Is Fluxora actually free?

Yes. The Free tier is the full self-hosted server, every client app, LAN streaming, and TMDB metadata. Free forever, no credit card.

Do I need to be on the same Wi-Fi as my server?

Only for the Free tier. Plus, Pro, and Ultimate use WebRTC to stream from your home server to wherever you are — no port-forwarding, no VPN, no public IP needed.

What media formats are supported?

Common video (MP4, MKV, MOV, AVI), audio (MP3, FLAC, AAC, WAV), and documents (PDF, EPUB, CBZ). FFmpeg transcoding handles the rest.

Where is my data stored?

Entirely on your hardware. Fluxora has no cloud accounts and never uploads your media anywhere.

What operating systems does the Fluxora server run on?

Windows 10 or later, macOS 12 or later, and modern Linux distributions. The server ships as a single signed executable — no Docker, no separate database, no extra runtimes to install.

Does Fluxora support hardware-accelerated transcoding?

Yes (Pro tier and up). The server probes for NVIDIA NVENC, Intel Quick Sync, and AMD VCN on first launch and lets you reorder the encoder fallback chain. Free / Plus tiers use software transcoding only.

How is Fluxora different from Plex or Jellyfin?

Fluxora is closer to "Plex meets Syncthing" — same self-hosted streaming idea, but the LAN streaming never touches the cloud, and the WAN streaming uses WebRTC instead of port-forwarding. Versus Jellyfin, Fluxora is closed-source with a paid tier model; the Free tier is genuinely free, not a trial.

Does Fluxora collect telemetry or analytics?

No silent phone-home. The only outbound calls from a Free / running server are a once-per-30-day licence-tier refresh against Firebase. No playback history, no library contents, no device counts. Operators can verify with Wireshark.

Can I stream to my mobile when I am not home?

Yes, on Plus tier and up. The mobile app discovers your home server via Firebase and connects via WebRTC, switching transparently between LAN (direct, fast) and Internet (relayed via STUN / TURN) without re-pairing.

Is Fluxora open source?

No — Fluxora went closed-source on 20 May 2026 to fund development sustainably. There is a public showcase repository at github.com/Marshal-GG so you can read the architecture and skim representative code, but production builds and the full source are not published. The Free tier remains free.

Privacy Policy

Effective 6 May 2026

Fluxora is a self-hosted media streaming product. Most of what people call "user data" in a typical SaaS context — your media files, library index, watch history, paired-device tokens, preferences — lives on hardware you own and control. None of it touches Fluxora-controlled systems. This page covers the narrow surface where data does flow through systems we control: the marketing site, the paid-tier purchase + license-delivery path (which routes through Polar), and any opt-in integrations the operator turns on.

This policy is written under and complies with the spirit of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act / CPRA, and India's Digital Personal Data Protection Act, 2023. The canonical version of this policy is the PRIVACY.md file in the GitHub repository — this rendered page mirrors it.

1. Who is responsible for your data

Maintainer / data controller: Marshalx (portfolio at marshalx.dev), individual operator, Delhi, India. GitHub @Marshal-GG.

Fluxora is not a registered legal entity. There is no Data Protection Officer — the maintainer reads every privacy email personally. For data the operator collects on their own self-hosted server: the operator is the controller of any data their paired clients send to their server. We provide the software; we are not a controller or processor of an operator's media library.

2. What data we actually collect

This list is exhaustive. If a category isn't here, we don't collect it.

2.1 Marketing site (`fluxora.marshalx.dev`)

The marketing site is a static export served by Cloudflare Pages. It runs no analytics, sets no cookies, embeds no tracking pixels, includes no third-party JavaScript beyond what Next.js statically inlines. Cloudflare may collect standard request metadata on our behalf for platform operations and DDoS protection: IP address, user-agent, timestamp, request method/path, HTTP referrer. We never see this in identifiable form. See Cloudflare's privacy policy.

We do not receive Cloudflare Analytics. We do not log IPs server-side. We do not store anything keyed to a visitor identity from this site.

2.2 Paid-tier purchases (Polar)

Plus, Pro, and Ultimate purchases are processed by Polar (Stripe-backed). Polar collects: your email, billing address (for tax compliance — GST in India, sales tax / VAT elsewhere), payment-method details, the Polar order ID, the items purchased. Card details never touch Fluxora. See Polar's privacy policy.

Polar shares back to the Fluxora webhook (post-ADR-022 / Plan 33 M4 widening): the Polar order id + Polar subscription id + Polar customer id; your email + legal name (when you provided one at checkout); the product (id + display name) and the tier it maps to; the money breakdown (pre-discount subtotal, tax amount + country, discount code + amount, currency, paid amount); invoice number + Polar's hosted invoice URL + receipt URL; payment-method snapshot (card brand + last 4 digits only — PCI-DSS allowlist; the full PAN, CVV, and expiry never reach us); billing address (line1 + line2 + city + state + postal + country, when you provided them); tax id (GSTIN / VAT-ID, if applicable); subscription state (current period start + end, cancel_at_period_end flag, cancellation reason, refund amount + timestamp, dispute status for chargeback rows); UTM attribution + the Polar checkout-link id; arbitrary operator-attached metadata.

Where we store it: cloud-side at accounts/{uid}/licenses/{license_id} in Firestore — one document per order or subscription, backed by per-uid security rules so only the account owner can read their own row. Written only by the polarWebhook Cloud Function (never from clients). A separate root collection webhook_event_log/{webhook-id} holds the full raw payload for support replay (admin-only). Local mirror on the operator's server in a SQLite purchase_history table, refreshed daily from Firestore.

What we deliberately don't store: card numbers, CVV, expiry dates, full PANs (PCI-DSS — Polar / Stripe handle these), card-issuer fingerprints beyond brand + last4.

Legacy schema retired 2026-05-22: the polar_orders SQLite table this section previously described (HMAC license keys, etc.) was dropped during the ADR-022 cutover. There are no FLUXORA-<TIER>-<EXPIRY>-<NONCE>-<SIG> keys to issue, store, deliver, or re-deliver — operators sign in via Firebase, and the tier follows the account.

Marketing emails are off by default and opt-in only. We collect a separate, explicit "marketing opt-in" consent at signup that is unchecked by default (GDPR Art. 7). If you opt in, we may send occasional release-note or product-update emails; every email carries an unsubscribe link, and opting out is as easy as opting in (CASL / CAN-SPAM). The opt-in / opt-out events themselves are recorded in the consent ledger so the audit trail proves whichever state you're in.

2.3 The self-hosted server (operator side)

This is informational — it describes data on your own hardware that we never see. The Fluxora server stores in its local SQLite database: your media library index, paired client records (HMAC-hashed bearer tokens, never plaintext), stream-session history, operator settings (server name, transcoding preferences, optional TMDB API key, optional license key), and notifications generated by your server.

None of this leaves your hardware unless you explicitly opt in. Specifically: pairing requests + token issuance never touch us; LAN streaming never touches us; WebRTC P2P streaming is between your devices and your server (we never proxy); Cloudflare Tunnel HLS segments are blocked at the public ingress so media stays LAN-only.

2.4 Third-party services your server may contact

The operator's server may contact these depending on configuration: TMDB (when an API key is set, for poster art + metadata — sends only the file's cleaned title); the operator's own Cloudflare Worker proxy for TMDB (when configured to bypass ISP-level blocks); Cloudflare DoH at 1.1.1.1/dns-query (to resolve TMDB hosts past hijacked DNS); Cloudflare CIDR-range refresh on startup. We do not insert telemetry beyond these. There is no "phone home" check.

2.5 Sentry error reporting (opt-in)

If the operator sets FLUXORA_SENTRY_DSN to their own Sentry project's DSN, unhandled exceptions on the server are sent there. Bearer tokens, license keys, file paths under ~, customer emails, and TMDB API keys are scrubbed before send. The DSN belongs to the operator. We do not run a Sentry project that aggregates everyone's errors. Off by default.

3. What we explicitly do not do

This is not boilerplate — these are the specific behaviours we've decided not to engage in:

No third-party analytics (Google Analytics, Plausible, Fathom, Amplitude, Mixpanel, Heap, Posthog, etc.) on the marketing site or the desktop / mobile clients.
No behavioural cookies on the marketing site. Polar's checkout sets its own session cookies during payment — those are scoped to polar.sh, not us.
No fingerprinting. No canvas, font, WebGL, or audio fingerprinting.
No cross-site trackers, pixels, or beacons.
No "phone home" telemetry from server, mobile, or desktop. No heartbeat, no update-check ping.
No data sales, sharing, or rentals. We have not entered any data-sharing agreement.
No advertising. No ad networks, no sponsored content.
No use of your media library content for any purpose. We have no access to it.
No marketing emails without explicit opt-in. Marketing is off by default — the opt-in checkbox at signup is unchecked, and we only send if you tick it. When opted in we may send occasional release-note + product-update emails; every email carries an unsubscribe link, and opting out is as easy as opting in. Transactional emails (invoice + receipt + account-recovery) ride a separate pipeline and don't depend on the marketing opt-in.
No machine-learning training on customer data.
No account creation requirement for the Free tier.

4. Cookies & local storage

Marketing site: zero cookies, zero localStorage / sessionStorage writes. Inspect with DevTools to confirm.

Polar checkout (third-party iframe / redirect): Polar sets its own session, fraud-detection, and post-payment redirect cookies. Scoped to polar.sh and *.stripe.com, not to fluxora.marshalx.dev. Lifecycle governed by Polar's cookie policy.

Self-hosted server: uses HMAC-SHA256-hashed bearer tokens and opaque session identifiers in flutter_secure_storage on paired clients. These are functional credentials, not tracking cookies — scoped to your server, never sent to us.

