Legal & Security

Our customers are protected by our corporate
policies based on international standards

Our customers are protected by our corporate policies
based on international standards

FluentPro Privacy Policy

Effective Date: June 29, 2018

FluentPro Software Corporation (“FluentPro” or “we” or “us” or “our”) is committed to protecting your privacy. This Privacy Policy (the “Policy”) applies to information obtained by FluentPro when you visit or use a FluentPro owned or operated website (including www.FluentPro.com, the “Sites”). This Policy also describes how we may share information we obtain about you, your choices regarding our use of your information, the ways in which we safeguard such information, and how you may contact us regarding our privacy practices. Such information may include personally identifiable information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, or phone number (“Personal Information”). Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.

In addition to obtaining information from the visitors to and commercial users of the Sites, FluentPro obtains, processes and hosts personal information through its commercial hosted or cloud platforms and software applications (collectively, “Services”) provided to its business customers who subscribe to such services pursuant to a Master Services Agreement, Subscription Agreement or other contracts with us (“Subscribers”). When providing Services, FluentPro is a “data processor” or “sub-processor” and only processes personal information on behalf of and in accordance with the instructions of its Subscribers, which are “data controllers” and/or “data processors,” depending on the context. Many of our Services contain automated processes and workflows and other software that generally allow Subscribers to control how they process the data they choose to input into Services and we do not typically control these processes or store such data on our servers other than as may be necessary to provide Services. The agreements between FluentPro and its Subscribers define specific roles and responsibilities of the parties for the processing of data in the context of Services.

Information We Collect

Information You Provide to Us

We collect information you provide directly to us. The types of information we collect may include Personal Information. For example, we collect information when you complete our online forms or if you register and create a profile on the Sites.

We also collect information when we process Subscriber’s data which may contain Personal Information of various individuals under direction of our Subscribers to provide Services to such Subscribers. In providing Services, we have no direct relationship with the individuals (“End Users”) whose Personal Information is included in the data we process for Subscribers and typically do not control how data is processed. End Users may transmit or make available their Personal Information to our Subscribers in a number of different contexts, such as Subscribers’ employees, customers, potential customers or in some other capacity. If you are an individual whose Personal Information was collected by a Subscriber using our Services (such as End User of a Service or an employee of a Subscriber whose data we process) and would like to correct your Personal Information, please contact that Subscriber directly.

Information We Collect Automatically  

In addition to the information you submit to us, we and our service providers and sub-contractors automatically collect certain information about your use of the Sites. This information may include unique device identifiers, Internet Protocol (“IP”) addresses, browser characteristics, language preferences, operating system details, referring URLs, length of visits, and pages viewed. We may use tools such as cookies, web beacons, embedded scripts, web server logs, or other similar technologies to collect details about the services and devices you use to access the Sites.

Cookies. A cookie is a unique identifier that is placed and stored on a computer when it is used to visit a website. Cookies may be used for various purposes, including to track user preferences or web pages visited while using a website, to identify the number of unique visitors to a website, and to verify whether or not a visitor is a repeat visitor.

Web Beacons. (“Tracking Pixels”) Web beacons are small graphic images, also known as “Internet tags” or “clear gifs” that may be embedded in web pages and email messages. Web beacons may be used to monitor the number of visitors to a website, to track how users navigate a website, or to count how many emails were actually opened or specific pages or links were actually viewed.

Embedded Scripts. An embedded script is programming code designed to collect information about a user’s interactions with a website. Typically, the script is temporarily downloaded onto a computer from the host website’s server (or the server of a third-party service provider), and is active only while the visitor is connected to the website, then deleted or deactivated thereafter.

Data Analytics

The Sites may use third-party web analytics services, such as Google Analytics, to help us analyze how visitors use the Sites. These services track information about visitors including IP addresses, browser types, referring pages, pages visited, and time spent on particular pages, which we use to improve our products and tailor the user experience on our Sites. To learn more about how Google may use information collected through the Sites, click here. For information on how to opt out of data collection through Google Analytics, click here.

Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, the Sites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you may wish to visit http://www.allaboutdnt.com/.

Third parties may collect personally identifiable information about your online activities over time and across different websites when you visit the Sites.

How We Use Your Information

We may use information we obtain through the Sites for a number of purposes, including:

  • To improve the Sites and to personalize our visitors’ experiences on the Sites;
  • To respond to emails or other requests, comments, or questions;
  • To provide customer support;
  • To provide you with information that we believe may be useful to you, such as information about products or services we offer;
  • To comply with applicable laws, regulations, or legal process as well as industry standards and our company policies;
  • To prevent fraud or other misuse, including by protecting our rights and the rights of affiliates or related third parties;
  • To maintain records of our transactions and communications;
  • To monitor and analyze trends, usage, and activities of visitors to the Sites; or
  • For any other purpose, with your consent.

In addition, we may use the information we obtain about you in other ways for which we provide notice at the time of collection.

Our Services include migration, governance, administration and integration software platforms and applications which automate various business processes and are intended for business customers and not individuals. Depending on the specific Service, we process different types of data uploaded to our online platforms and hosted software applications by Subscribers. The exact data elements to be transferred and data retention are controlled and defined by each Subscriber or the owner of the domain associated with your email address if the Service is used by your organization, employer or the company which originally collected your data. Consequently, while we process the data the End Users originally transferred to our Subscriber that can include Personal Information about such End Users and/or employees and independent contractors of your organization, we cannot take responsibility for the information or content you transferred to the Subscriber. FluentPro has no direct relationship with the individuals whose Personal Information it processes as part of Subscriber’s Data. Each Subscriber is responsible for providing notice to its End Users, employees and third persons concerning the purpose for which a Subscriber collects their Personal Information and how this Personal Information is processed in or through the Service as part of Subscriber’s data.

Legal Basis for Processing (EEA only). If you are an individual from the EEA, our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect and use it. Generally, we will collect Personal Information from you where we need to provide Services to a Subscriber under an agreement with such Subscriber. If you have any questions about the legal basis on which we collect and use your Personal Information, please contact us at privacy@fluentpro.com.

How We Share Your Information

We may share the information we collect with our agents, vendors, sub-contractors, consultants, and other third parties performing services on our behalf, for example, to help us develop, operate, maintain, improve, and protect our products and services. These third parties may only use your information to carry out the services for which they have been engaged and in accordance with this Policy.

We may also disclose your information (1) if we reasonably believe that we are required to do so to comply with applicable law, regulation, or legal process (such as in response to a court order or subpoena); (2) to fulfill requests by government agencies, such as law enforcement authorities; (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity; or (4) to enforce our site policies, or protect ours or others’ rights, property, or safety.

We reserve the right to transfer any data we obtain through the Sites in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, reorganization, or liquidation).

We share information with third party companies working on our behalf for the purposes described in this Policy. We may transfer information to our vendors, service providers and partners who help us provide and maintain our Services, such as providing technical infrastructure services, providing servers for our email communications and customer service. Our vendors are contractually obligated to use your Personal Information only at our direction and in accordance with our Privacy Policy. Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent.

Data Storage and Processing

We currently use the Microsoft Azure infrastructure and Amazon AWS infrastructure to store, process, and transfer your information collected through the Sites and Services. You can read more about Microsoft data privacy here and Amazon data privacy here. We primarily store Personal Information about the visitors to and users of the Sites, End Users and our Subscribers in the United States, although for a few Services we also utilize data centers in Canada and within the EEA. Typically, the primary storage location is in the customer’s region in the United States, often with a backup to a data center in another region.

By providing your Personal Information to us or to a Subscriber who uses our Services, you consent to any transfer and processing in accordance with this Policy.

Data Retention

We will retain your Personal Information while you or a Subscriber to whom you transferred your Personal Information remain an active customer of ours and for as long as necessary to provide Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Since there are different data types in the context of different Services provided, the retention periods can vary. Providing and maintaining Services according to our Subscribers, complying with our subscription, data processing and other agreements, keeping our systems secure, maintaining relevant business and financial records serve as the baseline for most data retention periods.

