Effective Date: July 1, 2020
This privacy statement describes how FloQast, Inc. collects and uses the personal information you provide on our public website: www.floqast.com. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.
FloQast and third parties working on our behalf collect personal information that you provide on this Website, such as through forms you choose to submit to contact us to obtain more information about or register for an event. Personal information may include, but is not limited to:
FloQast has a legitimate interest in using the information we collect for the purposes outlined above. Specifically, FloQast has a legitimate interest in ensuring that its website continues to function efficiently and effectively, and to enhance the functionality of its website in response to how visitors use the website and collects data to that end. When you submit contact information to receive our white papers or other communications, we use that data to fulfill your request. We also have a legitimate interest in using data about the individuals who visit this website and the companies for which they work to cultivate business relationships that may benefit FloQast. For some processing activities, such as communicating with you about opportunities to learn from or work with FloQast, we seek your consent to process that data.
We may also share your information with third parties as permitted or required by law, including: (a) with service providers that assist in operating our business; (b) to comply with the law or in response to a subpoena, court order, government request, or other legal process; (c) to produce relevant documents or information in connection with litigation, arbitration, mediation, adjudication, government or internal investigations, or other legal or administrative proceedings; (d) to protect the interests, rights, safety, or property of FloQast or others; (e) to enforce any terms of service or other legal disclosures on or related to this Website; (f) in connection with a sale or other transfer of all or some of the assets of FloQast and/or in connection with a sale or merger of FloQast or any division of FloQast; (g) to provide you with the services or products requested by you, and to perform other activities related to such services and products; (h) to operate FloQast’s systems properly; or (i) any other sharing with your consent.
We do not sell your information to third parties.
If you are a resident of California, please review our California Privacy Notice, which explains the types of personal information we collect that are subject to the California Consumer Privacy Act (“CCPA”), as well as your rights under the CCPA.
We collect four different types of data: personal information provided by you, non-identifiable basic information, non-identifiable cookies, and information (name, email, phone number, company) that you choose to give us through filling out our “Contact Us” or “Free Demo” form.
WE COLLECT PERSONAL INFORMATION THAT YOU PROVIDE
We collect demographic and contact information, such as your name, title, company name, phone number, e-mail address, ERP system used and country from visitors who affirmatively select to receive information about FloQast and its products and services by requesting a Demo. We use this information to provide you with information about the products and services that we provide and to send you information regarding FloQast such as newsletters, promotions, and events. If you no longer wish to receive these email communications, you may follow the unsubscribe mechanism contained in each of the emails you receive.
WE COLLECT NON-IDENTIFIABLE BASIC INFORMATION
We collect click-stream data, HTTP protocol elements, and search terms. We use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves, and we share aggregated data with our clients. These data are non-identifiable. This means we can’t (and have no interest in trying to) identify any individual person via these data. We collect this data from analytics systems such as Google Analytics, LeadLander and Hotjar. We use this data to help improve our site and our clients’ sites.
We collect HTTP cookie data. Again, we use these data for research and development, system tracking, and helping visitors reach the right page. We use these data ourselves and we share aggregated data with our clients. Our cookies are non-identifiable, meaning we can’t (and don’t want to) identify you or any individual person via these data. We collect these cookie data to help improve our web site and our clients’ web sites.
A cookie is a piece of information sent to a browser by a web server. The browser then returns that information to the Web server. This is how some Web pages “remember” your previous visits; for example, an e-commerce site might use a cookie to remember which items you’ve placed in your online shopping cart. Cookies can also store user preference information, log-in data, etc. Cookies let sites provide you with tailored information.
We reserve the right to disclose your personally identifiable information as required by law such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If FloQast is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Upon request we will provide you with information about whether we hold any of your personal information. If you wish to correct, update or request the deletion of personally identifiable information provided to us you may also contact us using the information below. We will respond to your request to access within 30 days. We will retain your information for as long as you remain identified as a potential customer or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations and to resolve disputes.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
As is true of most websites, we use a third-party tracking-utility parner to gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends and to help us improve your experience on our website.
We post customer testimonials on our website which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to request the removal of your testimonial you may do so by contacting us at email@example.com.
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Effective Date: July 1, 2020
Note that when we say “Personal Information” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
Here is a summary of the CCPA-related categories of Personal Information we may have collected about in the 12 months preceding the effective date of this notice, depending how you use our website or the Service, as well as the purpose for which any of this Personal Information may have been collected and with whom we may have shared any of it.
