This Security Policy is incorporated into and made a part of the written agreement between Fluincy and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Security Policy, this Security Policy shall govern.
Risk Management
Until Fluincy obtains its SOC 2 Type II audit, Fluincy will adopt or maintain a substantially equivalent, industry-recognized framework. Fluincy is not obligated to conduct security reviews or assessments through any platform (including customer or third party platforms).
Access Controls
Authentication
Overview: Fluincy requires authentication for access to all application pages on the Service, except for those intended to be public.
Secure Communication of Credentials: Fluincy currently uses encrypted requests to transmit authentication credentials to the Service.
Auth0 and Google Social Login:
In our commitment to maintain the highest level of privacy and security for our users, we utilize Auth0 as our identity provider to facilitate a seamless and secure login process. As part of this process, we offer the option to sign in using Google Social Login, leveraging Google user data to enhance your user experience. You access this by going through the sign in process at https://dashboard.getfluincy.com and clicking Sign In
Google Data Access and Usage
When you choose to log in using your Google account, we request access to specific information from your Google profile to authenticate you and provide a personalized experience on our platform. We strictly access and use this information in accordance with this privacy policy and Google's privacy standards.
The scope of the data access includes:
Email Address: We access your primary Google Account email address. This information is used to create or associate your user account on our platform, verify your identity, and facilitate communication with you regarding your account and our services.
Profile Information: We access your personal information, including any details you have made publicly available, such as your name and profile picture. This data helps us to personalize your experience on our platform.
Purpose and Consent
By choosing to log in with Google, you consent to allow us to access and use your Google user data as specified above. The purpose of accessing this information is to ensure a secure login process, improve your user experience by personalizing our services, and communicate with you effectively about your account and our services.
Data Privacy and Security
We take your privacy and data security seriously. We implement robust security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Your data is only used as outlined in this privacy policy and in accordance with our data protection practices.
Data Sharing
We do not share your Google user data with third parties without your explicit consent, except as necessary to provide our services or as required by law.
Data Retention
We retain your Google user data only for as long as necessary to provide our services to you, comply with our legal obligations, resolve disputes, and enforce our agreements.
Your Rights
You have the right to access, correct, or delete your personal information held by us. You can manage your data through your account settings or by contacting us directly. Additionally, you can revoke our access to your data via Google's security settings at any time.
Google Drive Data (Optional)
Optional Use of Google Drive API: Our application offers enhanced features and functionality through the integration of the Google Drive API. However, it is important to note that connecting with Google Data is entirely optional and not necessary for the core functionality of our application.
Access (If Opted-In): Should you choose to enable this feature, our application will request permission to access your Google Drive account. This includes the ability to view files and folders within your Drive, which is necessary for the application to perform the additional functions related to Google Data.
Use of Google Data (If Opted-In): If you grant access, the data from your Google Drive will be used solely for the purposes of enabling specific features within our application. This includes tasks such as reading file metadata and analyzing Google Meet transcripts automatically created in Google Drive. Rest assured, we do not access or use any data beyond what is required for these functions.
No Mandatory Storage or Sharing: Our application does not store your Google data on our own servers. All data used is processed in real-time within the Google Drive environment, and we do not maintain a copy of your data outside of Google Drive. Furthermore, we do not share any Google user data with third parties or external services, unless explicitly authorized by you.
Security and Privacy Commitment: We are committed to safeguarding your data's privacy and security, adhering to industry-standard security measures. However, please be aware that we cannot completely guarantee the security of data transmitted over the internet or stored within Google Drive.
User Consent and Agreement: By opting to connect your Google Drive account with our application, you acknowledge and agree to the access, use, storage, and sharing practices described herein.Additional Information: For details on how Google handles user data, please refer to Google's Privacy Policy. Our use and transfer of information received from Google APIs to other apps adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Zoom Data (Optional)
Our application integrates with the Zoom API to provide certain features and functionality to our users. In order to deliver these services, our application requires access to and use of Zoom user data, specifically data associated with Zoom meetings and recordings.
Access: Our application will request permission to access your Zoom account, including the ability to view your recorded meetings and associated data. This access is necessary for our application to perform the intended functions and provide the requested services.
