Effective Date: May 25, 2018
This privacy statement describes how FloQast, Inc. collects and uses the personal information you provide on our public website: www.floqast.com. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.
We collect four different types of data: personal information provided by you, non-identifiable basic information, non-identifiable cookies, and information (name, email, phone number, company) that you choose to give us through filling out our “Contact Us” or “Free Demo” form.
WE COLLECT PERSONAL INFORMATION THAT YOU PROVIDE
We collect demographic and contact information, such as your name, title, company name, phone number, e-mail address, ERP system used and country from visitors who affirmatively select to receive information about FloQast and its products and services by requesting a Demo. We use this information to provide you with information about the products and services that we provide and to send you information regarding FloQast such as newsletters, promotions, and events. If you no longer wish to receive these email communications, you may follow the unsubscribe mechanism contained in each of the emails you receive.
WE COLLECT NON-IDENTIFIABLE BASIC INFORMATION
We collect click-stream data, HTTP protocol elements, and search terms. We use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves, and we share aggregated data with our clients. These data are non-identifiable. This means we can’t (and have no interest in trying to) identify any individual person via these data. We collect this data from analytics systems such as Google Analytics, LeadLander and Hotjar. We use this data to help improve our site and our clients’ sites.
WE COLLECT NON-IDENTIFIABLE COOKIE INFORMATION
We collect HTTP cookie data. Again, we use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves and we share aggregated data with our clients. Our cookies are non-identifiable, meaning we can’t (and don’t want to) identify you or any individual person via these data. We collect these cookie data to help improve our web site and our clients’ web sites.
WHAT ARE “COOKIES”?
A cookie is a piece of information sent to a browser by a web server. The browser then returns that information to the Web server. This is how some Web pages “remember” your previous visits; for example, an e-commerce site might use a cookie to remember which items you’ve placed in your online shopping cart. Cookies can also store user preference information, log-in data, etc. Cookies let sites provide you with tailored information.
We reserve the right to disclose your personally identifiable information as required by law such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If FloQast is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION
Upon request we will provide you with information about whether we hold any of your personal information. If you wish to correct, update or request the deletion of personally identifiable information provided to us you may also contact us using the information below. We will respond to your request to access within 30 days. We will retain your information for as long as you remain identified as a potential customer or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations and to resolve disputes.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
Effective Date: May 25, 2018
This policy describes how FloQast, Inc. collects and handles personal information that customers provide through or in conjunction with the FloQast Services that link to this policy (“FloQast Services”). It also describes your choices regarding use, access and correction of your personal information.
This policy refers to FloQast, Inc. as “we,” “us” and “our.” References to “you” and “your” are to the owners of the data input into the FloQast Services. This generally is our customers, the companies and organizations that have subscribed to the FloQast Services, and their licensed users. If you are an individual license user whose data is provided to us, controlled by a customer of ours and input into the FloQast Services by such customer, please direct your privacy-related inquiries to the company or organization that has subscribed to the FloQast Services, as more fully described in “Data Access and Choice” below.
INFORMATION PROVIDED BY YOU
You provide us with several kinds of information: Customer Data, Administrative and Personal Data and Billing Data.
Customer Data is the information submitted into the FloQast Services when you use the FloQast Services or when you receive customer support. This includes accounting Customer details such as Customer name, address, fiscal year end and ERP used, Customer accounting details provided pursuant to the provision of the FloQast Services, as well as information derived by the operation of the FloQast Services from such submissions, such as reports and checklists. Customer Data may be submitted directly by you.
The FloQast Services are designed to centralize aspects of Customer financial and accounting practices. As part of this functionality, our software interacts with several Storage Provider platforms, Google Drive, OneDrive, Box, Dropbox, and Egnyte. In order to facilitate communication between each integration our software makes use of the OAuth 2.0 protocol in order to interact with each subsequent storage provider on behalf of the user. FloQast never has access to user passwords during the OAuth process and is only able to access resources each user has given FloQast explicit permission to access. Storage Provider data we collect includes an access token and refresh token obtained on behalf of the user from the OAuth process, storage provider specific folder and file identifier, storage provider file data, and a storage provider specific user identifier.
