Privacy Policy

Effective Date: July 1, 2020

Website Visitors

This privacy statement describes how FloQast, Inc. collects and uses the personal information you provide on our public website: www.floqast.com. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.

What Information Do We Collect?

FloQast and third parties working on our behalf collect personal information that you provide on this Website, such as through forms you choose to submit to contact us to obtain more information about or register for an event. Personal information may include, but is not limited to:

• Contact information and other identifiers (names, addresses, phone numbers, e-mail addresses, and other data you may provide us so that we can contact you).
• Internet activity information (“cookies,” web server logs, web beacons, and other electronic tools to collect statistical information about your use of this Website and other websites). For more information about how we collect and process such information, please see “Cookie Policy” below.

How Do We Use and Share Your Personal Information and Other Information?

FloQast and third parties working on our behalf use the information we have about you for internal business purposes, as well as to communicate with you, respond to your requests, enhance our services to you, compile aggregate statistics, and improve this Website. FloQast and third parties working on our behalf may also use your information to provide you with information about this Website and its services, and about FloQast. To assist us with our use and sharing of your information, information covered by this privacy policy, including information about your use of this Website, may be combined with or enhanced by other information that we have from other online or offline sources.

FloQast has a legitimate interest in using the information we collect for the purposes outlined above. Specifically, FloQast has a legitimate interest in ensuring that its website continues to function efficiently and effectively, and to enhance the functionality of its website in response to how visitors use the website and collects data to that end. When you submit contact information to receive our white papers or other communications, we use that data to fulfill your request. We also have a legitimate interest in using data about the individuals who visit this website and the companies for which they work to cultivate business relationships that may benefit FloQast. For some processing activities, such as communicating with you about opportunities to learn from or work with FloQast, we seek your consent to process that data.

We may also share your information with third parties as permitted or required by law, including: (a) with service providers that assist in operating our business; (b) to comply with the law or in response to a subpoena, court order, government request, or other legal process; (c) to produce relevant documents or information in connection with litigation, arbitration, mediation, adjudication, government or internal investigations, or other legal or administrative proceedings; (d) to protect the interests, rights, safety, or property of FloQast or others; (e) to enforce any terms of service or other legal disclosures on or related to this Website; (f) in connection with a sale or other transfer of all or some of the assets of FloQast and/or in connection with a sale or merger of FloQast or any division of FloQast; (g) to provide you with the services or products requested by you, and to perform other activities related to such services and products; (h) to operate FloQast’s systems properly; or (i) any other sharing with your consent.

We do not sell your information to third parties.

California Residents

If you are a resident of California, please review our California Privacy Notice, which explains the types of personal information we collect that are subject to the California Consumer Privacy Act (“CCPA”), as well as your rights under the CCPA.

Data Collection

We collect four different types of data: personal information provided by you, non-identifiable basic information, non-identifiable cookies, and information (name, email, phone number, company) that you choose to give us through filling out our “Contact Us” or “Free Demo” form.

We collect personal information that you provide

We collect demographic and contact information, such as your name, title, company name, phone number, e-mail address, ERP system used and country from visitors who affirmatively select to receive information about FloQast and its products and services by requesting a Demo. We use this information to provide you with information about the products and services that we provide and to send you information regarding FloQast such as newsletters, promotions, and events. If you no longer wish to receive these email communications, you may follow the unsubscribe mechanism contained in each of the emails you receive.

We collect non-identificable basic information

We collect click-stream data, HTTP protocol elements, and search terms. We use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves, and we share aggregated data with our clients. These data are non-identifiable. This means we can’t (and have no interest in trying to) identify any individual person via these data. We collect this data from analytics systems such as Google Analytics, LeadLander and Hotjar. We use this data to help improve our site and our clients’ sites.

We collect non-identificable basic information

We collect HTTP cookie data. Again, we use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves and we share aggregated data with our clients. Our cookies are non-identifiable, meaning we can’t (and don’t want to) identify you or any individual person via these data. We collect these cookie data to help improve our web site and our clients’ web sites.

What are “Cookies”?

A cookie is a piece of information sent to a browser by a web server. The browser then returns that information to the Web server. This is how some Web pages “remember” your previous visits; for example, an e-commerce site might use a cookie to remember which items you’ve placed in your online shopping cart. Cookies can also store user preference information, log-in data, etc. Cookies let sites provide you with tailored information.