Use: The data accessed from your Zoom account will only be used for the purposes of enabling specific features and functionality within our application. This may include, but is not limited to, transcript reading and analyzing Zoom meeting recordings that are stored within your Zoom account. We do not use or access any data outside the scope of our application's functionality.
Storage: Our application does not store or retain any Zoom user data on our own servers or systems. All data accessed and used by our application is processed in real-time and directly within the Zoom environment. We do not maintain a separate copy of your data outside of Zoom.
Sharing: Our application does not share any Zoom user data with third parties or external services. We do not transfer, sell, or disclose any user data accessed from Zoom to any external entities unless explicitly authorized and initiated by the user for the purpose of integrations with other services.
We are committed to safeguarding the privacy and security of your data. We adhere to industry-standard security measures to protect against unauthorized access, loss, or alteration of data. However, please note that the security of data transmitted over the internet or stored within Zoom cannot be guaranteed completely.
By using our application and granting access to your Zoom account, you acknowledge and agree to the access, use, storage, and sharing practices described in this privacy policy. For more information about how Zoom handles user data, please refer to Zoom's Privacy Policy.
Password Management
Fluincy has processes designed to enforce minimum password requirements for the Service.
Password Storage. User account passwords are not stored on the Service.
Session Management
Overview
Each time a User signs in, the Service assigns them a new, unique session identifier.
Session Timeout. All sessions are designed to have a hard timeout.
Sign Out
When signing out, the Service is designed to delete the session cookie from the User’s system and to invalidate the session identifier on Fluincy servers.
Network and Transmission Controls
Fluincy monitors and updates its communication technologies periodically with the goal of providing network security.
Network Security
Fluincy regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
Infrastructure Security
Fluincy uses security monitoring tools on the production servers hosting the Service.
Data Flow via the Paragon Integration Platform as a Service (iPaaS)
Usage of Paragon iPaaS: When utilizing our services, data may flow through or be processed by the Paragon Integration Platform as a Service ("Paragon iPaaS"). Paragon iPaaS is a third-party service that we utilize for seamless integration and data exchange among various platforms and systems.
Data Security: While data is being transmitted or processed through the Paragon iPaaS, we will take all reasonable precautions to ensure its security and confidentiality. This includes the application of security protocols and standards recommended by Paragon and additional measures that we deem necessary.
Data Retention: Data transmitted through the Paragon iPaaS will not be stored longer than necessary for the intended purpose. We will adhere to our established data retention policies and practices, which are designed to protect user information and comply with applicable laws and regulations.
Third-party Responsibilities: While we strive to ensure the safety and security of your data, it's essential to understand that Paragon iPaaS is a third-party service. As such, while we select only reputable services, we cannot assume liability for any breaches or data losses that occur solely within their infrastructure. We recommend users review Paragon's own terms of service and privacy policies to understand their data handling practices.
Data Transfer: Users acknowledge that data processed by Paragon iPaaS may flow through various servers and data centers, possibly spanning multiple jurisdictions. We assure users that we endeavor to select infrastructure that adheres to globally recognized standards and regulations concerning data protection.
Notification: In the unlikely event of a breach or vulnerability being detected in relation to data flow through Paragon iPaaS, we will notify affected users as required by applicable laws and take all reasonable steps to mitigate any potential harm.
Use of OpenAI and Anthropic APIs for Data Processing
To enhance the quality of our services, Fluincy integrates advanced AI capabilities using either the OpenAI or Anthropic API. This section explains our approach to processing customer-provided data through these APIs, ensuring data privacy and security while delivering valuable insights.
Purpose of Data Processing
Both the OpenAI and Anthropic APIs are utilized to improve Fluincy’s capacity to interpret and extract relevant insights from customer-provided transcripts. These AI tools allow us to efficiently analyze conversational data, identify key topics, and capture contextual information, enabling us to tailor our services to your specific needs.
Nature of the Data Processed
Fluincy processes textual data from transcripts or other similar customer communications through either the OpenAI or Anthropic API. This data is used solely to extract pertinent information and insights that support your interactions with our platform.