Security

We are committed to protecting the security of your information. We maintain appropriate physical, electronic, and administrative safeguards designed to protect Personal Information that we obtain in accordance with this Policy from unauthorized access, disclosure or destruction. Although we use reasonable efforts to secure such information, transmission via the Internet is not completely secure, and we cannot guarantee the confidentiality of information transmitted to us over the Internet.

Your Site account is protected by your account password and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including only authorized access, role-based access control models, two-factor authentication for server access, encryption, firewalls and transport layer security technology.

Although we maintain physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Services, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. In the event of a data breach we will use commercially reasonable efforts to report to any and all relevant persons and authorities promptly following our discovery of the breach if it is apparent that Personal Information stored in an identifiable manner has been stolen or otherwise compromised.

Links to Other Websites

The Sites may contain hyperlinks to other websites or online locations for your convenience and information. Those linked websites may be operated by unaffiliated entities, such as our Subscribers, and may have their own privacy policies, statements or notices. This Policy does not apply to those websites, so please review the privacy policies posted on those sites to understand how they may collect and use your personal information. We are not responsible for the content or privacy practices of the websites that we do not control.

Social Features

The Sites may include features that are designed to permit interactions that you initiate between the Sites and third party websites or services, including third party social networks (“Social Features”). Examples of Social Features include enabling you to “like” or “share” our content on other websites or services; or to transmit content to our Sites from your account on a third-party website or service.

If you choose to use Social Features on the Sites, both FluentPro and the third-party website or services may have access to certain information about you and your use of both the Sites and the third-party site or service. In addition, we may receive information about you if other users of a third-party website allow us to access their profiles and you are one of their “connections,” or if information about you is otherwise accessible through those individuals’ profiles or pages on a social networking or other third party website or interactive service.

The information we collect in connection with Social Features is subject to this Policy. The information collected and stored by the third parties remains subject to those third parties’ privacy practices, including whether the third parties continue to share information with us, the types of information shared, and your choices with regard to what is visible to others on those third-party websites or services.

Children’s Privacy

The Sites are not intended for children, nor is it targeted to children under the age of thirteen. We do not knowingly collect personal information from children under the age of 13 through the Sites, and if we learn that we have received information from a visitor under the age of 13, we will delete such information in accordance with applicable law.

California Privacy Rights

California law permits customers in California to request certain details about how their information is shared with third parties and, in some cases, affiliates for direct marketing purposes. Under the law, a business must either provide this information or permit California customers to opt in to, or opt-out of, this type of sharing. We do not share personal information with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. California customers may request information about our compliance with this law by contacting us at privacy@fluentpro.com, or by postal mail at 1275 12th Ave NW, Suite 2 Issaquah, WA, 98027, U.S.A. Any such inquiry must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.

Any California residents under the age of eighteen (18) who have registered to use the Sites, and who have posted content or information on the Community Site, can request that such information be removed from the site by contacting us at info@fluentpro.com, stating that they personally posted such content or information and detailing where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal.

Information for Persons Outside the United States

We are based in the United States and the information we collect is governed by U.S. law. If you are visiting the Sites from outside the United States, please be aware that information we collect through the Sites will be transferred to, and processed in, the United States. By using the Sites, you acknowledge and consent to the transfer and processing of your Personal Information in the United States as described in this Policy. The data protection laws and regulations applicable to your Personal Information transferred to the United States may be different from the laws in your country of residence.

Your Choices

You may request that we update, correct, or delete your information collected through the Sites by emailing privacy@fluentpro.com. To help protect your privacy and security, we may take reasonable steps to verify your identity prior to honoring any such requests.

For the information collected by our Subscriber and processed by us as part of Services, your request should be addressed to such Subscriber.

