Privacy Policy

September 11, 2024

Transparent Image

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Introduction

Welcome to the flozy Privacy Policy.

flozy is a software platform that has been specifically designed to assist agencies, consultants, and coaches to manage their businesses efficiently. We recognize the importance of protecting the privacy and personal information of our clients and are committed to ensuring that your data is handled with the utmost care and attention.

Our privacy policy outlines the measures we take to safeguard your data and how we use it to provide you with the best possible service. We are committed to transparency, and this policy is designed to inform you of our practices and how they affect you.

Thank you for choosing flozy. We look forward to serving you and your business.

‍

Privacy Policy

Last Updated and Effective Date: September 11, 2024

Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Security Policy

  1. Purpose, Scope, and Organization What is this document, why does it exist, what does it cover, and who is in charge of it?

‍

This policy outlines the behavioral, process, technical, and governance controls related to security at Flozy that all personnel must implement to ensure the confidentiality, integrity, and availability of the Flozy service and data ("Policy"). All personnel are required to be familiar with and adhere to the guidelines and procedures described below.This Policy specifies security requirements for:

  • All Flozy employees, contractors, consultants, and any third parties providing services to Flozy ("personnel"),
  • Management of systems, both hardware and software, regardless of location, that are used to create, maintain, store, access, process, or transmit information on behalf of Flozy. This includes systems owned by Flozy, systems connected to any network controlled by Flozy, or those used in the service of Flozy’s business, including third-party service providers,
  • Circumstances where Flozy has a legal, contractual, or fiduciary duty to protect data or resources in its custody.

In cases of conflict, the more restrictive measures apply.

1.1. Governance and Evolution This Policy was developed in close collaboration with and approved by Flozy executives. It is reviewed and updated annually to ensure it remains clear, covers all necessary areas, protects customer and personnel interests, and aligns with the evolving security landscape and industry best practices.

1.2. Security Team The Flozy security team is responsible for implementing this Policy, including:

  • Procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources,
  • All aspects of service development and operation concerning security, privacy, access, reliability, and survivability,
  • Ongoing risk assessment, vulnerability management, incident response,
  • Security-related human resources controls and personnel training.

1.3. Risk Management Framework The security team maintains a Risk Management Framework based on NIST SP 800-39 - "Managing Information Security Risk: Organization, Mission, and System View" and NIST SP 800-30 - "Guide for Conducting Risk Assessments". These assessments help prioritize improvements to Flozy's security posture, which may include updates to this Policy itself.The Risk Management Framework includes:

  • Identification of relevant, potential threats,
  • A scheme for assessing the strength of implemented controls,
  • A scheme for assessing current risks and evaluating their severity,
  • A scheme for responding to risks.
  1. Personnel and Office Environment What are Flozy’s expectations of its personnel and the workplace regarding systems and data?

‍

Flozy is dedicated to protecting its customers, personnel, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly, within its established employment culture of openness, trust, maturity, and integrity.This section outlines expected personnel behaviors affecting security and the acceptable use of computer systems at Flozy. These rules are in place to protect both personnel and Flozy itself, as inappropriate use may expose customers and partners to risks such as malware, viruses, compromise of networked systems and services, and legal issues.

2.1. Work Behaviors The first line of defense in data security is the informed behavior of personnel, who play a significant role in ensuring the security of all data, regardless of format. Such behaviors include those listed in this section as well as any additional requirements specified in the employee handbook, specific security processes, and other applicable codes of conduct.

‍Training All employees and contractors must complete the Flozy security awareness and data handling training programs at least annually.

‍Unrecognized Persons and Visitors It is the responsibility of all personnel to maintain physical security. Challenge any unrecognized person present in a restricted office location. Any challenged person who does not respond appropriately should be immediately reported to supervisory staff and the security team. All visitors to Flozy offices must be registered or accompanied by a Flozy employee.

‍Clean Desk Personnel should keep workspaces clear of sensitive or confidential material and ensure such materials are secured at the end of each workday.

‍Unattended Devices Unattended devices must be locked. All devices will have an automatic screen lock function set to activate after no more than fifteen minutes of inactivity.

