Privacy Policy
Effective Date: July 1, 2024
At Flowspace, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.
Remember that your use of Flowspace’s Services is at all times subject to our Terms and Conditions, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.
If you have a disability, you may access this Privacy Policy in an alternative format by contacting [email protected].
Privacy Policy Table of Contents
- What this Privacy Policy Covers
- Personal Data
- How We Disclose Your Personal Data
- Tracking Tools, Advertising and Opt-Out
- Data Security and Retention
- Personal Data of Children
- California Resident Rights
- Colorado Resident Rights
- Connecticut Resident Rights
- Utah Resident Rights
- Virginia Resident Rights
- Exercising Your Rights under the State Privacy Laws
- Other State Law Privacy Rights
- Changes to this Privacy Policy
- Contact Information
- AI Addendum
- Data Processing Addendum for Customer Personal Information
1. What this Privacy Policy Covers
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.
2. Personal Data
2.1. Categories of Personal Data We Collect
WHAT WE COLLECT | HOW WE USE IT |
Information you provide us about you and your business, like your name, the name of your staff or other individuals associated with your business, company name, address, email address, and phone number. | To provide you with the use of our platform and other related services (e.g., to confirm your identity, to contact you about issues with the platform, to invoice you) To send you updates about new products and features To comply with legal requirements To prevent fraudulent use of our services |
Payment information you provide us. | To provide you with the use of our platform and other related services To charge for our services |
Information about how you access our website, your account, and our platform, including information about the device and browser you use, your network connection, your IP address, and details about how you browse our websites and platform. We collect some of this information by using “cookies” or other similar technologies directly from your device. See the “Tracking Tools, Advertising and Opt-Out” section below | To provide you use of, and to improve, our platform and other related services (e.g., identifying ways to make our platform easier to use or navigate) To personalize the platform for you To advertise and market products or features to you To prevent fraudulent use of our services |
2.3. Our Commercial or Business Purposes for Collecting Personal Data
- Providing, Customizing and Improving the Services
- Creating and managing your account and user
- Providing you with the Services, or other products, services or information you request
- Meeting or fulfilling the reason you provided the information to us
- Providing support and assistance for the Services
- Analyzing trends and consumers’ interactions with the Services
- Improving the Services, including testing, research, internal analytics and product development
- Personalizing the Services, website content and communications based on your preferences
- Doing fraud protection, security and debugging
- Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 (the “CCPA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Act (the “CPA”), the Connecticut Data Privacy Act (the “CTDPA”), or Utah Consumer Privacy Act (the “UCPA”) (collectively, the “State Privacy Laws”).
- Marketing the Services
- Marketing and selling the Services
- Providing you with customized offers or promotions that we think might be interested to you
- Showing you advertisements, including interest-based or online behavioral advertising, and retargeted online and mobile advertisements to you across computers or devices you may use
- Corresponding with You
- Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Company or the Services
- Sending emails and other communications according to your preferences or that display content that we think will interest you
- Meeting Legal Requirements and Enforcing Legal Terms
- Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities
- Protecting the rights, property or safety of you, Flowspace or another party
- Enforcing any agreements with you
- Responding to claims that any posting or other content violates third-party rights
- Resolving disputes
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.
3. How We Disclose Your Personal Data
We disclose your Personal Data to the categories of service providers and other parties listed in this section. For more information, please refer to the state-specific sections below.
- Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
- Hosting, technology and communication providers, such as Google Cloud Platform
- Analytics providers, such as Google Analytics
- Support and customer service software vendors
- Payment processors
- Our payment processing partners Stripe, Inc. (“Stripe”) and Plaid Inc. (“Plaid”) collect your voluntarily-provided payment card information necessary to process your payment.
- Please see Stripe and Plaid’s terms of service and privacy policy for information on their use and storage of your Personal Data.
- Advertising Partners. These parties help us market our services and provide you with other offers that may be of interest to you.
3.1. Legal Obligations
We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
3.2. Business Transfers
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
3.3. Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
4. Tracking Tools, Advertising and Opt-Out
The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services.
We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that we do not yet process the experimental “Do Not Track” mechanism implemented by some web browsers.
