This Security Policy is incorporated into and made a part of the written agreement between Fluincy and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Security Policy, this Security Policy shall govern.
Until Fluincy obtains its SOC 2 Type II audit, Fluincy will adopt or maintain a substantially equivalent, industry-recognized framework. Fluency is not obligated to conduct security reviews or assessments through any platform (including customer or third party platforms).
Overview: Fluincy requires authentication for access to all application pages on the Service, except for those intended to be public.
Secure Communication of Credentials: Fluincy currently uses encrypted requests to transmit authentication credentials to the Service.
Our application utilizes the Google Drive API to provide certain features and functionality to our users. In order to deliver these services, our application requires access to and use of Google user data, specifically data stored in Google Drive.
Access: Our application will request permission to access your Google Drive account, including the ability to view files and folders within your Drive. This access is necessary for our application to perform the intended functions and provide the requested services.
Use: The data accessed from your Google Drive account will only be used for the purposes of enabling specific features and functionality within our application. This may include, but is not limited to, file metadata reading, and document reading for the purposes of analyzing the Google Meet transcripts that are automatically created in Google Drive. We do not use or access any data outside the scope of our application's functionality.
Storage: Our application does not store or retain any Google user data on our own servers or systems. All data accessed and used by our application is processed in real-time and directly within the Google Drive environment. We do not maintain a separate copy of your data outside of Google Drive.
Sharing: Our application does not share any Google user data with third parties or external services. We do not transfer, sell, or disclose any user data accessed from Google Drive to any external entities, unless explicitly authorized and initiated by the user for the purpose of integrations with other services.
We are committed to safeguarding the privacy and security of your data. We adhere to industry-standard security measures to protect against unauthorized access, loss, or alteration of data. However, please note that the security of data transmitted over the internet or stored within Google Drive cannot be guaranteed completely.
Fluincy's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Our application integrates with the Zoom API to provide certain features and functionality to our users. In order to deliver these services, our application requires access to and use of Zoom user data, specifically data associated with Zoom meetings and recordings.
Access: Our application will request permission to access your Zoom account, including the ability to view your recorded meetings and associated data. This access is necessary for our application to perform the intended functions and provide the requested services.
Use: The data accessed from your Zoom account will only be used for the purposes of enabling specific features and functionality within our application. This may include, but is not limited to, transcript reading and analyzing Zoom meeting recordings that are stored within your Zoom account. We do not use or access any data outside the scope of our application's functionality.
Storage: Our application does not store or retain any Zoom user data on our own servers or systems. All data accessed and used by our application is processed in real-time and directly within the Zoom environment. We do not maintain a separate copy of your data outside of Zoom.
Sharing: Our application does not share any Zoom user data with third parties or external services. We do not transfer, sell, or disclose any user data accessed from Zoom to any external entities unless explicitly authorized and initiated by the user for the purpose of integrations with other services.
We are committed to safeguarding the privacy and security of your data. We adhere to industry-standard security measures to protect against unauthorized access, loss, or alteration of data. However, please note that the security of data transmitted over the internet or stored within Zoom cannot be guaranteed completely.
Fluincy has processes designed to enforce minimum password requirements for the Service.
Password Storage. User account passwords are not stored on the Service.
Each time a User signs in, the Service assigns them a new, unique session identifier.
Session Timeout. All sessions are designed to have a hard timeout.
When signing out, the Service is designed to delete the session cookie from the User’s system and to invalidate the session identifier on Fluincy servers.
Network and Transmission Controls
Fluincy monitors and updates its communication technologies periodically with the goal of providing network security.
Fluincy regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
Fluincy uses security monitoring tools on the production servers hosting the Service.
Data Flow via the Paragon Integration Platform as a Service (iPaaS)
Usage of Paragon iPaaS: When utilizing our services, data may flow through or be processed by the Paragon Integration Platform as a Service ("Paragon iPaaS"). Paragon iPaaS is a third-party service that we utilize for seamless integration and data exchange among various platforms and systems.
Data Security: While data is being transmitted or processed through the Paragon iPaaS, we will take all reasonable precautions to ensure its security and confidentiality. This includes the application of security protocols and standards recommended by Paragon and additional measures that we deem necessary.
Data Retention: Data transmitted through the Paragon iPaaS will not be stored longer than necessary for the intended purpose. We will adhere to our established data retention policies and practices, which are designed to protect user information and comply with applicable laws and regulations.
Third-party Responsibilities: While we strive to ensure the safety and security of your data, it's essential to understand that Paragon iPaaS is a third-party service. As such, while we select only reputable services, we cannot assume liability for any breaches or data losses that occur solely within their infrastructure. We recommend users review Paragon's own terms of service and privacy policies to understand their data handling practices.
Data Transfer: Users acknowledge that data processed by Paragon iPaaS may flow through various servers and data centers, possibly spanning multiple jurisdictions. We assure users that we endeavor to select infrastructure that adheres to globally recognized standards and regulations concerning data protection.
Notification: In the unlikely event of a breach or vulnerability being detected in relation to data flow through Paragon iPaaS, we will notify affected users as required by applicable laws and take all reasonable steps to mitigate any potential harm.
Data Subject Access Rights
At Fluincy, we recognize and respect your data protection rights. Depending on where you reside, you may have the following rights:
Right to Access: You have the right to request details about the specific data we hold about you and how we process it.
Right to Rectification: If you believe that personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Right to Erasure (‘Right to be Forgotten’): In certain circumstances, you can request the deletion of your personal data from our records.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly-used, and machine-readable format, and you have the right to transmit that data to another data controller.
Right to Object: In specific situations, you have the right to object to the processing of your personal data.
Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain scenarios, e.g., if you want us to establish its accuracy or the reason for processing it.
Right to Withdraw Consent: If we're processing your personal data based on your consent, you have the right to withdraw that consent at any time.
If you wish to exercise any of these rights or have questions about them, please contact us using the contact details provided in this policy. We're committed to responding to your requests in a timely manner.
Please note that these rights may be limited, for instance, where fulfilling your request would adversely affect the rights and freedoms of others, where there are overriding public interest reasons, or if we're legally required to retain your data.
Data Confidentiality and Job Controls
Internal Access to Data
Access to Customer Data is restricted within Fluincy to employees and contractors who have a need to know this information to perform their job function, for example, to provide Support, to maintain infrastructure, or for product enhancements (for instance, to understand how an engineering change affects a group of customers).
Fluincy has implemented several employee job controls designed to help protect Customer Data stored on the Service.
The infrastructure for the Service is designed to minimize service interruption due to hardware failure, natural disaster, or other catastrophes.
Data replication: To help ensure availability in the event of a disaster, Fluincy replicates Customer Data across multiple data centers.
Backups: Fluincy performs backups of Customer Data stored on the Service.
Fluincy has an Incident Response Plan designed to promptly and systematically respond to security and availability incidents that may arise. The incident response plan is tested and refined on a regular basis.
Data SegregationThe Service is designed to logically separate Customer’s Customer Data from that of other customers. Fluincy’s application logic is designed to enforce this segmentation by permitting each User access only to accounts to which that User has been granted access.
User roles specify different levels of permissions that Customer can use to manage its Users. Customer can invite Users to its Service account without giving all Users the same levels of permissions.