‍Use of Corporate Assets Systems are to be used for business purposes to serve the interests of the company, and of our clients and partners in the course of normal business operations. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use of systems. Only Flozy-managed hardware and software is permitted to be connected to or installed on corporate equipment or networks and used to access Flozy data. Flozy-managed hardware and software include those either owned by Flozy or owned by Flozy personnel but enrolled in a Flozy device management system. Only software approved for corporate use by Flozy may be installed on corporate equipment. All personnel must read and understand the list of prohibited activities outlined in this Policy. Modifications or configuration changes are not permitted without explicit written consent by the Flozy security team.

‍Removable Storage, No Backups, Use of Cloud Storage Use of removable media such as USB drives is prohibited. Personnel may not configure work devices to make backups or copies of data outside corporate policies. Instead, personnel are expected to operate primarily "in the cloud" and treat local storage on computing devices as ephemeral. Flozy data must be saved to company-approved secure cloud storage (e.g., Google Docs) to ensure that even in the event of a corporate device being lost, stolen, or damaged, such artifacts will be immediately recoverable on a replacement device.

Prohibited Activities The following activities are prohibited. Under certain conditions and with the explicit written consent of the security team, personnel may be exempted from certain of these restrictions during the course of their legitimate job responsibilities (e.g., planned penetration testing, systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).The list below is by no means exhaustive, but attempts to provide a framework for activities which fall into the category of unacceptable use.

  • Under no circumstances are personnel of Flozy authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing Flozy-owned resources.
  • Violations of the rights of any person or company protected by copyright, trade secret, patent, or other intellectual property, or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Flozy.
  • Violating or attempting to violate the terms of use or license agreement of any software product used by Flozy is strictly prohibited.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Flozy or the end user does not have an active license is strictly prohibited.
  • Exporting software, technical information, encryption software, or technology may result in a violation of international or regional export control laws. The appropriate management should be consulted prior to export of any material that is in question.
  • Revealing your account password to others or allowing use of your account by others. This includes colleagues, as well as family and other household members when work is being done at home.
  • Making fraudulent offers of products, items, or services originating from any Flozy account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties and then only to the extent the warranties are consistent with Flozy’s authorized warranties.
  • Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious or unlawful purposes.
  • Except by or under the direct supervision of the security team, port scanning or security scanning, or other such software designed to exploit or find computer, software, or network vulnerabilities.
  • Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.
  • Circumventing user authentication or security of any host, network, or account or attempting to break into an information resource or to bypass a security feature. This includes running password-cracking programs or sniffer programs, and attempting to circumvent file or other resource permissions.
  • Attempting to interfere with or deny service to any other user.
  • Providing information about, or lists of, Flozy personnel to parties outside Flozy.
  • Installation of software which installs or includes any form of malware, spyware, or adware as defined by the security team.
  • Crashing an information system. Deliberately crashing an information system is strictly prohibited. Users may not realize that they caused a system crash, but if it is shown that the crash occurred as a result of user action, a repetition of the action by that user may be viewed as a deliberate act.
  • Attempts to subvert technologies used to effect system configuration of company-managed devices (e.g., MDM) or personal devices voluntarily used for company purposes (e.g., mobile Work Profiles).

2.2. Personnel Systems Configuration, Ownership, and Privacy Centralized System Configuration Personnel devices and their software configuration are managed remotely by members of the security team via configuration-enforcement technology, also known as MDM software. Such technology may be used for purposes including auditing/installing/removing software applications or system services, managing network configuration, enforcing password policy, encrypting disks, remote wipe & recovery, copying data files to/from employee devices, and any other allowed interaction to ensure that employee devices comply with this Policy.

‍Data and Device Encryption All devices must use modern full disk encryption to protect data in the event of a lost device. An example of valid full disk encryption is Apple FileVault 2 using XTS-AES-128 encryption with a 256-bit key. This is enforced using MDM software.

‍Device Heartbeat and Remote Wipe Devices must support the ability to report their status and be remotely wiped. This is enforced using MDM software.

‍Prevent Removable Storage Devices must prevent usage of removable storage. This is enforced using MDM software.Endpoint/Antivirus/Antimalware ProtectionDevices must automatically install and configure the Flozy provided antivirus software for endpoint protection. Configured software will report status and potential threats, allowing for remote administration and reporting by the security team. This is enforced using MDM software.

‍Retention of Ownership All software programs, data, and documentation generated or provided by personnel while providing services to Flozy or for the benefit of Flozy are the property of Flozy unless otherwise covered by a contractual agreement.