We use the following types of Cookies:
- Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
- Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
- Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and disclose information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
- Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.
4.1. Information about Interest-Based Advertisements
We may serve advertisements, and also allow third-party ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.
4.2. Opt-out Choices
We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based a consumer’s online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt-out pages, which are located at http://www.networkadvertising.org/choices or www.aboutads.info/choices. To opt-out of the use of your mobile device ID for targeted advertising, see http://www.aboutads.info/appchoices.
We provide our consumers with the opportunity to opt-out of having their information used for purposes not directly related to placement, processing, fulfillment, or delivery of a product or service. To opt-out of marketing communications, you may use one of these convenient methods:
Electronic Promotional Offers. If you do not want to receive emails from us regarding special promotions or offers, you may click the unsubscribe link in the footer of any email, or contact us at [email protected] with “Unsubscribe Promotional Offers” in the subject line.
Your instructions to limit the use of your information for these purposes will be processed as soon as reasonably practicable. Additionally, we are not responsible for informing third parties (including without limitation our third party service providers or partners) with whom we have already shared your personal information of any changes requested pursuant to this section, or for removing information from or causing information to be removed from the databases or records of such entities.
5. Data Security and Retention
We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
6. Personal Data of Children
Excluding order information (see our Data Processing Addendum below), we do not knowingly collect or solicit Personal Data about children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at [email protected].
7. California Resident Rights
If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights under the State Privacy Laws” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
7.1. Access
You have the right to request certain information about our collection and use of your Personal Data. In response, we will provide you with the following information in the past 12 months:
- The categories of Personal Data that we have collected about you
- The categories of sources from which that Personal Data was collected
- The business or commercial purpose for collecting or selling your Personal Data
- The categories of third parties with whom we have shared your Personal Data
- The specific pieces of Personal Data that we have collected about you
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient.
You may request the above information beyond the 12-month period, but no earlier than January 1, 2022. If you do make such a request, we are required to provide that information unless doing so proves impossible or would involve disproportionate effort.
7.2. Deletion
You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested, or if deletion of your Personal Data involves disproportionate effect. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
7.3. Correction
You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.
7.4. Personal Data Sharing Opt-Out
In this section, we use the term ‘share’ as it is defined in the CCPA. We share your Personal Data, subject to your right to opt-out as described in this section.
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CCPA, disclosing your data through third party Cookies for online advertising may be considered “sharing” of information. You can opt out of these sales by following the instructions in this section.
We share your Personal Data with the following categories of third parties:
- Analytics providers, such as Google Analytics
- Marketing providers
We have shared the foregoing categories of Personal Data for the following business or commercial purposes:
- Improving the Services, including testing, research, internal analytics and product development.
- Personalizing the Services, website content and communications based on your preferences.
- Doing fraud protection, security and debugging.
- Marketing and selling the Services.
- Showing you advertisements, including interest-based or online behavioral advertising.
7.5 Limit the Use of Sensitive Personal Information
Consumers have the right to request that we limit the use or sharing disclosure of their Sensitive Personal Information (“Right to Limit”). However, since our use and disclosure of Sensitive Information are limited to the purposes set forth in section 7027(m) of the CCPA regulations, including: 1) performing the services or providing the goods reasonably expected, 2) preventing, detecting, and investigating security incidents, 3) resisting malicious, deceptive, fraudulent, or illegal actions, 4) ensuring physical safety of natural persons, 5) for short-term transient use, 6) performing services on behalf of the business, 7) verifying or maintaining quality or safety of a product or service, and 8) collecting or processing Sensitive Personal Information but not for the purpose of inferring characteristics, we do not offer a way for you to submit such a request.
7.6. We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
8.Colorado Resident Rights
If you are a Colorado resident, you have the rights set forth under the Colorado Privacy Act (“CPA”). Please see the “Exercising Your Rights under the State Privacy Laws” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Colorado resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
8.1 Access
You have the right to request confirmation of whether or not we are processing your Personal Data and to access and request a copy of your Personal Data in a machine-readable format, to the extent technically feasible, twice within a calendar year.
8.2 Correction
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data.
8.3 Deletion
You have the right to delete Personal Data concerning you.