Many web browsers provide options to allow you to stop accepting new cookies, or to disable existing cookies. Go to the HELP function of your browser to learn how. You can also go to www.aboutcookies.org for information about how to disable and control cookies on most browsers. Please be aware that if you disable the cookies on your computer you may not be able to use certain features of this Sites or other websites, and disabling cookies may invalidate opt outs that rely on cookies to function. Also, these options may not be effective in all cases, or may be effective with respect to one type of browser or service, but not another.

You may unsubscribe from receiving promotional emails from us by following the instructions provided in those email communications. Please note that even if you opt-out of receiving promotional communications from us, we may continue to send you non-promotional emails, such as emails concerning our ongoing business relationship with you.

English Language Controls

This policy is executed in English and may be translated into other languages. In the event of any conflict or discrepancy between the English language and a translated version, the English language version shall control to the fullest extent permitted by applicable law.

Changes to this Policy

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Policy. We encourage you to review this Policy whenever you visit the Sites to stay informed about our information practices.

Contact Us

To contact us regarding this Policy or with questions about our privacy practices, you may email us at privacy@fluentpro.com (please include “Privacy Inquiry” in the subject line of your email), call us at (855)FLUENT-8 or (855)358-3688, or send postal mail to:

FluentPro Software Corporation
Attn: ONLINE PRIVACY INQUIRY,
1275 12th Ave NW, Suite 2 Issaquah, WA, 98027, U.S.A.

Security Statement

At FluentPro, we take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

 

Physical Security

FluentPro’s information systems and technical infrastructure are hosted on the Microsoft Azure Cloud that provides robust physical datacenter security and environmental controls. The Microsoft Azure infrastructure is designed and managed to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.

Security controls provided by our Cloud provider facilities include, but are not limited to:

  • 24/7 physical security guard services;
  • Extensive physical entry restrictions to the building, facilities, and datacenter floor;
  • Biometric access with two-factor authentication;
  • Video camera monitoring, full body metal detection screening, and security scans;
  • Independent power, cooling, and networking for each availability zone within the Azure region.

Asset Management

All FluentPro-issued portable devices are equipped with full hard-disk encryption and have the proper protection mechanisms installed, such as password protection, biometric authentication, and up-to-date antivirus software.

 

Access Control

Our solutions do not have an embedded password management and support a single sign-on authentication with the Microsoft Office 365 / Azure Active Directory, which allows you to apply a password policy that is set in your organization. Our internal password policy has strong complexity, expiration, and lockout requirements. FluentPro grants access on a “need to know” basis of least privilege rules only after formal approval by the IT staff and management, reviews permissions quarterly, and revokes access immediately after employee termination.

 

Personnel

FluentPro conducts background screening at the time of hire (to the extent permitted by the applicable laws in the country of employment). In addition, FluentPro communicates its information security policies to all personnel (who must acknowledge this) and requires employees to sign non-disclosure agreements and provides ongoing privacy and security training.

 

Development

Our development team employs secure coding techniques and best practices of software development. Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, testing, and audit purposes prior to deployment into the production environment.

 

Encryption

All customer data in storage and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as the Transport Layer Security (TLS) protocol.

 

Vulnerability and Patch Management

FluentPro maintains a documented vulnerability and patch management program that is performed on all servers to protect systems from known vulnerabilities. The vulnerability scans and patch management are performed on a monthly basis. All servers owned or maintained by FluentPro are regularly updated with the latest security patches and updates to ensure the security of the FluentPro IT asset and the data that reside on the server.

 

Business Continuity Management

We employ various preventive measures to address information security aspects of disaster recovery and business continuity management. Our databases and virtual machines are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and are tested regularly to ensure availability. For all our storage accounts, we have geo-redundant storage (GRS) enabled, which maintains six copies of data and makes all data durable, even in the case of a complete regional outage or a disaster in which the primary region is not recoverable.

FluentPro and GDPR

Strong relationships with our customers and partners are essential. A critical part of these relationships is establishing trust and confidence, which is why privacy has always been a priority. With the General Data Protection Regulation (GDPR) that came into effect on May 25th, we would like to share an update on our work to comply with new regulations. We will provide an overview of the upcoming product and operational changes that expand our privacy framework.