Data Confidentiality and Security
We place the highest priority on data confidentiality and employ stringent security measures for any data processed through the OpenAI or Anthropic APIs. Access is controlled and monitored, with usage limited strictly to the purposes outlined here. We do not retain, store, or use your data beyond what is necessary to achieve these objectives.
Compliance with Data Protection Laws
Our application of either the OpenAI or Anthropic API is compliant with applicable data protection laws and regulations. Fluincy is committed to maintaining rigorous privacy standards and ensuring all data processing practices adhere to both legal and ethical frameworks.
Customer Consent
By using our services and providing transcripts, you consent to the processing of this data through either the OpenAI or Anthropic API under the terms described in this policy. Customers retain the right to withdraw consent at any time, as outlined in our general privacy policy.
Policy Updates
To reflect advancements in technology or changes in data privacy standards, we may amend this section to update our data processing practices. Any substantial modifications impacting data processing will be communicated to customers.
Data Retention, Removal, and Storage Policy for Slack Integration
Data Retention
Fluincy only transmits data to Slack and does not receive any data from Slack. We do not retain any data related to our users’ Slack workspace, ensuring that no Slack-related information is stored within our systems. The data sent to Slack is ephemeral and is used solely for the purpose of facilitating communication between Fluincy and Slack.
Data Removal
Since Fluincy does not store any data related to Slack, there is no data to be removed from our systems. However, any data shared via Slack is subject to Slack’s own data retention policies. We encourage users to review Slack’s privacy and data retention policies for information on how Slack manages and deletes data.
Data Storage
As Fluincy does not store any Slack data, there are no storage considerations required within our systems for data originating from Slack. All interactions with Slack are conducted in real-time and are not persisted within Fluincy’s infrastructure.
Any request regarding Slack data can be sent to support@getfluincy.com
Data Subject Access Rights
At Fluincy, we recognize and respect your data protection rights. Depending on where you reside, you may have the following rights:
Right to Access: You have the right to request details about the specific data we hold about you and how we process it.
Right to Rectification: If you believe that personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Right to Erasure (‘Right to be Forgotten’): In certain circumstances, you can request the deletion of your personal data from our records.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly-used, and machine-readable format, and you have the right to transmit that data to another data controller.
Right to Object: In specific situations, you have the right to object to the processing of your personal data.
Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain scenarios, e.g., if you want us to establish its accuracy or the reason for processing it.
Right to Withdraw Consent: If we're processing your personal data based on your consent, you have the right to withdraw that consent at any time.
If you wish to exercise any of these rights or have questions about them, please contact us using the contact details provided in this policy. We're committed to responding to your requests in a timely manner.
Please note that these rights may be limited, for instance, where fulfilling your request would adversely affect the rights and freedoms of others, where there are overriding public interest reasons, or if we're legally required to retain your data.
Data Confidentiality and Job Controls
Internal Access to Data
Access to Customer Data is restricted within Fluincy to employees and contractors who have a need to know this information to perform their job function, for example, to provide Support, to maintain infrastructure, or for product enhancements (for instance, to understand how an engineering change affects a group of customers).
Job Controls
Fluincy has implemented several employee job controls designed to help protect Customer Data stored on the Service.
Availability Controls
Disaster Recovery
The infrastructure for the Service is designed to minimize service interruption due to hardware failure, natural disaster, or other catastrophes.
Features include:
Data replication: To help ensure availability in the event of a disaster, Fluincy replicates Customer Data across multiple data centers.
Backups: Fluincy performs backups of Customer Data stored on the Service.
Incident Response
Fluincy has an Incident Response Plan designed to promptly and systematically respond to security and availability incidents that may arise. The incident response plan is tested and refined on a regular basis.
Segregation Controls
Data SegregationThe Service is designed to logically separate Customer’s Customer Data from that of other customers. Fluincy’s application logic is designed to enforce this segmentation by permitting each User access only to accounts to which that User has been granted access.
User Roles
User roles specify different levels of permissions that Customer can use to manage its Users. Customer can invite Users to its Service account without giving all Users the same levels of permissions.