8.4 Targeted Advertising Opt-Out
We process for the purposes of targeted advertising your Personal Data, subject to your right to opt-out of these sales.
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit.
You have the right to opt-out of the share of your Personal Data by following the instructions in the “Exercising Your Rights” section.
8.5 Profiling Opt-Out
We do not process your Personal Data for ‘Profiling’ to make ‘Decisions’ under the CPA. ‘Profiling’ means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements. ‘Decision’ means any ‘Decisions that Produce Legal or Similarly Significant Effects Concerning a Consumer,’ as defined in the CPA that concern you.
8.6 We Will Not Discriminate Against You
We will not process your personal data in violation of state and federal laws that prohibit unlawful discrimination against consumers.
9. Connecticut Resident Rights
If you are a Connecticut resident, you have the rights set forth under the Connecticut Data Privacy Act (“CTDPA”). Please see the “Exercising Your Rights under State Privacy Laws” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Connecticut resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
9.1 Access
You have the right to request confirmation of whether or not we are processing your Personal Data and to access your Personal Data.
9.2 Correction
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data.
9.3 Deletion
You have the right to delete Personal Data you have provided to us or we have obtained about you.
9.4 Portability
You have the right to request a copy of your Personal Data that is processed automatically in a machine-readable format, to the extent technically feasible.
9.5 Personal Data Sales and Targeted Advertising Opt-Out
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CTDPA, disclosing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of these sales by following the instructions in this section. You can opt out from these “sales” by following the instructions in the “Exercising Your Rights under State Privacy Laws” section.
9.6 Profiling Opt-Out
We do not process your Personal Data for ‘Profiling’ as defined under the CTDPA. ‘Profiling’ means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
9.7 We Will Not Discriminate Against You for Exercising Your Rights Under the CTDPA
We will not discriminate against you for exercising your rights under the CTDPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CTDPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CTDPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
10. Utah Resident Rights
If you are a Utah resident, you have the rights set forth under the Utah Consumer Privacy Act (“UCPA”). Please see the “Exercising Your Rights under the State Privacy Laws” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Utah resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
10.1 Access
You have the right to request confirmation of whether or not we are processing your Personal Data and to access your Personal Data.
10.2 Portability
You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
10.3 Deletion
You have the right to delete Personal Data that you have provided to us.
10.4 Opt-Out of Certain Processing Activities
You have the right to opt-out of the processing of your Personal Data for targeted advertising purposes. We process your Personal Data for targeted advertising purposes. You can opt out this processing of your Personal Data by following the instructions under the “Exercising Your Rights under the State Privacy Laws” Section.
10.5 We Will Not Discriminate Against You for Exercising Your Rights Under the UCPA
We will not discriminate against you for exercising your rights under the UCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the UCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the UCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
11. Virginia Resident Rights
If you are a Virginia resident, you have the rights set forth under the Virginia Consumer Data Protection Act (“VCDPA”). Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
11.1 Access
You have the right to request confirmation of whether or not we are processing your Personal Data and to access your Personal Data.
11.2 Correction
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data.
11.3 Portability
You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
11.4 Deletion
You have the right to delete Personal Data you have provided to us or we have obtained about you.
11.5 Opt-Out of Certain Processing Activities
You have the right to opt-out of the processing of your Personal Data for targeted advertising purposes. We process your Personal Data for targeted advertising purposes.
11.6 We Will Not Discriminate Against You for Exercising Your Rights Under the VCDPA
We will not discriminate against you for exercising your rights under the VCDPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the VCDPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the VCDPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
12. Exercising Your Rights under State Privacy Laws
To exercise the rights described in this Privacy Policy, you or, if you are a California, Colorado or Connecticut resident, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria.
We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within the time period required by applicable law.
We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
If you are a California, Colorado, Connecticut, Virginia, or Utah resident, you may opt-out from any “shares,” or targeted advertising, by emailing us at [email protected].
You may submit a Valid Request for any other rights afforded to you in this Privacy Policy by emailing us at [email protected].