FloQast uses cookies in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may run reports based on the use of these technologies by these companies on an individual as well as aggregated basis. We use cookies to improve our website and emails by seeing which areas and features are most popular, to count the number of computers accessing our website, to personalize and improve your experience, and to record your preferences. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Legal disclaimer

We reserve the right to disclose your personally identifiable information as required by law such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If FloQast is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Access to personally identifiable information

Upon request we will provide you with information about whether we hold any of your personal information. If you wish to correct, update or request the deletion of personally identifiable information provided to us you may also contact us using the information below. We will respond to your request to access within 30 days. We will retain your information for as long as you remain identified as a potential customer or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations and to resolve disputes.

Security

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at [email protected]

Log Files

As is true of most websites, we use a third-party tracking-utility partner to gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends and to help us improve your experience on our website.

Testimonials

We post customer testimonials on our website which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to request the removal of your testimonial, you may do so by contacting us at [email protected]

Changes to this policy

We may update this privacy statement to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact us

You may direct questions regarding our website privacy policy to [email protected] or by telephone at (818) 647-1168 or via postal mail at 14721 Califa St, Los Angeles, CA 91411 USA.

California privacy notice

Effective Date: July 1, 2020

This California Privacy Notice (“Notice”) is for California residents and supplements our online privacy policy. It explains how we collect, use, and share your Personal Information and how to exercise your rights under the California Consumer Privacy Act (“CCPA”). As with our Main Online Privacy Policy, this Notice applies only to personal information collected via this website (www.floqast.com).

Note that when we say “Personal Information” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

How we collect, use, and share Personal Information

Here is a summary of the CCPA-related categories of Personal Information we may have collected about in the 12 months preceding the effective date of this notice, depending how you use our website or the Service, as well as the purpose for which any of this Personal Information may have been collected and with whom we may have shared any of it.

Categories of Personal Information we may have collected about you:

• Identifiers, which may include name, address, phone number, and e-mail address;
• Internet activity information, which may include cookies, web server logs, web beacons, and other website tracking information or user activity;
• Professional or employment-related information, which may include occupation, title, and employer information, if you choose to provide it;
• Demographic and ethnicity information, which may include preferred gender pronouns, country, and preferred language, if you choose to provide it.

The business purpose for which we may have collected your Personal Information include:

• Communicating with you;
• Responding to your requests;
• Marketing purposes;
• Enhancing our services;
• Enhancing the functionality of our website;
• Promoting systems and data security;
• Monitoring compliance with applicable non-discrimination laws; and
• Performing other business purposes.

Parties with whom your information may have been shared include:

• Third parties and service providers that perform services on our behalf; or
• Law enforcement or other third parties in connection with legal requests or as required by law.

Sources of Personal Information

The categories of sources from which we collect or receive Personal Information include: you, your device(s), third parties or services providers that provide Service to you or perform services for us on our behalf, and publicly available sources.

How you can exercise your rights provided under the CCPA

Under the CCPA, you have the following rights if you are a resident of California:

• Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices;
• Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
  To exercise your “right to know” or your “right to request deletion,” please contact us at [email protected] or (818) 647-1168.

Please note that to protect the integrity of our services and to protect your privacy interests, we will need to verify your identity before processing your request. We may need additional information to verify your identity and that your state of residence is California, if you choose to provide it. This could include: a driver’s license, permit, utility bill, magazine, subscription stub, mail, school ID card, or school record.

Under the CCPA, you may exercise these rights yourself or you may designate an authorized to make these requests on your behalf. If you choose to have an authorized agent act on your behalf, we may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.

Certain exceptions under the CCPA

As alluded to above, certain types of Personal Information are exempt from certain requirements of the CCPA. This includes:

• Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (and implementing regulations), or pursuant to the California Financial Information Privacy Act;
• Medical information governed by the Confidentiality of Medical Information Act or protected health information that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules issued pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended;
• Personal information collected from a job applicant, employee, owner, director, staff member, officer, or contractor when the information is used in the context of the person’s role as a job applicant, employee, owner, director, staff member, officer, or contractor; and
• Personal information about an employee, owner, director, officer, or contractor of another business that is collected in connection with providing or receiving a product or service to or from the other business.

Covered businesses have limited obligations or in some cases no obligations, under the CCPA with regard to these types of personal information.

FloQast Services Privacy Policy

Effective Date: July 1, 2020

This policy describes how FloQast, Inc. collects and handles personal information that customers provide through or in conjunction with the FloQast Services that link to this policy (“FloQast Services”). It also describes your choices regarding use, access and correction of your personal information.