In order to centralize financial and accounting practices, the FloQast services interact with General Ledger platforms, Netsuite and Intacct. The FloQast Services use OAuth 1.0 as well as credential based authentication in order to interact with Netsuite or Intacct. General Ledger data we collect includes an access token obtained from the OAuth process used to interact with authorized APIs within the General Ledger provider, credential sets provided by the Customer used to interact with authorized APIs within the General Ledger provider, and high level accounting details as explicitly provided by the Customer for the provision of the FloQast Services.
Our system processes Customer Data strictly on your behalf in order to provide you the FloQast Services and perform our contractual obligations to you. We restrict our employees’ access to Customer Data to (1) support, client services and technical staff, who with your consent may have access to your Customer Data to provide customer support, technical troubleshooting and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data to provide you the FloQast Services and to address customer support requests and technical problems.
Our servers automatically record certain information about how a person uses the FloQast Services (we refer to this information as “Log Data”), including both site visitors and users of the FloQast software (either, a “User”). Log Data we collect includes the User’s IP Address, browser User agent, operating system, the web page a user was visiting before accessing our services, pages or features within the FloQast Services to which a User browsed and links within the FloQast Services in which a user clicked on.
Administrative and Personal Data is information you provide during set-up, purchase or administration of the FloQast Services. This includes Customer name, Customer business address, email and phone number, and individual users’ names, emails, phone numbers, IP addresses, account credentials and professional title to the extent this information is provided by Customer.
We collect, store and use Administrative and Personal Data to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative and Personal Data to provide the FloQast Services to you, administrate your account, provide customer support and professional services, keep a records of our dealings with you, notify you of new product offerings and of changes, updates and availability of the FloQast Services, understand your experience using the FloQast Services (for example, by sending you surveys), conduct research, improve the FloQast Services, plan and host events, contact you with marketing communications, and identify and prevent fraud.
Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe for, renew or expand the FloQast Services. This includes name, billing address, credit card information, credit references and other financial data.
We use Billing Data for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.
INFORMATION COLLECTED BY US
|Session Identification (Required)||These cookies are required to access the FloQast Services. When a user logs in, a cookie is generated with encrypted information tied to the user account, which is placed onto the browser. These cookies allow us to identify the user when he/she is logged in to perform online requests. One required cookie is also used to prevent the same user from logging into the FloQast Services from multiple browsers at the same time.||When browser is closed, or after a session timeout, user logout or when you clear cookies from your browser.|
|These cookies are required to access the FloQast Services. It guarantees that the sender of data to the FloQast servers is the user the FloQast server produced the web app for.|
|User Experience||User Experience These cookies are utilized to allow FloQast to understand user behavior within the application and improve experiences for the user.|
|24 hours to 100 days|
Cookies are essential for the proper operation of the FloQast Services. We do not provide an opt out for cookies identified above. In your browser, you can opt out of or delete the other cookies. We do not recommend opting out of cookies, as this will adversely impact the functionality of, and your access to, the FloQast Services.
In addition, we use Pendo.io for certain pages on our product website. This tool helps us understand how often users visit our product website and what pages they visit. We use this information to analyze how our website is used and for website and product development and improvement. You can opt out of Pendo.io by disabling cookies on your browser.
IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the FloQast Services. We use IP addresses for added security of the FloQast Services and to optimize the performance of the FloQast Services. A security feature of the FloQast Services allows a client’s administrator to review the list of IP addresses from which the client’s FloQast account has been accessed. We do not provide an opt-out option for IP addresses.
Statistical Data: When you use the FloQast Services, we may collect statistical information (metadata), such as server log files, usage patterns and frequency. Such statistical information does not include Customer Data. We may use this statistical information for product improvement.
We retain Customer Data for the duration of your subscription to the FloQast Services. After your subscription expires, we retain Customer Data for at least 30 days and may store it for up to an additional 30 days, unless Customer specifically requests immediate return or deletion of such Customer Data. Customer Data may be retained beyond that period in data backups, which may be stored for up to 1 year. Customer Data is deleted using secure deletion methods including digital shredding of encryption keys and hardware destruction in accordance with relevant guidelines. We retain Customer Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We keep Administrative or Personal Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes.