‍Personnel Privacy While Flozy’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of Flozy. Due to the need to protect Flozy’s network, management does not intend to guarantee the privacy of personnel’s personal information stored on any network device belonging to Flozy. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use such as general web browsing or personal email. If there is any uncertainty, personnel should consult the security team or their manager.Personnel should structure all electronic communication with recognition of the fact that the content could be monitored and that any electronic communication could be forwarded, intercepted, printed, or stored by others.Flozy reserves the right, at its discretion, to review personnel’s files or electronic communications to the extent necessary to ensure all electronic media and services are used in compliance with all applicable laws and regulations as well as corporate policies.Flozy reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. For security and network maintenance purposes, authorized individuals within Flozy may monitor equipment, systems, and network traffic at any time.

2.3. Human Resources PracticesBackground Checks Background checks are conducted for personnel with access to production infrastructure prior to their start date. The consequences of problematic background check results may range from a limitation of security privileges, to revocation of employment offer, to termination.

‍Training The security team maintains a company-wide security awareness program delivered to all personnel at least annually. The program covers security awareness, policies, processes, and training to ensure that personnel are sufficiently informed to meet their obligations. Those most responsible for maintaining security at Flozy, including the security team itself as well as key engineering/operations staff, undergo more technical continuing education.

‍Separation In the case of personnel termination or resignation, the security team coordinates with human resources to implement a standardized separation process to ensure that all accounts, credentials, and access of outgoing employees are reliably disabled.

2.4. Physical Office Environment Access to Flozy offices is mediated by a staffed front office and programmable door control access. All doors shall remain locked or staffed under normal business conditions. The security team may provide approval to unlock doors for short periods of time in order to accommodate extenuating physical access needs.Internet-based security cameras are positioned to record time-stamped video of ingress/egress, which are stored off-site.

2.5. Office Network Internet access shall be provided to devices via wired ethernet and WPA2 wifi. Networking switches and routers shall be placed in a locked networking closet with only the security team having access. Flozy executives and the security team may grant access to the networking closet to individuals on a case-by-case and as-needed basis. A network firewall that blocks all WAN-sourced traffic shall be put in place. WAN-accessible network services shall not be hosted within the office environment.

  1. Personnel Identity and Access Management How does Flozy define, control, and maintain user identity and permissions for personnel?

‍

3.1. User Accounts and Authentication Each individual having access to any Flozy-controlled system does so via a G Suite user account denoting their system identity. Such user accounts are required to have a unique username, a unique strong password of at least 8 characters, and a two-factor authentication (2FA) mechanism.

‍Logging into Flozy Systems Logins by personnel may originate only from Flozy-managed devices. Authentication is performed by Google’s account management system, details of which can be found at https://gsuite.google.com/security. Flozy leverages G Suite’s facilities of detecting malicious authentication attempts. Repeated failed attempts to authenticate may result in the offending user account being locked or revoked.

‍Logging into Third Party Systems Whenever available, third-party systems must be configured to delegate authentication to Flozy’s G Suite account authentication system (described above) thereby consolidating authentication controls into a single user account system that is centrally managed by the security team.When authentication to G Suite is not available, unique strong passwords must be created and stored in the Flozy approved password management system. Passwords must be paired with two-factor/MFA authentication.

‍Revocation and Auditing of User Accounts User accounts are revoked (that is, disabled but not deleted) immediately upon personnel separation. As a further precaution, all user accounts are audited at least quarterly, and any inactive user accounts are revoked.

3.2. Access Management Flozy adheres to the principle of least privilege, and every action attempted by a user account is subject to access control checks.

Role-based Access Control Flozy employs a role-based access control (RBAC) model utilizing Google-supplied facilities such as organizational units, user accounts, user groups, and sharing controls.

Web Browsers and Extensions Flozy may require use of a specified web browser(s) for normal business use and for access to corporate data such as email. For certain specified roles such as software development and web design, job activities beyond those mentioned above necessitate the use of a variety of browsers, and these roles may do so as needed for those activities.

Any browser that is allowed to access corporate data such as email is subject to a whitelist-based restriction on which browser extensions can be installed.

Administrative Access Access to administrative operations is strictly limited to security team members and further restricted still as a function of tenure and the principle of least privilege.

