Version 1.1 — 24 November 2025
This Cookie Policy explains how SIA Fluxy One (registration No. 40203559086, “Fluxy One”, “we”, “our”, “us”) uses cookies and similar technologies on the website https://fluxy.one (“Site”) and the FLXY Digital Product Passport platform available at https://flxy.io (“Platform”).
This policy should be read together with our Privacy Policy and Terms of Service.
Regulatory Framework: This Cookie Policy complies with:
• GDPR (Regulation (EU) 2016/679)
• ePrivacy Directive (2002/58/EC, as amended)
• eIDAS Regulation (Regulation (EU) 910/2014)
• ESPR (Regulation (EU) 2024/1781) — transparency and data minimization principles
Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website. They allow websites to:
• Identify and remember your activity;
• Store preferences and authentication data;
• Understand user behavior and optimize functionality;
• Deliver targeted content and measure campaign effectiveness.
Similar technologies include:
• Web beacons (pixels) — tracking images;
• Local storage — browser storage for app data;
• Session storage — temporary browser memory;
• SDKs (software development kits) — integrated tracking libraries.
We use cookies and similar technologies to ensure platform functionality (strictly necessary cookies); authenticate users and maintain secure sessions; understand how visitors interact with our Site and Platform (analytics cookies); measure platform performance and detect technical issues; deliver marketing messages and measure their effectiveness (marketing cookies); remember your preferences (language, cookie consent choices); prevent fraud and ensure security; and comply with regulatory obligations (GDPR, ePrivacy, ESPR logging requirements).
4.1 Strictly Necessary Cookies (No consent required)
These cookies are essential for the Site and Platform to function and cannot be disabled.
Session cookie keeps you logged into the Platform and expires after logout or timeout (24 hours). This cookie is provided by Fluxy.One.
CookieConsent stores your cookie preference choices and allows us to respect your settings on return visits. Duration is 6 months and the provider is Fluxy.One.
CSRF tokens prevent cross-site request forgery attacks and protect your account security. Duration is per session and the provider is Fluxy.One.
Authentication tokens maintain secure login across platform pages. Duration is per session and the provider is Fluxy.One.
4.2 Analytics Cookies (Consent required via cookie banner)
These cookies help us understand how you use the Site and Platform, measure traffic, identify errors, and improve user experience.
_ga and ga (Google Analytics 4)* provide anonymous aggregated user behavior analysis. These cookies are retained for 14 months and are provided by Google Analytics.
session_id tracks internal platform session analytics. Duration is per session and the provider is Fluxy.One.
Legal basis: GDPR Art. 6(1)(a) — Explicit consent via cookie banner.
Your control: You can accept or reject analytics cookies via the cookie banner. Rejection does not affect platform functionality.
4.3 Marketing & A/B Testing Cookies (Consent required via cookie banner)
These cookies track email marketing effectiveness, test new features, and help us understand which content resonates with users.
_hstc and hubspotutk (HubSpot) provide marketing automation and track email opens, clicks, and form submissions. These cookies are retained for up to 13 months and are provided by HubSpot.
_skb (skarbe.com) supports A/B testing and heatmap tracking to measure user interactions for UX optimization. These cookies are retained for up to 6 months and are provided by skarbe.com.
Legal basis: GDPR Art. 6(1)(a) — Explicit consent via cookie banner.
Your control: You can reject marketing cookies via the cookie banner; this does not affect core platform access.
4.4 Third-Party Cookies
Third-party cookies are set by external service providers (Google, HubSpot, Stripe) for analytics, payment processing, and marketing purposes.
Third-party providers include: Google Analytics (analytics.google.com), HubSpot (hubspot.com), skarbe.com for A/B testing and heatmaps, and Stripe / Revolut Pay for payment processing.
Fluxy.One does not control third-party cookies. For details on their use, please consult their respective privacy policies.
5.1 Prior Consent (ePrivacy & GDPR 2025 Enforcement)
Under the ePrivacy Directive and GDPR, non-essential cookies (analytics, marketing) cannot be activated until you explicitly opt-in.
