does not intentionally transfer personal data to countries lacking adequate protection unless such transfers are required for service functionality and appropriate safeguards are in place.

 

10. How We Protect Your Data

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. While no system can guarantee absolute security, we maintain controls designed to safeguard data throughout our infrastructure.

Encryption
Data transmitted between your systems and our Services is protected using industry-standard encryption (HTTPS/TLS). Temporary storage and internal communication channels also rely on secure protocols.

Access Controls
Access to personal data is restricted to authorized personnel who require it to operate, maintain, or support the Services. Access is role-based and monitored.

Infrastructure Security
Our servers, databases, and processing environments are hosted on secure EU-based infrastructure with protections including network segmentation, firewalls, intrusion detection, and regular maintenance.

Data Minimization
We limit the personal data we collect to what is strictly necessary. User Content is stored only temporarily, and operational logs are retained for a limited period.

Monitoring and Logging
We use monitoring tools and operational logs to detect unusual activity, prevent abuse, and ensure system integrity.

Subprocessor Controls
We require all subprocessors that handle personal data on our behalf to maintain appropriate security measures and to process data only as instructed.

Although we take steps to secure the Services, no method of transmission or storage is completely secure. You are responsible for maintaining the security of your own systems, credentials, and content.

 

11. Your GDPR Rights

If you are located in the European Union or the European Economic Area, you have certain rights regarding your personal data under the GDPR. These rights apply depending on whether LessFlux acts as a Data Controller (for account, billing, and usage data) or a Data Processor (for User Content you submit for optimization).

You may exercise your rights at any time by contacting [email protected].

Right of Access
You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

Right to Rectification
You may request correction of inaccurate or incomplete personal data.

Right to Erasure
You may request deletion of your personal data where processing is no longer necessary, where you withdraw consent, or where processing is unlawful. This does not apply to data we must retain for legal or accounting purposes.

Right to Restriction of Processing
You may request that we limit the processing of your personal data in certain situations—for example, while we verify the accuracy of data you contest.

Right to Data Portability
Where processing is based on your consent or on a contract, you may request your personal data in a structured, commonly used, machine-readable format.

Right to Object
You may object to processing based on legitimate interests, including profiling related to those interests. If we cannot demonstrate compelling legitimate grounds, we will stop the processing.

Right to Withdraw Consent
If you have opted in to receive marketing communications, you may withdraw your consent at any time by using the unsubscribe link in any marketing email or by contacting us. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint
You may file a complaint with your local data protection authority. In Romania, the supervisory authority is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
https://www.dataprotection.ro

We encourage you to contact us first so we can address your concerns directly.

 

12. Children’s Data

The Services are not intended for use by children under the age of 18. We do not knowingly collect or process personal data from children.

If we become aware that personal data has been collected from a child under 18 without appropriate consent, we will delete the data and, if applicable, close the associated Account.

If you believe that a child has provided personal data to LessFlux, please contact us at [email protected].

 

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. When changes are made, we will update the “Last Updated” date at the top of the document.

If a change materially affects your rights or how we process your personal data, we will notify you by email using the address associated with your Account. Continued use of the Services after the effective date of the updated Policy constitutes acceptance of the changes.

If you do not agree with the updated Privacy Policy, you may stop using the Services and request Account deletion.

 

14. Contact Information

If you have questions about this Privacy Policy or how we process personal data, you may contact us at:

LessFlux S.R.L.
Strada Petunilor Nr. 14
Sat Preajba, Comuna Malu Mare
Județ Dolj, Romania
CUI: 52902421
Email: [email protected]