What is GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on 25th May 2018. The regulation is based on many of the 1995 Directive’s requirements for data privacy and security but includes several new outlines to strengthen the rights of data subjects and add more severe penalties for violations. The full text of the GDPR can be found here.

Why is GDPR important?

GDPR affects any business that collects data in or from Europe, regardless of whether they’re based in Europe or not. GDPR requires businesses to give individuals greater visibility into and control over the data they provide to those businesses.

The aim of the GDPR is to modernize old privacy laws in order to ensure that the protection of personal data remains a fundamental right for EU citizens. Significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on organizations who fail to meet their obligations with respect to handling data under the GDPR.

 

How FluentPro prepared to GDPR

To prepare for GDPR, we have undertaken some research and changes, both small and large ones. You can read about those changes below.

Security

FluentPro continues to make data security our priority and below are some details on specific security measures related to GDPR that we have in place:

  • FluentPro services and data are hosted in SOC I-, SOC II – and ISO-accredited data centers
  • Access control (authentication and authorization, role-based access control models)
  • Single sign-on support
  • Two-factor authentication for server access
  • Strong data encryption in transit and at rest
  • Continuous network and security monitoring
  • Vulnerability management
  • Internal IT security (keycard access and biometrics, surveillance camera monitoring)
  • Information security aspects of Business Continuity Management (encrypted data backups, geo-redundant storage replication)

More details are available on our Security page.

Privacy basics

We have updated our Privacy Policy to account for GDPR provisions, make it more transparent and easy to navigate. It also reflects improvements we have made to our security framework.

We have also created a separate Cookie Policy that covers FluentPro’s use of internal and third-party cookies including general information about cookies, what cookies we use, how we use cookies and your choices regarding cookies.

Data retention

There are company-wide data retention policies that vary depending on data types and services provided to you.  Furthermore, we empower our customers to control the data they share through their account. As long as your account is active, you have full control over the specific types of data that you store or transfer through our services. On our side, we will retain your data while you or your company remains an active client and this data is necessary to provide you with our services and fulfill the purposes outlined in our privacy policy and Master Service Agreement. We can also delete your information upon your request.

Vendor audit

We have reviewed all our vendors to ensure they are adhering to GDPR and signed Data Processing Agreements with them.

Data Processing Agreement

We understand that our customers, and in particular, our European customers, will require that, where FluentPro is a processor of EU personal data, we execute additional terms that meet GDPR obligations with respect to the processing of that EU personal data. We offer our customers our standard Data Processing Agreement, governing the relationship between the customer (acting as a data controller) and FluentPro (acting as a data processor). The agreement shares our privacy commitments and sets out the terms for FluentPro and our customers to meet GDPR requirements. Please download our standard Data Processing Agreement for your review. We sign the agreement with all our customers upon request. Please contact us at privacy@fluentpro.com to request executable version of our standard Data Processing Agreement. 

The FluentPro DPA is an extension of our Master Service Agreement and reflects our compliance with GDPR requirements as applicable to our products and services. Just as with our standard Master Service Agreement, we’re unable to make any changes to our DPA on a customer-by-customer basis. 

International data center

We are aware that part of our customers with EU users or EU affiliates would prefer that their data be hosted in the EU. Currently we have EU data center for some of our products and are planning to offer European data storage solutions for all our products in the future. We will be providing updates on exact timing and data storage solutions as this progresses.

On premise software option

If your organization has strict security compliance guidelines that require hosting data behind your own corporate firewall, you can choose our option for on-premise software installation under certain customer plans and packages. On-premise software resides on a dedicated server that is maintained by your organization and puts control over your data in your hands.

Ongoing process changes

We are continuously working to improve our processes related to customer support, products development, and customer data protection. Much of this will be in the format of internal documentation, training and processes as required by GDPR.

Discover what we can do
for your organization