This policy refers to FloQast, Inc. as “we,” “us” and “our.” References to “you” and “your” are to the owners of the data input into the FloQast Services. This generally is our customers, the companies and organizations that have subscribed to the FloQast Services, and their licensed users. If you are an individual license user whose data is provided to us, controlled by a customer of ours and input into the FloQast Services by such customer, please direct your privacy-related inquiries to the company or organization that has subscribed to the FloQast Services, as more fully described in “Data Access and Choice” below.

Information Provided by You

You provide us with several kinds of information: Customer Data, Administrative and Personal Data and Billing Data.

Customer Data is the information submitted into the FloQast Services when you use the FloQast Services or when you receive customer support. This includes accounting Customer details such as Customer name, address, fiscal year-end and ERP used, Customer accounting details provided pursuant to the provision of the FloQast Services, as well as information derived by the operation of the FloQast Services from such submissions, such as reports and checklists. Customer Data may be submitted directly by you.

The FloQast Services are designed to centralize aspects of Customer financial and accounting practices. As part of this functionality, our software interacts with several Storage Provider platforms, Google Drive, OneDrive, Box, Dropbox, and Egnyte. In order to facilitate communication between each integration, our software makes use of the OAuth 2.0 protocol in order to interact with each subsequent storage provider on behalf of the user. FloQast never has access to user passwords during the OAuth process and is only able to access resources each user has given FloQast explicit permission to access. Storage Provider data we collect includes an access token and refresh token obtained on behalf of the user from the OAuth process, storage provider-specific folder and file identifier, storage provider file data, and a storage provider-specific user identifier.

In order to centralize financial and accounting practices, the FloQast services interact with General Ledger platforms, Netsuite and Intacct. The FloQast Services use OAuth 1.0 as well as credential-based authentication in order to interact with Netsuite or Intacct. General Ledger data we collect includes an access token obtained from the OAuth process used to interact with authorized APIs within the General Ledger provider, credential sets provided by the Customer used to interact with authorized APIs within the General Ledger provider, and high-level accounting details as explicitly provided by the Customer for the provision of the FloQast Services.

Our system processes Customer Data strictly on your behalf in order to provide you the FloQast Services and perform our contractual obligations to you. We restrict our employees’ access to Customer Data to (1) support, client services and technical staff, who with your consent may have access to your Customer Data to provide customer support, technical troubleshooting and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data to provide you the FloQast Services and to address customer support requests and technical problems.

Our servers automatically record certain information about how a person uses the FloQast Services (we refer to this information as “Log Data”), including both site visitors and users of the FloQast software (either, a “User”). Log Data we collect includes the User’s IP Address, browser User agent, operating system, the web page a user was visiting before accessing our services, pages or features within the FloQast Services to which a User browsed and links within the FloQast Services in which a user clicked on.

Administrative and Personal Data is information you provide during set-up, purchase or administration of the FloQast Services. This includes Customer name, Customer business address, email and phone number, and individual users’ names, emails, phone numbers, IP addresses, account credentials and professional title to the extent this information is provided by Customer.

We collect, store and use Administrative and Personal Data to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative and Personal Data to provide the FloQast Services to you, administrate your account, provide customer support and professional services, keep a records of our dealings with you, notify you of new product offerings and of changes, updates and availability of the FloQast Services, understand your experience using the FloQast Services (for example, by sending you surveys), conduct research, improve the FloQast Services, plan and host events, contact you with marketing communications, and identify and prevent fraud.

Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe for, renew or expand the FloQast Services. This includes name, billing address, credit card information, credit references and other financial data.

We use Billing Data for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.

Information Collected by Us

In relation to the use of the FloQast Services, we collect the following information for our legitimate business purposes: Our product uses cookies and similar technologies. Cookies are small data files that websites associate with visitors to facilitate the proper, efficient or secure operation of the website. The FloQast services use the following types of cookies:

In addition, we use Pendo.io for certain pages on our product website. This tool helps us understand how often users visit our product website and what pages they visit. We use this information to analyze how our website is used and for website and product development and improvement. You can opt out of Pendo.io by disabling cookies on your browser.

IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the FloQast Services. We use IP addresses for added security of the FloQast Services and to optimize the performance of the FloQast Services. A security feature of the FloQast Services allows a client’s administrator to review the list of IP addresses from which the client’s FloQast account has been accessed. We do not provide an opt-out option for IP addresses.

Statistical Data: When you use the FloQast Services, we may collect statistical information (metadata), such as server log files, usage patterns and frequency. Such statistical information does not include Customer Data. We may use this statistical information for product improvement.