Regular Review Access control policies are reviewed regularly with the goal of reducing or refining access whenever possible. Changes in job function by personnel trigger an access review as well.

3.3. Termination Upon termination of personnel, whether voluntary or involuntary, the security team will follow Flozy’s personnel exit procedure, which includes revocation of the associated user account and reclamation of company-owned devices, office keys or access cards, and all other corporate equipment and property prior to the final day of employment.

  1. Provenance of Technology How does Flozy build, adopt, configure, and maintain technology to fulfill its security intentions?

‍

4.1. Software Development Flozy stores source code and configuration files in private GitHub repositories. The security and development teams conduct code reviews and execute a static code analysis tool on every code commit. Reviewers shall check for compliance with Flozy’s conventions and style, potential bugs, potential performance issues, and that the commit is bound to only its intended purpose.

Security reviews shall be conducted on every code commit to security-sensitive modules. Such modules include those that pertain directly to authentication, authorization, access control, auditing, and encryption.

All major pieces of incorporated open source software libraries and tools shall be reviewed for robustness, stability, performance, security, and maintainability.

The security and development teams shall establish and adhere to a formal software release process.

Sensitive data which does not need to be decrypted (e.g. passwords) is salted and hashed using approved functions such as Bcrypt.

Sensitive data which must be decrypted (e.g. tokens) must use an approved encryption provider for HSM functions, such as KMS.

4.2. Configuration and Change Management The Flozy security and development teams shall document the configuration of all adopted systems and services, whether hosted by Flozy or are third party hosted. Industry best practices and vendor-specific guidance shall be identified and incorporated into system configurations. All configurations shall be reviewed on at least an annual basis. Any changes to configurations must be approved by appointed individuals and documented in a timely fashion.

System configurations must address the following controls in a risk-based fashion and in accordance with the remainder of this policy:

  • data-at-rest protection encryption
  • data-in-transit protection of confidentiality, authenticity, and integrity for incoming and outgoing data
  • data and file integrity
  • malware detection and resolution
  • capturing event logs
  • authentication of administrative users
  • access control enforcement
  • removal or disabling of unnecessary software and configurations
  • allocation of sufficient hardware resources to support loads that are expected at least twelve months into the future.
  • production data is not used in development or test systems.

4.3. Third Party Services For every third-party service or sub-processor that Flozy adopts, the compliance team shall review the service and vendor, on an annual basis, to gain assurance that their security posture is consistent with Flozy’s for the type and sensitivity of data the service will store or access.

Flozy relies on Amazon Web Services to satisfy specific security controls related to the AWS data centers and AWS services. For more information on Physical and Environmental Security, as well as the Logical Access and Security controls for AWS services, please see the AWS Security White Paper: https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

  1. Data Classification and Processing How does Flozy manage data classifications and data processing?

‍

5.1. Data Classification Flozy maintains the following Data Confidentiality Levels:

  • Confidential - Information only available to specific roles within the organization. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Restricted - Access restricted to specific roles within the organization and authorized third parties. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Internal - Information is available to all employees and authorized third parties. Data must be encrypted at rest and in transit.
  • Public - Information is available to the public.Data Confidentiality is determined by:
  • The value of the information, based on impacts identified during the risk assessment process.
  • Sensitivity and criticality of the information, based on the highest risk calculated for each data item during the risk assessment.
  • Policy, legal, regulatory, and contractual obligations.Additionally, data may be separated into data type classifications to enforce processing rules for customer data. For each data class, the Flozy security and development teams may provision and dedicate specific information systems in Amazon Web Services to store and process data of that class, and only data of that class, unless otherwise explicitly stated. For all classes of customer data, data must be encrypted at rest and in transit. Corresponding systems may store and process data items needed to keep each customer’s data properly segmented, such as Flozy customer identifiers.

Customer User Account Data - This is data pertaining to login accounts for the www.flozy.com customer web interface, used by Flozy customer agents. User account credentials shall be hashed in such a manner that the plaintext passwords cannot be recovered.

‍Customer Contact Data - This is contact data about Flozy customers and customer agents.

‍Customer Preferences Data - This is data pertaining to the customer-specific preferences and configurations of the Flozy service made by customer agents.

‍Customer Recorded Data - This is data that the Flozy service collects during session recording.

