downward arrowImported LayershamburgerImported LayersRectangle 2453 Copy 10Imported Layersvideo-youtube Cloud DiagramDynamo Tool BadgeCreated using FigmaExcel Tool BadgeCreated using FigmaGrasshopper Tool BadgeCreated using FigmaRevit Tool BadgeCreated using FigmaSheets Tool BadgeCreated using FigmaRhino Tool BadgeCreated using FigmaSketchUp Tool BadgeCreated using Figma

Security Policy

Flux Data Security and Reliability

Last updated: May 5, 2016

Flux helps the AEC industry collaborate and exchange information between software tools and users. Essential to that role is securing and managing the transfer and storage of data. Flux takes these responsibilities very seriously. Below we go over our policies and practices regarding the security, ownership and control of your data.

What we mean by ‘Data’

“Your Data” means (i) your email address(es) and password (“Personal Data”) and (ii) the design values (e.g. tables, geometry, BIM data, etc.) and metadata stored under your project data table, as well as the definition of the flow associated with each of your projects (“Project Data”). Your Data does not include any posts on community.flux.io or other information that is not intended to be private or confidential.

Data Security

The first part of data security at Flux begins when you try to send data to us. We require users to authenticate themselves and establish a secure, encrypted connection in order to send data to Flux.

Flux web services are protected by industry standard firewalls, which limit non-essential connections/communications with devices outside of Flux’s secure network. Our services are hosted using Google’s cloud services. All user data is stored inside Google’s physically secure data centers and is encrypted at rest. This means that it is stored on disk in the datacenter in encrypted form only. Stored data can only be decrypted by software authorized by Flux; loss, theft, or other compromise of the disk hardware will not result in exposure of your data.

Technical details:

  • All connections between Flux servers and users are secured with TLS encryption
  • We protect authentication tokens from other, potentially malicious websites.
  • We enforce HTTP Strict Transport Security and take measures to prevent Cross-site Scripting attacks
  • Data on disk is encrypted using 256-bit AES encryption

Data Reliability & Control

As between Flux and you, you own and maintain control of your Project Data that you send to or generate within Flux. Project Data are private by default. Project owners can share their Project Data with other Flux users by inviting them to join their project. Project owners can also choose to share Project Data publicly. In both sharing scenarios, the owner of the project can revoke access, although Project Data that has been shared cannot be retracted.

All Project Data on Flux are backed up multiple times per day, and we maintain a trail of backups for approximately one year. This minimizes the likelihood that Project Data will be accidentally lost. Backups are replicated across multiple, geographically dispersed data centers.

In general, Flux personnel are prohibited from viewing your Project Data without your permission, except that Flux personnel may access your Project Data as reasonably necessary to support, maintain and troubleshoot its systems. If we access your Project Data for these purposes, we will not further disclose your Project Data and will not use it for any other purposes.

Additionally, Flux may aggregate the metadata included in Project Data. (Metadata is limited to format, type and similar information describing your design data but will not include your design data itself or any part thereof. Aggregated metadata are metadata from numerous projects that are combined in a way that does not allow such aggregated metadata to be associated with any specific project, design or user.) Without limiting your ownership and control of your Project Data, including any metadata that can be associated with your designs, projects or you, Flux owns all rights in and to any aggregate metadata that it generates and may use and disclose such aggregate metadata for any purpose, in its sole discretion.

If you require a full or partial export of your Project Data stored in Flux, we will make reasonable efforts to help you. Please email help@flux.io with any request for such services. Flux’s standard applicable terms and conditions (including with respect to fees) will apply.

Privacy

Our security policy describes how we collect, use, and disclose your Personal Data when you use our websites, plugins, and service.

Account Security

An important part of maintaining the security of Your Data is being able to authenticate your identity when you access it. We identify you by your email address, which you are required to verify upon signup. You then set a password to protect your account. We never store passwords on client computers or inside plugins.

If you ever decide to delete an account that you own by yourself, backups that contain your Project Data will be expired and deleted over the course of the next year. However, Project Data that you expressly shared with others may continue to be available to them, so as to not disrupt their usage of the service, until such time as you terminate their access. Also, if you own a Project with other co-owners, then the Project Data will not be deleted unless all of the co-owners request such deletion.

Technical details:

  • Passwords are securely salted and hashed in accordance with industry best practices.
  • We never store passwords in plain text
  • Authentication tokens expire 30 days after issuance

Monitoring

We make reasonable efforts to monitor our servers 24/7, looking out for any incursion. We will make reasonable efforts to notify you of and respond promptly to any significant unauthorized use or disclosure of Your Data.

What you can do

Despite all of our efforts described above, we will never be able to absolutely guarantee the security of Your Data. You should always take every precaution available to help protect access to your account and ensure the security of Your Data. Here are some suggested best practices for helping to keep your account secure:

  • Use a strong, secure password for your account.
  • Don’t reuse passwords from other sites.
  • Don’t share your password with others, including Flux staff. Flux staff will never ask for your password.
  • Avoid accessing Flux from any computer that is not administered by you or someone you trust.
  • When accessing Flux from shared computers, be sure you logout when done.
  • Only install plugins digitally signed by “Flux Factory, Inc.”
  • Report security issues/questions. If you have a question, or think you’ve found a problem, please report it to us by emailing security@flux.io

Flux will not be responsible for loss, damage, corruption, theft or unauthorized access of or to Your Data that occurs despite Flux’s precautions described above.