Privacy Policy
The complete policy.
Last updated July 9, 2026. Looking for the short version? Read the plain-language summary.
This Privacy Policy explains how PracticeFlux LLC, a Wisconsin limited liability company ("PracticeFlux," "we," "us," "our"), collects, uses, and discloses information when you visit our marketing website at practiceflux.ai, sign up for a trial, subscribe to our services, or otherwise interact with us (collectively, the "Services").
If you are a paying customer ("Client"), your use of the Services is also governed by our Service Agreement. Where the Service Agreement and this Privacy Policy address the same topic, the Service Agreement controls for Clients.
At a Glance
The full policy is below. The headline points:
- AI processing. When you use our admin interface, your editing prompts and the surrounding site content are sent to Anthropic, PBC (Claude API) so we can interpret and apply your edits. See Section 5.
- No PHI. We do not collect Protected Health Information. PracticeFlux is not a HIPAA Covered Entity and is not a HIPAA Business Associate. See Section 3.4 and Section 9 of our Service Agreement.
- No sale or sharing of personal information. We do not sell personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws. See Section 10.
- Privacy-focused analytics on the marketing site. Visitor analytics on
practiceflux.aiuse a single first-party cookie — no advertising cookies and no cross-site tracking. For visitors in the EEA, UK, and Switzerland, analytics run cookieless. See Section 7. - Where we are. PracticeFlux LLC is based in Milwaukee, Wisconsin. All data processing happens in the United States.
1. Who We Are
PracticeFlux LLC is a Wisconsin LLC operating a software-as-a-service platform that builds and hosts custom websites for chiropractic practices, with an AI-assisted editing interface.
Contact:
- Email:
privacy@practiceflux.ai - Phone: (414) 454-9039
- Mail: PracticeFlux LLC, 3116 S Kinnickinnic Ave, Milwaukee, WI 53207
2. What This Policy Covers
This Policy covers information we collect through:
- The marketing website at
practiceflux.ai - The admin platform at
app.practiceflux.ai - Demo and trial sites we operate (e.g.,
demo.practiceflux.ai,trial.practiceflux.ai) - Email and other direct communications with us
What this Policy does not cover: Client-owned websites we host on Client's behalf (for example, a chiropractic practice's public website hosted on our infrastructure) have their own privacy practices set by the Client. The Client is responsible for the privacy policy on the Client's own site. We process visitor data on those sites only on the Client's behalf and as described in the Client's privacy policy.
3. Information We Collect
3.1 Information You Provide
- Contact and account information: name, email address, practice name, phone number, mailing address, billing contact.
- Account credentials: username and a one-way hash of your password. We never store passwords in readable form.
- Billing information: processed by Stripe. We do not store credit card numbers; we receive a billing token and the last four digits.
- Content you submit: content you upload, type, or generate through the platform, including site copy, images, branding, contact-form configurations, and your prompts to the AI editor and the AI's responses.
- Communications: support emails, sales inquiries, and any messages you send us.
3.2 Information Collected Automatically
- Usage data: pages visited, features used, edits made, timestamps, referring URLs.
- Device and connection data: IP address, browser type and version, operating system, device identifiers, language preference.
- Cookies and similar technologies: see Section 7.
3.3 Information From Third Parties
- Analytics providers: aggregated usage statistics about visitors to
practiceflux.ai. - Payment processor: Stripe provides us with transaction status, last-four card digits, and billing country.
3.4 What We Do Not Collect
- We do not knowingly collect Protected Health Information (PHI). Our Service Agreement prohibits Clients from transmitting PHI through the platform. We are not a HIPAA Covered Entity and not a HIPAA Business Associate. See Section 9 of our Service Agreement for details.
- We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us at
privacy@practiceflux.aiand we will delete it.
4. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Services
- Process payments and manage subscriptions
- Build, host, and serve your website
- Process your AI editing requests (see Section 5)
- Authenticate you and protect your account
- Respond to support requests and communicate with you
- Send service-related emails (billing, security alerts, platform updates)
- Send marketing emails (only to people who opted in; you can unsubscribe at any time)
- Improve the platform, fix bugs, and develop new features
- Monitor for, investigate, and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.
5. AI Processing
When you use the AI editing interface in the admin platform:
- Your prompt, relevant portions of your site content, and the surrounding context are transmitted to Anthropic, PBC ("Anthropic") through Anthropic's Claude API. Anthropic processes the request and returns a response, which we apply to your site.
- Anthropic's handling of this data is governed by Anthropic's terms and privacy practices. PracticeFlux does not control Anthropic's data handling.
- We retain a copy of your AI prompts and responses ("AI edit history") for debugging, version history, and support purposes.
- You agree not to include Protected Health Information or other regulated data in AI prompts. See Service Agreement Section 9.
6. How We Share Information
We share information only as described below.
6.1 Service Providers (Subprocessors)
We share information with vendors that help us operate the Services. Each is contractually required to handle data only for the purposes we authorize.
| Provider | Purpose | Data shared |
|---|---|---|
| DigitalOcean | Server hosting | All hosted data and server logs |
| Stripe | Payment processing | Billing contact, payment method, transaction data |
| Anthropic | AI editing | AI prompts and surrounding content context |
| Resend | Transactional and marketing email | Email address, message contents |
| Cloudflare | DNS management | Domain configuration; no user content |
| Google Workspace | PracticeFlux's own email | Inbound and outbound email content |
We will give Clients at least 30 days' notice before adding a material new subprocessor (Service Agreement Section 10).