‍Customer Event Transaction Metadata - This is metadata about transactions conducted on all other classes of customer data. This includes customer organization and user identifiers, standard syslog data pertaining to customer users, and instances of Customer Contact Data and Customer Preferences Data. This class does not include Customer Recorded Data.Customer Contact Data, Customer Preferences Data, and Customer Event Transaction Metadata may be stored and processed in systems hosted in environments other than Amazon Web Services, as approved by the security team.Resources must maintain accurate data classification tagging policies for their entire lifecycle, including during decommissioning or when removed from service temporarily.

5.2. Flozy Employee Access to Customer Data Flozy employees may access Customer Data only under the following conditions.

  • From managed devices.
  • For the purpose of incident response, or customer support.
  • For no longer than is needed to fulfill the purpose of access.
  • In an auditable manner.Customer Data is not used in development or test systems.Product usage metadata may be utilized for analytics, performance monitoring, and service/feature improvement.

5.3. Customer Access Flozy provides web user interfaces (UIs), application programming interfaces (APIs), and data export facilities to provide customers access to their data.

5.4. Google Workspace APIs Usage Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models. Flozy ensures that data processed via these APIs is strictly used for the intended service purposes outlined in this policy.

5.5. Exceptional Cases The security team in conjunction with executive management may approve emergency exceptions to any of the above rules, in response to security incidents, service outages, or significant changes to the Flozy operating environment, when it is deemed that such exceptions will benefit and protect the security and mission of Flozy, Flozy customers, and visitors of Flozy customers’ websites.

5.6. Data Encryption Flozy protects all data in transit with TLS 1.2 and all data at rest with AES-256 encryption from Amazon KMS. Cryptographic keys are assigned to specific roles based on least privilege access and keys are automatically rotated yearly. Usage of keys is monitored and logged.Resources must maintain data encryption at rest and in transit for their entire lifecycle, including during decommissioning or when removed from service temporarily.

5.7. Data Retention Each customer is responsible for the information they create, use, store, process and destroy.On expiration of services, customers may instruct Flozy to delete all customer data from Flozy’s systems in accordance with applicable law as soon as reasonably practicable, unless applicable law or regulations require otherwise.

5.8. Data Sanitization and Secure Disposal Flozy uses Amazon Web Services for all infrastructure. AWS provides the following guidance regarding their data lifecycle policies:Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

  1. Vulnerability and Incident Management How does Flozy detect, and respond to vulnerabilities and security incidents?

‍

6.1. Vulnerability Detection and Response The Flozy security and development teams shall use all of the following measures to detect vulnerabilities that may arise in Flozy’s information systems.

  • Cross-checking vulnerability databases with all systems and software packages that support critical Flozy services.
  • Automated source code scanners on every code commit.
  • Code reviews on every security-sensitive code commit.
  • Vulnerability scanning on Flozy services.
  • Maintain a bug bounty program.
  • Annual penetration testing with an independent provider.The Flozy security team shall evaluate the severity of every detected vulnerability in terms of the likelihood and potential impact of an exploit, and shall develop mitigation strategies and schedules accordingly. Suitable mitigations include complete remediation or implementing compensating controls.

6.2. Incident Detection and Response The Flozy security team maintains an internal Incident Response Policy which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem.

The Flozy security team shall use all of the following measures to detect security incidents.

  • Continuous monitoring of AWS network traffic and workloads for malicious or unauthorized activities.
  • Continuous monitoring of logs to detect potentially malicious or unauthorized activity.
  • Conduct reviews on the causes of any service outages.
  • Respond to notices of potential incidents from employees, contractors, or external parties.The Flozy security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.

In the event that a data breach affecting a customer has been detected, Flozy will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.

  1. Business Continuity and Disaster Recovery How will Flozy prevent and recover from events that could interfere with expected operations?

‍

7.1 Availability and Resiliency Flozy services shall be configured in such a manner so as to withstand long-term outages to individual servers, availability zones, and geographic regions. Flozy infrastructure and data is replicated in multiple geographic regions to ensure this level of availability. Flozy availability and status information can be found at status.flozy.com.

7.2 Disaster Recovery Flozy targets a Data Recovery Point Objective (RPO) of near-zero for at least 7 days, and up to 24 hours beyond 7 days.