If you are a California, Colorado or Connecticut resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
12.1 Appealing a Denial
If you are a Colorado, Connecticut, or Virginia resident and we refuse to take action on your request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the CPA, CTDPA, or VCDPA (as applicable). We will respond to your appeal within the time period required under the applicable law. You can submit a Verified Request to appeal by emailing us at [email protected].
If we deny your appeal, you have the right to contact the Attorney General of your State, including by the following links: www.oag.state.va.us/consumer-protection/index.php/file-a-complaint (VA), www.coag.gov/resources/colorado-privacy-act/ (CO), and www.portal.ct.gov/AG/Sections/Privacy/The-Privacy-and-Data-Security-Department (CT).
13. Other State Law Privacy Rights
13.1. California Resident Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at [email protected].
14. Changes to this Privacy Policy
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on the Flowspace website, by sending you an email and/or by some other means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.
15. Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us by email at [email protected].
AI ADDENDUM
PLEASE READ THIS AI ADDENDUM (“ADDENDUM”) BEFORE OPTING INTO FLOWSPACE FEATURES THAT USE ARTIFICIAL INTELLIGENCE CAPABILITIES (THE “AI FEATURE”). BY CLICKING “I ACCEPT” OR OPTING IN, YOU AND THE ORGANIZATION YOU REPRESENT OR DISCLOSE INFORMATION ABOUT (IF ANY) (COLLECTIVELY, “YOU,” “YOUR”) AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS ADDENDUM. THIS ADDENDUM INCORPORATES THE TERMS OF SERVICE AND PRIVACY POLICY (TOGETHER, THE “TERMS”) BY AND BETWEEN YOU AND FLOWSPACE, INC. (“FLOWSPACE” OR “WE”). IF THERE ARE ANY CONFLICTS BETWEEN THIS ADDENDUM AND THE TERMS, THIS ADDENDUM SHALL CONTROL. ANY REFERENCE TO THE “AGREEMENT” SHALL MEAN THE TERMS TOGETHER WITH THE ADDENDUM ANY CAPITALIZED TERMS THAT ARE NOT DEFINED SHALL HAVE THE MEANING GIVEN TO THEM IN THE TERMS.
1. ACCESS.
1.1 You may request to opt into the AI Feature through your account settings on the Services. All opt in requests will be subject to our approval at our sole discretion. You may opt out of the AI Feature at any time by sending us an email [email protected]; provided that Flowspace may continue to use the AI Feature Content as described below that it received prior to such opt-out. Flowspace may change or cease offering the AI Feature in its sole discretion at any time without prior notice.
1. LICENSE; RESTRICTIONS.
1.1 Any data that you submit as input to the AI Feature (“Input”) or receive as output by the AI Feature (“Output”) are collectively the “AI Feature Content.” If you access the AI Feature through an account assigned to you by your organization, the instructions and limitations on use of AI Feature Content imposed by your organization to Flowspace will govern. You will access the AI Feature only in jurisdictions currently supported by Flowspace (USA only), and Flowspace may suspend or terminate your access if you do so from an unsupported jurisdiction. The AI Feature is meant to enhance your use of our schedule optimization products and services. You will use the AI Feature solely for the purpose of supply chain optimization. You will not use the AI Feature for any inquiries that require the expertise of trained professional humans. You are responsible for all AI Feature Content. You acknowledge that the quality of the Output largely depends on the Input, and you will comply with all applicable laws, the terms of the Agreement. Specifically, you agree not to include as Input any irrelevant, fraudulent, or deceptive instructions to “break,” steer, or otherwise attempt to solicit results from the AI Feature that would violate these terms. You acknowledge that Output is generated from AI and not by a human. Flowspace is working to make the AI Feature more accurate, reliable, safe and beneficial. You agree that the Output may yield inaccurate results in some situations. You acknowledge that relying on any Output without human review could cause harm including but not limited to legal and financial.
1.2 To the extent the AI Feature interacts with any third party application programming interfaces (APIs) (“Third Party API(s)”), additional terms may apply. You shall be solely responsible for procuring any rights and/or consents to access the AI Feature and your compliance of any third party terms. Flowspace is not responsible for the operation of any Third Party API nor the availability or operation of the AI Feature to the extent dependent on the Third Party API. Flowspace disclaims all liabilities relating to any Third Party API for the AI Feature.