6.2 Legal and Safety Disclosures
We may disclose information when we believe in good faith it is required to:
- Comply with a law, regulation, court order, or other legal process
- Enforce our Service Agreement, this Privacy Policy, or other agreements
- Detect, prevent, or address fraud, security, or technical issues
- Protect the rights, property, or safety of PracticeFlux, our Clients, or others
6.3 Business Transfers
If PracticeFlux is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before any transfer that makes your information subject to a different privacy policy.
6.4 With Your Consent
We may share information for any other purpose with your consent.
7. Cookies and Similar Technologies
We use cookies and similar technologies as follows.
- Essential cookies (admin platform only): session authentication, CSRF protection, security. These are set when you log into
app.practiceflux.aiand cannot be disabled without breaking the platform. - Preference cookies (admin platform only): remembering your settings (e.g., admin-panel preferences).
Marketing site analytics. We use Google Analytics 4 (measurement ID G-KPDPNCNBTN) on practiceflux.ai in a privacy-focused configuration:
- The analytics script (
gtag.js) is not loaded until a visitor interacts with the page (scroll, touch, mouse movement, keypress, or click). - For visitors in the United States and other regions outside the EEA, UK, and Switzerland, GA4 sets a first-party analytics cookie (e.g.,
_ga) used solely to count visits and distinguish returning visitors from new ones. It is not used for advertising. - For visitors in the EEA, UK, and Switzerland, analytics storage defaults to "denied" and no analytics cookies are written to your device.
- Ad storage, ad user data, and ad personalization are set to "denied" for all visitors everywhere.
- IP addresses are anonymized before storage.
- Google Signals and advertising personalization are disabled.
GA4 receives basic page-view information (URL visited, referring URL, anonymized IP, browser type). We use it only to understand which pages people visit and how they found the site.
We do not use advertising cookies or cross-site tracking on practiceflux.ai. Most browsers let you reject or delete cookies through their settings.
Do Not Track: Some browsers send a "Do Not Track" signal. We do not currently respond to those signals because there is no industry consensus on how to interpret them.
8. Data Retention
- Account data: retained while your account is active and for up to 90 days after termination, then deleted or anonymized, except where longer retention is required by law.
- Billing records: retained for at least 7 years to comply with U.S. tax law.
- Site backups: up to 30 versioned backups per site, retained on a rolling basis while your subscription is active. Backups are deleted within 30 days of termination unless you request an export under Service Agreement Section 4. These backups are what enables restoring prior versions of your site.
- AI edit history (prompts and responses): retained for 90 days, then automatically deleted. This is separate from the site backups above. You may request earlier deletion at any time by emailing
privacy@practiceflux.ai. - Server logs: retained for up to 90 days.
- Support emails: retained for up to 3 years.
9. Data Security
We use commercially reasonable administrative, technical, and physical safeguards to protect your information, including:
- TLS encryption for data in transit
- Hashed passwords (never stored in readable form)
- Restricted server access, firewalls, and automated intrusion blocking
- Routine security patching
- Versioned backups with restore capability
No system is perfectly secure. We cannot guarantee that unauthorized parties will never gain access. You are responsible for keeping your account credentials confidential and notifying us promptly at security@practiceflux.ai of any suspected unauthorized access.
10. Your Rights and Choices
Depending on where you live, you may have the following rights:
- Access: request a copy of the personal information we hold about you.
- Correction: ask us to correct inaccurate information.
- Deletion: ask us to delete your information, subject to limitations (e.g., we may retain billing records as required by law).
- Portability: request your information in a portable format.
- Withdraw consent: withdraw consent we relied on to process your information; this does not affect prior lawful processing.
- Opt out of marketing: unsubscribe from marketing emails using the link in any such email.
To exercise these rights, email privacy@practiceflux.ai. We will respond within the period required by applicable law (typically 30–45 days).
10.1 California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), including the right to:
- Know what categories of personal information we collect and the purposes of collection
- Know whether we sell or share personal information (we do not)
- Request deletion of personal information
- Correct inaccurate personal information
- Limit the use of "sensitive personal information"
- Not be discriminated against for exercising these rights
We do not "sell" personal information within the meaning of CCPA/CPRA. We do not "share" personal information for cross-context behavioral advertising within the meaning of CCPA/CPRA. The subprocessors we use (listed in Section 6) process data only on our behalf and under contractual terms that prohibit their use of that data for their own commercial purposes, including AI model training. To exercise your CCPA/CPRA rights, email privacy@practiceflux.ai.
10.2 Other U.S. State Privacy Laws
If you are a resident of Virginia, Colorado, Connecticut, Utah, or another U.S. state with comprehensive privacy laws, you have substantially similar rights. Email privacy@practiceflux.ai to exercise them.
11. International Users
PracticeFlux operates in the United States and our infrastructure is located in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S., which may have data protection laws different from your country.
We do not currently market the Services to residents of the European Economic Area, United Kingdom, or other GDPR-equivalent jurisdictions, and we do not offer the Services in languages other than English.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify Clients by email and post a prominent notice on the marketing site at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
Questions, requests, or complaints:
- Email:
privacy@practiceflux.ai - Security issues:
security@practiceflux.ai - Phone: (414) 454-9039
- Mail: PracticeFlux LLC, 3116 S Kinnickinnic Ave, Milwaukee, WI 53207
If you have a concern we cannot resolve, you may contact your state attorney general or, for California residents, the California Privacy Protection Agency.