5. Data retention

Marketing site logs (Cloudflare Pages): per Cloudflare's standard retention. We do not export or aggregate.
Firestore accounts/{uid}/... tree (account + licences + servers + refresh_audit + consent_events): indefinite while the maintainer continues to operate. Deleted on request via the per-uid cascade — see §7. India GST + EU VAT MOSS may require us to retain invoice records for 8 years independently; that subset stays in webhook_event_log with PII masked.
Local purchase_history + consent_log SQLite tables on the operator's self-hosted server: indefinite while the operator runs the binary. Self-serve deletion is uninstalling the Server — the data lives on the operator's hardware, never on ours.
Polar's own customer record: per Polar's policy. They retain payment records as long as required by Indian / EU / US tax law (typically 7 years for invoicing).
Sentry error reports (if you opted in): per your project's retention setting. The maintainer has no access.

If the maintainer ever ceases to operate, the cloud-side Firestore trees scoped to each account will be deleted within 90 days. The operator's self-hosted Server continues running on its own hardware for the lifetime of the local 30-day cached tier (per EULA § 7.4); then degrades to Free tier on the next refresh cycle that fails to reach the (now-non-existent) cloud. Polar retains its records independently per its own policy.

6. Data security

Real implementations, not aspirational:

License-key signing key stored in ~/.fluxora/config.json with file-system permissions; never logged. Validation is local.
Bearer-token storage uses HMAC-SHA256 hashes only. The raw token is shown to the client once and never recoverable.
Polar webhook verification uses Standard-Webhooks signatures. Replay attacks are prevented by an idempotency table on order_id.
Admin endpoints are localhost-only; tunneled requests carrying CF-Connecting-IP are rejected even from loopback.
HLS media segments are blocked on the public Cloudflare Tunnel ingress — your media never traverses the public internet via the tunnel.
Logs are scrubbed of bearer tokens, license keys, customer emails, and home-directory file paths.

Marketing site: TLS 1.2+ enforced by Cloudflare Pages, HSTS preloaded, no mixed content, no third-party JS.

Paid-tier delivery: Polar / Stripe handle all PCI-scope. Card details never touch our infrastructure.

Found a vulnerability? See SECURITY.md.

7. Your rights

These rights apply globally; the legal basis varies by jurisdiction (GDPR for EU/UK, CPRA for California, DPDP Act for India). Where the law gives you a stronger right, that one applies.

Access — get a copy of any data we hold about you. Three paths: (a) self-serve — your desktop Control Panel's Settings → Account → "Export my data" button returns a JSON bundle of every row your local Fluxora server holds (account_cache, purchase_history, consent_log, activity_events); (b) cloud-side — Polar dashboard for billing data, Firebase Console for account profile, the getDataExport Cloud Function for the Firestore tree; (c) email fallback — privacy@fluxora.marshalx.dev.
Correction — fix incorrect data (typo in email, etc.). Email privacy@fluxora.marshalx.dev; common case is updating the Firebase Auth email which cascades to downstream Polar records.
Deletion — within 30 days we delete the accounts/{uid} document tree (cascades through every per-account subcollection — licences, servers, refresh_audit, consent_events) + the Firebase Auth user + the webhook_event_log rows scoped to your customer id. Polar retains its payment record per its own policy (statutory tax + accounting requirements). Your local Fluxora server's data stays on your hardware until you uninstall — we never had access.
Portability — same JSON bundle as Access; schema documented in the API contracts.
Objection / restriction — stop or limit processing.
Withdraw consent — marketing-email opt-out via Settings → Account → Manage marketing preferences (toggles the consent ledger), or any unsubscribe link in a marketing email. Sentry opt-in (when configured) is revoked by unsetting FLUXORA_SENTRY_DSN.
Lodge a complaint — with your local DPA (EU), the ICO (UK), the Data Protection Board (India), or the CPPA (California).

Exercise rights via privacy@fluxora.marshalx.dev when self-serve isn't enough. We respond within 30 days, usually much sooner. We will not retaliate for a rights request.

8. Children's privacy

Fluxora is not directed at children under 13 (or the equivalent age of digital consent in your jurisdiction). The Free tier requires no account and no age verification, so we collect nothing from children any more than from adults; the paid-tier path inherits Polar's age requirements. If you are a parent and discover your child has purchased a paid tier on a card you control, contact us — refund and deletion guaranteed.

9. International transfers

Data flows in the paid-tier path: visitor browser → Cloudflare edge (anycast, global) → Polar checkout (US-based via Stripe) → Fluxora server (maintainer's machine in Delhi, India). EU/UK data is processed under standard contractual clauses where applicable. India: governed by the DPDP Act, 2023, with the maintainer as data fiduciary.

10. Changes to this policy

Material changes will be announced on the showcase repository at least 14 days before they take effect, and reflected by updating the "Effective" date at the top of this page. A material change adds a data category, adds a third-party processor, changes retention, or reduces your rights / our commitments. Cosmetic edits don't reset that clock.

11. Contact

Privacy rights request: privacy@fluxora.marshalx.dev
Security vulnerability: see SECURITY.md
General questions: GitHub Discussion tagged privacy
Escalation if your request was mishandled: marshalgcom@gmail.com

This policy describes Fluxora's actual data practices in plain language. It is not a legal opinion or contract drafted by counsel. If you spot something here that's wrong (a service we no longer use, a flow that's deprecated), file an issue. Privacy claims that don't match implementation are bugs; we treat them as such.