Please, refer to the table above for information on cookie expiration. We currently do not delete IP addresses, Statistical Data and Anonymous Data.
DISCLOSURE OF INFORMATION
We will disclose your data to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.
- We may contract with other companies to provide services or functionality on our behalf. If we do so, we may share Customer Data and/or Administrative and Personal Data with such providers to the extent necessary for their engagement. In such cases, we will require such providers to maintain the confidentiality of your information and to use it only for the purposes of their engagement by us. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and our agreements with you.
- We store encrypted copies of our database backups in facilities provided by Amazon Web Services and MongoDB. These third parties do not have the right to access such data.
- Anonymous Data does not identify you or your users and, therefore, we may disclose it to third parties as appropriate to support our business needs.
We also may disclose your information if we believe in good faith that it is necessary to (1) respond to a subpoena or request by government authorities or comply with any law, regulation, legal process, administrative or other government proceeding, (2) protect against misuse or unauthorized use of the FloQast Services, (3) prevent or address fraud; (4) enforce our rights, policies and agreements or defend ourselves in legal or government proceedings; or (5) protect our rights, property or safety, or those of third parties.
Unless we are prohibited by law, we will attempt to notify you of any request to disclose your Customer Data to the authorities or any other party and, where appropriate, refer such requests directly to you.
We may transfer some or all of our assets, including data, in connection with a merger, acquisition, or sale of assets, or if we dissolve, reorganize our business, or cease operating as a going concern (for example, in the event of a bankruptcy).
We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards. Our data security measures include (but are not limited to):
- Integration of application security into the agile product development lifecycle with both manual and automated controls to address static testing and dynamic code analysis;
- Regular internal and external penetration testing against both our application and associated supporting infrastructure;
- Intrusion detection systems monitoring both network and hosts;
- Data encryption in transit to and from us;
- Hashing/salting of passwords;
- Physical security measures;
- Multiple levels of backup data protection;
- Fully redundant backup data center capability and failover recovery covered by our SLA;
- SSAE16 SOC1 Type II externally audited at least once per year by a third-party Report on Compliance;
- Mandatory FloQast-internal security controls, including: multi-factor authentication; password complexity; protocols to prevent brute-force authentication attempts.
INFORMATION LOCATION AND TRANSFERS
We store Customer Data, Administrative and Personal Data and Billing Data in the United States. In some cases, storage of information may be based on the European Commission’s Standard Model Clauses for transfers of personal data outside the European Economic Area (EEA).
DATA ACCESS AND CHOICE
We are a data processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all privacy laws and regulations applicable to you as a user of the FloQast Service and controller of your own Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to you, our customer (the data controller). If requested to remove the data, we will respond to the individual within a reasonable timeframe and direct the request to our customer.
Upon request we will provide you with information about whether we hold any of your personal information in Administrative and Personal Data or Billing Data. If you want to edit and/or change any Administrative or Personal Data or Billing Data (other than Customer ID or user ID, which cannot be changed without creating a new account and/or new user) you can do so at any time by using your Customer ID, user ID, and password to access your account. Please contact email@example.com for further instructions about deleting or deactivating your FloQast account.
You can opt out from our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your FloQast account executive. Such opt out will not extend to transactional or relationship messages
RIGHTS OF EEA RESIDENTS
If you are based within the EEA or another jurisdiction with similar data protection laws, in certain circumstances you have the following rights: to be told how your information is used and obtain access to your information; to have your information rectified or erased or place restrictions on processing your information; to object to the processing of your information (e.g. for direct marketing purposes); to have the information you provided on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (“data portability”); where the processing of your information is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions; to object to any decisions based on the automated processing of your personal data, including profiling; and to file a complaint with the applicable supervisory authority responsible for data protection matters.
CHANGES TO THIS POLICY
We may update this policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address of your FloQast subscription representative on record with us), by notice posted to our publicly accessible website (www.floqast.com) or by a notice posted in the FloQast Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.