1.3 Flowspace will access and use the AI Feature Content to provide the AI Feature to you and maintain the AI Feature, comply with applicable law, and enforce the terms of the Agreement, and you hereby grant Flowspace, and its third party contractors (including subprocessors and owners of the AI tools used to operate the AI Feature) all rights and licenses necessary to do so. You retain all rights, title and interest to your Input. You may provide us suggestions or feedback with respect to the AI Feature (“Feedback”). If you do so, you hereby grant to Flowspace a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose.
2. DISCLAIMER; INDEMNIFICATION.
THE AI FEATURE IS PROVIDED “AS IS.” EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS MAKE NO WARRANTIES (EXPRESS, IMPLIED, STATUTORY OR OTHERWISE) WITH RESPECT TO THE AI FEATURE, AND DISCLAIM ALL WARRANTIES INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR TRADE USAGE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ACCURATE OR ERROR FREE, OR THAT ANY AI FEATURE CONTENT WILL BE SECURE OR NOT LOST OR ALTERED. You will defend, indemnify, and hold harmless us, our affiliates, and our personnel, from and against any claims, losses, and expenses (including attorneys’ fees) arising from or relating to your use of the AI Feature, the AI Content, your breach of these terms or violation of applicable law.
DATA PROCESSING ADDENDUM FOR CUSTOMER PERSONAL INFORMATION
THIS DATA PROCESSING ADDENDUM FOR CUSTOMER PERSONAL INFORMATION (the “Data Addendum”) forms part of the written or electronic agreement for provision of Services as set forth in the Warehouse & Transportation Agreement into which agreement this Data Addendum is expressly hereby incorporated by reference (the “Agreement”) by and between Flowspace and Customer (each, a “Party,” and together, the “Parties”). It applies to the processing of Customer Personal Information (as defined below) by Flowspace within the scope of US Data Protection Laws pursuant to the Agreement.
1. Definitions. For the purposes of this Data Addendum, (a) “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civil Code § 1798.100 et seq. and its implementing regulations (as amended by the California Privacy Rights Act of 2020); (b) “Customer Personal Information” means Customer data processed by Flowspace on Customer’s behalf that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, to the extent that such information is protected as personal information under CCPA or an analogous term under other applicable US Data Protection Laws; (c) “US Data Protection Laws” means CCPA and any other United States laws and regulations applicable to the processing of personal information which are also applicable to Flowspace; and (d) “personal information”, “sell”, “service provider”, “verifiable consumer request”, “processing”, and “consumer” will have the meanings given to them in the CCPA (expressly including the CPRA amendments thereto effective January 1, 2023) and within the scope of the CCPA.
2. Processing of Customer Personal Information. To the extent that in connection with its performance of the Agreement Flowspace processes Customer Personal Information on Customer’s behalf that is subject to applicable US Data Protection Laws, Flowspace (i) acknowledges and agrees that it is, and will act as, a “service provider” with respect to Customer Personal Information provided to Flowspace by Customer or on Customer’s behalf in accordance with the applicable terms of such US Data Protection Laws; (ii) will maintain reasonable security procedures and practices appropriate to the nature of the Customer Personal Information provided to Flowspace by Customer or on Customer’s behalf to protect Customer Personal Information from unauthorized access, use or destruction, in accordance with the terms of the Agreement and the applicable requirements of US Data Protection Laws; (iii) will not retain, use, or disclose Customer Personal Information provided to Flowspace by Customer or on Customer’s behalf for any purpose (including any commercial purpose) other than for the business purposes specified in the Agreement, the direct business relationship with Customer, as otherwise instructed by Customer, or as otherwise permitted under applicable US Data Protection Laws; (iv) will not combine Customer Personal Information it receives from Customer or on Customer’s behalf with personal information it receives from a third party, except to the extent otherwise permitted under applicable US Data Protection Laws; and (v) will not transfer or disclose Customer Personal Information provided to Flowspace by Customer or on Customer’s behalf to a third party in a manner that constitutes “selling” or “sharing” such information under applicable US Data Protection Laws, except to the extent such transfer or disclosure is otherwise permitted under applicable US Data Protection Laws. To the extent required by applicable US Data Protection Laws, Customer may take reasonable and appropriate steps as mutually agreed upon with Flowspace to verify that Flowspace’s processing of Customer Personal Information is in a manner consistent with Flowspace’s obligations