The categories of sources from which we collect or receive Personal Information include: you, your device(s), third parties or services providers that provide Service to you or perform services for us on our behalf, and publicly available sources.
Under the CCPA, you have the following rights if you are a resident of California:
To exercise your “right to know” or your “right to request deletion,” please contact us at firstname.lastname@example.org or (818) 647-1168.
Please note that to protect the integrity of our services and to protect your privacy interests, we will need to verify your identity before processing your request. We may need additional information to verify your identity and that your state of residence is California, if you choose to provide it. This could include: a driver’s license, permit, utility bill, magazine, subscription stub, mail, school ID card, or school record.
Under the CCPA, you may exercise these rights yourself or you may designate an authorized to make these requests on your behalf. If you choose to have an authorized agent act on your behalf, we may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.
As alluded to above, certain types of Personal Information are exempt from certain requirements of the CCPA. This includes:
Covered business have limited obligations, or in some cases no obligations, under the CCPA with regard to these types of personal information.
Effective Date: July 1, 2020
This policy describes how FloQast, Inc. collects and handles personal information that customers provide through or in conjunction with the FloQast Services that link to this policy (“FloQast Services”). It also describes your choices regarding use, access and correction of your personal information.
This policy refers to FloQast, Inc. as “we,” “us” and “our.” References to “you” and “your” are to the owners of the data input into the FloQast Services. This generally is our customers, the companies and organizations that have subscribed to the FloQast Services, and their licensed users. If you are an individual license user whose data is provided to us, controlled by a customer of ours and input into the FloQast Services by such customer, please direct your privacy-related inquiries to the company or organization that has subscribed to the FloQast Services, as more fully described in “Data Access and Choice” below.
You provide us with several kinds of information: Customer Data, Administrative and Personal Data and Billing Data.
Customer Data is the information submitted into the FloQast Services when you use the FloQast Services or when you receive customer support. This includes accounting Customer details such as Customer name, address, fiscal year end and ERP used, Customer accounting details provided pursuant to the provision of the FloQast Services, as well as information derived by the operation of the FloQast Services from such submissions, such as reports and checklists. Customer Data may be submitted directly by you.
The FloQast Services are designed to centralize aspects of Customer financial and accounting practices. As part of this functionality, our software interacts with several Storage Provider platforms, Google Drive, OneDrive, Box, Dropbox, and Egnyte. In order to facilitate communication between each integration our software makes use of the OAuth 2.0 protocol in order to interact with each subsequent storage provider on behalf of the user. FloQast never has access to user passwords during the OAuth process and is only able to access resources each user has given FloQast explicit permission to access. Storage Provider data we collect includes an access token and refresh token obtained on behalf of the user from the OAuth process, storage provider specific folder and file identifier, storage provider file data, and a storage provider specific user identifier.
In order to centralize financial and accounting practices, the FloQast services interact with General Ledger platforms, Netsuite and Intacct. The FloQast Services use OAuth 1.0 as well as credential based authentication in order to interact with Netsuite or Intacct. General Ledger data we collect includes an access token obtained from the OAuth process used to interact with authorized APIs within the General Ledger provider, credential sets provided by the Customer used to interact with authorized APIs within the General Ledger provider, and high level accounting details as explicitly provided by the Customer for the provision of the FloQast Services.
Our system processes Customer Data strictly on your behalf in order to provide you the FloQast Services and perform our contractual obligations to you. We restrict our employees’ access to Customer Data to (1) support, client services and technical staff, who with your consent may have access to your Customer Data to provide customer support, technical troubleshooting and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data to provide you the FloQast Services and to address customer support requests and technical problems.
Our servers automatically record certain information about how a person uses the FloQast Services (we refer to this information as “Log Data”), including both site visitors and users of the FloQast software (either, a “User”). Log Data we collect includes the User’s IP Address, browser User agent, operating system, the web page a user was visiting before accessing our services, pages or features within the FloQast Services to which a User browsed and links within the FloQast Services in which a user clicked on.
Administrative and Personal Data is information you provide during set-up, purchase or administration of the FloQast Services. This includes Customer name, Customer business address, email and phone number, and individual users’ names, emails, phone numbers, IP addresses, account credentials and professional title to the extent this information is provided by Customer.
We collect, store and use Administrative and Personal Data to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative and Personal Data to provide the FloQast Services to you, administrate your account, provide customer support and professional services, keep a records of our dealings with you, notify you of new product offerings and of changes, updates and availability of the FloQast Services, understand your experience using the FloQast Services (for example, by sending you surveys), conduct research, improve the FloQast Services, plan and host events, contact you with marketing communications, and identify and prevent fraud.
Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe for, renew or expand the FloQast Services. This includes name, billing address, credit card information, credit references and other financial data.
We use Billing Data for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.
|Session Identification (Required)||These cookies are required to access the FloQast Services. When a user logs in, a cookie is generated with encrypted information tied to the user account, which is placed onto the browser. These cookies allow us to identify the user when he/she is logged in to perform online requests. One required cookie is also used to prevent the same user from logging into the FloQast Services from multiple browsers at the same time.||When browser is closed, or after a session timeout, user logout or when you clear cookies from your browser.|
Cookies are essential for the proper operation of the FloQast Services. We do not provide an opt out for cookies identified above. In your browser, you can opt out of or delete the other cookies. We do not recommend opting out of cookies, as this will adversely impact the functionality of, and your access to, the FloQast Services.
In addition, we use Pendo.io for certain pages on our product website. This tool helps us understand how often users visit our product website and what pages they visit. We use this information to analyze how our website is used and for website and product development and improvement. You can opt out of Pendo.io by disabling cookies on your browser.
IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the FloQast Services. We use IP addresses for added security of the FloQast Services and to optimize the performance of the FloQast Services. A security feature of the FloQast Services allows a client’s administrator to review the list of IP addresses from which the client’s FloQast account has been accessed. We do not provide an opt-out option for IP addresses.
Statistical Data: When you use the FloQast Services, we may collect statistical information (metadata), such as server log files, usage patterns and frequency. Such statistical information does not include Customer Data. We may use this statistical information for product improvement.
We retain Customer Data for the duration of your subscription to the FloQast Services. After your subscription expires, we retain Customer Data for at least 30 days and may store it for up to an additional 30 days, unless Customer specifically requests immediate return or deletion of such Customer Data. Customer Data may be retained beyond that period in data backups, which may be stored for up to 1 year. Customer Data is deleted using secure deletion methods including digital shredding of encryption keys and hardware destruction in accordance with relevant guidelines. We retain Customer Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We keep Administrative or Personal Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes.
Please, refer to the table above for information on cookie expiration. We currently do not delete IP addresses, Statistical Data and Anonymous Data.
We will disclose your data to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.
We also may disclose your information if we believe in good faith that it is necessary to (1) respond to a subpoena or request by government authorities or comply with any law, regulation, legal process, administrative or other government proceeding, (2) protect against misuse or unauthorized use of the FloQast Services, (3) prevent or address fraud; (4) enforce our rights, policies and agreements or defend ourselves in legal or government proceedings; or (5) protect our rights, property or safety, or those of third parties.
Unless we are prohibited by law, we will attempt to notify you of any request to disclose your Customer Data to the authorities or any other party and, where appropriate, refer such requests directly to you.
We may transfer some or all of our assets, including data, in connection with a merger, acquisition, or sale of assets, or if we dissolve, reorganize our business, or cease operating as a going concern (for example, in the event of a bankruptcy).
We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards. Our data security measures include (but are not limited to):
We store Customer Data, Administrative and Personal Data and Billing Data in the United States. In some cases, storage of information may be based on the European Commission’s Standard Model Clauses for transfers of personal data outside the European Economic Area (EEA).
We are a data processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all privacy laws and regulations applicable to you as a user of the FloQast Service and controller of your own Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to you, our customer (the data controller). If requested to remove the data, we will respond to the individual within reasonable timeframe and direct the request to our customer.
Upon request we will provide you with information about whether we hold any of your personal information in Administrative and Personal Data or Billing Data. If you want to edit and/or change any Administrative or Personal Data or Billing Data (other than Customer ID or user ID, which cannot be changed without creating a new account and/or new user) you can do so at any time by using your Customer ID, user ID, and password to access your account. Please contact email@example.com for further instructions about deleting or deactivating your FloQast account.
You can opt out from our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your FloQast account executive. Such opt out will not extend to transactional or relationship messages
If you are based within the EEA or another jurisdiction with similar data protection laws, in certain circumstances you have the following rights: to be told how your information is used and obtain access to your information; to have your information rectified or erased or place restrictions on processing your information; to object to the processing of your information (e.g. for direct marketing purposes); to have the information you provided on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (“data portability”); where the processing of your information is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions; to object to any decisions based on the automated processing of your personal data, including profiling; and to file a complaint with the applicable supervisory authority responsible for data protection matters.
We may update this policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address of your FloQast subscription representative on record with us), by notice posted to our publicly accessible website (www.floqast.com) or by a notice posted in the FloQast Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.