Privacy Policy

This Security Policy is incorporated into and made a part of the written agreement between Fluincy and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Security Policy, this Security Policy shall govern.

Risk Management

Until Fluincy obtains its SOC 2 Type II audit, Fluincy will adopt or maintain a substantially equivalent, industry-recognized framework. Fluency is not obligated to conduct security reviews or assessments through any platform (including customer or third party platforms).

Access Controls

Authentication

Overview. Fluincy requires authentication for access to all application pages on the Service, except for those intended to be public.

Secure Communication of Credentials. Fluincy currently uses encrypted requests to transmit authentication credentials to the Service.

Password Management.

Fluincy has processes designed to enforce minimum password requirements for the Service. 
Password Storage. User account passwords are not stored on the Service.

Session Management

Overview 

Each time a User signs in, the Service assigns them a new, unique session identifier.
Session Timeout. All sessions are designed to have a hard timeout. 

Sign Out 

When signing out, the Service is designed to delete the session cookie from the User’s system and to invalidate the session identifier on Fluincy servers.

Network and Transmission Controls

Fluncy monitors and updates its communication technologies periodically with the goal of providing network security.

Network Security

Fluincy regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.

Infrastructure Security

Fluincy uses  security monitoring tools on the production servers hosting the Service. 

Data Confidentiality and Job Controls

Internal Access to Data

Access to Customer Data is restricted within Fluincy to employees and contractors who have a need to know this information to perform their job function, for example, to provide Support, to maintain infrastructure, or for product enhancements (for instance, to understand how an engineering change affects a group of customers).

Job Controls

Fluincy has implemented several employee job controls designed to help protect Customer Data stored on the Service. 

Availability Controls

Disaster Recovery

The infrastructure for the Service is designed to minimize service interruption due to hardware failure, natural disaster, or other catastrophes.

Features include:
Data replication: To help ensure availability in the event of a disaster, Fluincy replicates Customer Data across multiple data centers.

Backups: Fluincy performs backups of Customer Data stored on the Service.

Incident Response

Fluincy has an Incident Response Plan designed to promptly and systematically respond to security and availability incidents that may arise. The incident response plan is tested and refined on a regular basis.

Segregation Controls

Data SegregationThe Service is designed to logically separate Customer’s Customer Data from that of other customers. Fluincy’s application logic is designed to enforce this segmentation by permitting each User access only to accounts to which that User has been granted access. 

User Roles

User roles specify different levels of permissions that Customer can use to manage its Users. Customer can invite Users to its Service account without giving all Users the same levels of permissions.