under US Data Protection Laws and the terms of the Agreement and this Data Addendum. Flowspace will promptly notify Customer if it determines that it can no longer meet its obligations under this Data Addendum and/or applicable US Data Protection Laws with respect to Customer Personal Information provided to Flowspace by Customer or on Customer’s behalf. To the extent required by applicable US Data Protection Laws, if Customer reasonably determines that Flowspace is using Customer Personal Information in a manner not authorized under the Agreement and this Data Addendum, Customer will have the right to direct Flowspace to stop and remediate such unauthorized use. Customer acknowledges and agrees that Flowspace may use its contractors, including Third Party Providers and other sub-processors to process personal information for the purposes of the Agreement in compliance with applicable subcontracting requirements set forth under US Data Protection Laws. If Flowspace substantiates any unauthorized access to and exfiltration, theft, or disclosure of Customer Personal Information, Flowspace will notify Customer as soon as is reasonably possible, provided that Flowspace’s notification of or response to such event will not be construed as an acknowledgement by Flowspace of any fault or liability with respect to such event. The Parties agree that Customer’s provision or other transfer of Customer Personal Information to Flowspace does not constitute a sale of such information to, or sharing of such information with, Flowspace.
3. Data Subject Requests. Flowspace will reasonably assist Customer with any consumer data subject access, erasure or opt-out requests and objections. If Flowspace receives any request from consumers, authorities, or others relating to its data processing, Flowspace will without undue delay inform Customer and reasonably assist Customer with developing a response (but Flowspace will not itself respond other than to confirm receipt of the request, to inform the consumer, authority or other third party that their request has been forwarded to Customer, and/or to refer them to Customer, except per reasonable instructions from Customer). Flowspace will also reasonably assist Customer with the resolution of any request or inquiries that Customer receives from data protection authorities relating to Flowspace, unless Flowspace elects to object to such requests directly with such authorities. Flowspace takes data privacy seriously and adheres to industry best practices like enforcing data encryption at rest and in transit, implementing data access controls for employees and warehouse operators, and is subjected to yearly data security audits from an external party as well as Amazon. Flowspace has the ability to remove Customer Personal Information from our databases after 30 days. Customer Personal Information is only shared with two vendors, Easypost and Smarty.com, for shipping address validation and shipping label creation.
4. Data Security. In addition to any internal policies of Flowspace, Flowspace will use commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, alteration or disclosure of Customer Personal Information. Flowspace, however, will have no responsibility for errors in transmission, third-party applications, unauthorized third-party access, or other causes beyond Flowspace’s control. Customer Personal Information will be encrypted (in transit and at rest) in compliance with high industry standards. In addition, Flowspace will maintain and enforce appropriate data access, security and integrity controls, including (i) appropriate protection for, or restrictions on storing Customer Personal Information on, or accessing Customer Personal Information from, any portable devices (e.g., laptops, tablets, portable storage devices, mobile devices); and (ii) user sign-on identification and authentication and other applicable controls (including password protection of applications, data files and libraries) ensuring (a) accountability tracking and no re-use or sharing of credentials, (b) authentication credentials have an expiration period or have Multifactor Authentication (MFA) implemented and (c) password complexity standards are implemented. Flowspace will implement and maintain technical, administrative, physical and organizational security measures and other safeguards (“Safeguards”) that are designed to prevent any destruction, loss, alteration or unavailability of, any unauthorized use or disclosure of, and any unauthorized access to, Customer Personal Information (including while in the possession or under the control of Flowspace and during the electronic transmission and storage thereof). Such Safeguards shall be at least equal to the highest of the following: (i) generally accepted industry standards for security management, and (ii) standards required by the U.S. Data Protection Laws.
5. Effect of this Data Addendum. In the event of any conflict or inconsistency between the terms of this Data Addendum and the terms of the Agreement with respect to the subject matter hereof and solely where U.S. Data Protection Laws apply, the terms of this Data Addendum shall control.