Data Retention

We retain Customer Data for the duration of your subscription to the FloQast Services. After your subscription expires, we retain Customer Data for at least 30 days and may store it for up to an additional 30 days, unless Customer specifically requests immediate return or deletion of such Customer Data. Customer Data may be retained beyond that period in data backups, which may be stored for up to 1 year. Customer Data is deleted using secure deletion methods including digital shredding of encryption keys and hardware destruction in accordance with relevant guidelines. We retain Customer Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We keep Administrative or Personal Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes.

Please, refer to the table above for information on cookie expiration. We currently do not delete IP addresses, Statistical Data and Anonymous Data.

Disclosure of Information

We will disclose your data to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.

• We may contract with other companies to provide services or functionality on our behalf. If we do so, we may share Customer Data and/or Administrative and Personal Data with such providers to the extent necessary for their engagement. In such cases, we will require such providers to maintain the confidentiality of your information and to use it only for the purposes of their engagement by us. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and our agreements with you.
• We store encrypted copies of our database backups in facilities provided by Amazon Web Services and MongoDB. These third parties do not have the right to access such data.
• Anonymous Data does not identify you or your users and, therefore, we may disclose it to third parties as appropriate to support our business needs.

We also may disclose your information if we believe in good faith that it is necessary to (1) respond to a subpoena or request by government authorities or comply with any law, regulation, legal process, administrative or other government proceeding, (2) protect against misuse or unauthorized use of the FloQast Services, (3) prevent or address fraud; (4) enforce our rights, policies and agreements or defend ourselves in legal or government proceedings; or (5) protect our rights, property or safety, or those of third parties.

Unless we are prohibited by law, we will attempt to notify you of any request to disclose your Customer Data to the authorities or any other party and, where appropriate, refer such requests directly to you.
We may transfer some or all of our assets, including data, in connection with a merger, acquisition, or sale of

assets, or if we dissolve, reorganize our business, or cease operating as a going concern (for example, in the event of bankruptcy).

Information Security

• We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of your Customer Data that are consistent with industry standards. Our data security measures include (but are not limited to):
• Integration of application security into the agile product development lifecycle with both manual and automated controls to address static testing and dynamic code analysis;
• Regular internal and external penetration testing against both our application and associated supporting infrastructure;
• Intrusion detection systems monitoring both network and hosts;
• Data encryption in transit to and from us;
• Hashing/salting of passwords;
• Physical security measures;
• Multiple levels of backup data protection;
• Fully redundant backup data center capability and failover recovery covered by our SLA;
• SSAE16 SOC1 Type II externally audited at least once per year by a third-party Report on Compliance;
• Mandatory FloQast-internal security controls, including: multi-factor authentication; password complexity; protocols to prevent brute-force authentication attempts.

Information Location and Transfers

We store Customer Data, Administrative and Personal Data and Billing Data in the United States. In some cases, storage of information may be based on the European Commission’s Standard Model Clauses for transfers of personal data outside the European Economic Area (EEA).

Data Access and Choice

We are a data processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all privacy laws and regulations applicable to you as a user of the FloQast Service and controller of your own Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to you, our customer (the data controller). If requested to remove the data, we will respond to the individual within reasonable timeframe and direct the request to our customer.

Upon request we will provide you with information about whether we hold any of your personal information in Administrative and Personal Data or Billing Data. If you want to edit and/or change any Administrative or Personal Data or Billing Data (other than Customer ID or user ID, which cannot be changed without creating a new account and/or new user) you can do so at any time by using your Customer ID, user ID, and password to access your account. Please contact [email protected] for further instructions about deleting or deactivating your FloQast account.

You can opt out from our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your FloQast account executive. Such opt out will not extend to transactional or relationship messages.

Rights of EEA Residents

If you are based within the EEA or another jurisdiction with similar data protection laws, in certain circumstances you have the following rights: to be told how your information is used and obtain access to your information; to have your information rectified or erased or place restrictions on processing your information; to object to the processing of your information (e.g. for direct marketing purposes); to have the information you provided on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (“data portability”); where the processing of your information is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions; to object to any decisions based on the automated processing of your personal data, including profiling; and to file a complaint with the applicable supervisory authority responsible for data protection matters.

Changes to This Policy

We may update this policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address of your FloQast subscription representative on record with us), by notice posted to our publicly accessible website (www.floqast.com) or by a notice posted in the FloQast Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.

Contact Us

You may direct questions regarding our Privacy Policy to [email protected], or by telephone to FloQast’s legal department at (818) 647-1168, or via mail to FloQast, Inc., 14721 Califa St, Los Angeles, CA 91411 USA.