How our system works:
Strictly necessary cookies are set automatically (no consent needed). Analytics and marketing cookies are blocked until you accept via the cookie banner. You have granular consent options — you can accept analytics while rejecting marketing, or vice versa. Our cookie banner does not pre-check boxes; consent is freely given with no dark patterns.
5.2 Your Cookie Banner Options
When you visit our Site or Platform, you will see a cookie banner with the following options: Accept All (accept all non-essential cookies), Reject All (reject all non-essential cookies with only strictly necessary cookies active), or Customize (choose which cookie categories to accept).
Changing your preference: You can change your cookie preferences anytime via the cookie banner or your browser settings.
5.3 Consent Documentation & Audit Trail
Fluxy.One logs and timestamps all cookie consent decisions for compliance verification. We record what was consented to (which cookie categories), when consent was given (timestamp, date, time), how consent was given (banner interaction, explicit choice), and user IP and device information (for audit purposes).
These records are retained for 5 years in compliance with GDPR documentation requirements and ESPR logging mandates.
6.1 Via Cookie Banner
The easiest way to manage cookies is through our cookie banner on the Site and Platform. Click “Customize” or “Cookie Settings” on the banner, select which cookie categories to accept, and click “Save Preferences”. Your choice is saved and applied immediately.
6.2 Via Browser Settings
You can also manage cookies through your browser. In Chrome, go to Settings → Privacy and security → Cookies and other site data. In Firefox, go to Preferences → Privacy & Security → Cookies and Site Data. In Safari, go to Preferences → Privacy → Manage Website Data. In Edge, go to Settings → Privacy, search, and services → Clear browsing data.
Disabling cookies: Disabling cookies may affect platform functionality, including login sessions, preference storage, and some features may not work correctly. We recommend keeping strictly necessary cookies enabled.
6.3 Third-Party Cookie Controls
Some cookies are set by third parties (Google, HubSpot). You can opt out directly via Google Analytics opt-out (https://tools.google.com/dlpage/gaoptout), HubSpot privacy policy (https://legal.hubspot.com/privacy-policy), or contact skarbe.com directly for opt-out options.
Strictly necessary cookies: If you reject these, the platform will NOT work (login, security). We recommend allowing these.
Analytics cookies: If you reject these, we won’t see how you use the Platform, but core functionality remains fully operational.
Marketing cookies: If you reject these, you won’t receive personalized offers, but access to the Platform is unaffected.
Important: We do not use cookie walls. You can access and use the full Platform and Site even if you reject all non-essential cookies.
Some of our cookie providers process data outside the EU. Google Analytics processes data in the US (under Data Processing Agreement with SCCs). Stripe/Revolut may process data in the US (under eIDAS & PSD2 protocols). HubSpot processes data in the EU (Ireland) and US (under SCCs).
All international data transfers comply with GDPR Chapter V (Standard Contractual Clauses) and eIDAS 2.0 requirements.
We may update this Cookie Policy from time to time to reflect changes in applicable regulations (GDPR updates, ePrivacy Directive amendments), introduction of new cookies or third-party services, or changes to cookie retention periods or purposes.
Updates will be posted on this page with an updated “Last updated” date. For material changes, we will provide 30 days’ prior notice via banner or email.
Under ESPR Art. 8 and related EU regulations, Fluxy.One maintains detailed logs of all cookie consent interactions (timestamp, user choice, cookie categories), platform access logs (login/logout times, IP addresses, device information), data processing records (for regulatory authority access if requested), and payment transaction logs (for DPP compliance and audit purposes).
These logs are retained for 10 years as required by ESPR and are available to EU regulatory authorities upon request.
If cookies are disabled: Some interactive features may be limited, but you can still access essential content. Contact support for alternative access methods.
Cookies and special categories: We do not intentionally collect sensitive data (race, religion, health, biometric data) via cookies, except where explicitly required for regulatory compliance.
If you have questions about our use of cookies, please contact us at legal@fluxy.one or dpo@fluxy.one. You can also write to SIA Fluxy One, Rupniecības iela 16‑14B, Riga, LV‑1010, Latvia.
For data subject rights requests (access, deletion, portability): Email dpo@fluxy.one.