Due to the distributed nature of Flozy services, Recovery Time Objectives (RTO) are near-zero for geographic disasters. RTO for systemic disasters involving data recovery is targeted at 6 hours.

Flozy tests backup and recovery processes on at least a monthly basis.

7.3 Business Continuity, Business Risk Assessment and Business Impact Analysis Flozy's risk assessment committee will include business risk assessment and business impact analysis for each Key Business System that is used by the organization. The outcome of ongoing risk assessments will update or create recovery plans for Key Business Systems and update prioritization of systems compared to other key systems.

Distribution, Relocation, and Remote Work Flozy prioritizes policies, tools, and equipment which enables independent, distributed remote work for all staff if emergencies or disasters strike. If the organization’s primary work site is unavailable, staff can work from home or an alternate work site shall be designated by management.

Notification and Communication Flozy has established internal communications using secure, distributed providers using industry standard security protocols. Staff and management will be notified via existing channels during any emergency event, or when any data recovery plan is initiated or deactivated.

‍

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to flozy Ltd, 7 Galena Road, London, England, W6 0LT.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: United Kingdom
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to flozy, accessible from https://flozy.com/
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Collecting and Using Your Personal Data

Types of Data Collected

Interpretation

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data
Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies on the Free Privacy Policy website article.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

  • Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

  • Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

‍

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

‍

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Sharing Data with Third-Party AI Platforms

In our commitment to enhancing our Service and providing you with innovative features, we may share certain user data with third-party artificial intelligence (AI) platforms, including OpenAI, and Google.

Data Shared with Third-Party AI Platforms

When sharing data with third-party AI platforms, we share non-personally identifiable information that includes, but is not limited to:

  • Usage Data: Information such as interaction with the Service, session durations, and engagement metrics.

Purpose of Data Sharing

The purpose of sharing data with third-party AI platforms is to:

  • Enhance Service Capabilities: Utilize advanced data analysis and machine learning techniques, including access to third-party large language models (LLMs), to enhance the capabilities of our Service.

Safeguards and Privacy Measures

We take the following measures to ensure the security and privacy of your data when shared with third-party AI platforms:

  • Data Minimization: We only share the data necessary to achieve the specific improvements or functionalities.
  • Anonymization: Where possible, data shared is anonymized to protect your identity.
  • Agreements: We enter into strict data protection agreements with third-party AI platforms, requiring them to adhere to privacy standards and confidentiality obligations that are compatible with this Privacy Policy.
  • Review and Auditing: Regular audits are conducted to ensure third-party AI platforms comply with our data sharing agreements and privacy standards.

Flozy Infinity AI Additional Terms

These Flozy Infinity AI Additional Terms (“Flozy Infinity AI Terms”) apply to your access and use of any Flozy Infinity AI feature(s), and form a part of the Terms Of Use or the Master Services Agreement, as applicable, between you and our Company (the “Agreement”).

Improving Flozy Infinity AI: Your access to or use of Flozy Infinity AI does not grant our Company any right or license to use or share your Customer Data in a manner that is inconsistent with the Agreement unless otherwise agreed to by you.

Flozy Infinity AI Use Restrictions: You may not use Flozy Infinity AI or any Output to develop data sets, foundation models, or other large-scale models that may compete with our Company or Flozy Infinity AI; to mislead any person or imply that Output from Flozy Infinity AI is unique or solely human-generated; to generate spam or misleading content; or in a manner that violates any law, regulation, or other terms, whether made available or communicated to you by us or any third party.

Third Party Policies: If you choose to use Flozy Infinity AI, you must comply with any applicable third-party policies, including but not limited to those of OpenAI and Google, as they relate to the use of their tools and services.

DISCLAIMER OF WARRANTIES: OUR COMPANY DOES NOT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF FLOZY INFINITY AI OR THE ACCURACY OF ANY OUTPUT OBTAINED THROUGH FLOZY INFINITY AI. YOU UNDERSTAND AND AGREE THAT ANY CONTENT OR OUTPUT OBTAINED THROUGH THE USE OF FLOZY INFINITY AI IS PROVIDED “AS-IS” AND OBTAINED AT YOUR SOLE RISK.

By using our Service and Flozy Infinity AI, you consent to the practices described in these terms.

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Privacy Policy

Last Updated and Effective Date: April 22, 2024

Contact Us

If you have any questions about this Privacy Policy, You can contact us: