Privacy Policy

​Effective as of October 24, 2018  |  Last Updated October 13, 2019

This Privacy Policy governs data collection and usage and applies to the entire suite of Foqal products and services including, but not limited to, the website http://foqal.io, the Foqal Slack Extension, and Foqal Mobile Application (the “Services”).

For the purposes of this Privacy Policy, unless otherwise noted, all references to “Foqal”, “we”, “our”, or “us” refers to Foqal, a California corporation. All references to “you” or “your” refer to the User, as defined below.

By using the Services, you consent to the data practices described in this statement. If you do not agree, please immediately discontinue your use of the Services.

Types of Data

Customer Data

Information collected and submitted to our Services by users is referred to, in this Privacy Policy, as “Customer Data”. This information is controlled by the person, organization, or third party that created the Foqal account (the “Customer”). Our collection, usage and processing of this data is done so on behalf of the Customer. This Privacy Policy applies where we are controlling and/or processing Customer Data.

Customer's User Data

When the Services are attached to third party products such as Slack or Zendesk, we will collect, on behalf of and with the permission of the Customer, additional data such as documents and information about the people using those products (the “Users”).

If invited, or given access to by the Customer, Users may optionally have access to use the Services directly.

The collection of Users that were invited or given access to by a Customer or interact with the Services through a third party for one Customer are considered the “Customer Group”. A single user may be part of multiple Customer Groups.

Collection of Data

Customer Data

Whenever a User directly interacts with our Services or through a third party service, we may collect personally identifiable or non-personal information about the User such as:

  • First and Last name
  • Email Address
  • Employer and Job Title
  • Profile Image
  • Company website
  • Documents, texts, images, descriptions, support tickets, questions, answers, interactions, and other available data to make that information available to the Customer Group from within the Services.


Additionally, when a User creates an account with the Service, we will ask the user to create a password and optionally enter a phone number.

Because the above data is considered Customer Data, we will give certain options to the Customer to assist in accessing, modifying, and deleting such information. We are referred to as the “Processor” of such data. As such, the retention, deletion, access, sharing, modification and storage of this data is controlled by the policies and settings of the Customer. For any questions about your data as a User, please check with the Customer.

Service Data

To be able to operate the Service, configure it, and understand how the Service performs, we also collect certain personally identifiable information that is not considered Customer Data. We are referred to as the “Controller” of such data.

This data includes:

  • Billing and other Information - Whenever a Customer purchases a paid version of our services, our third party payment processor may store your credit card information, billing address, or other information that you provide at the time of checkout on our behalf.
  • Log Data - Whenever using our Services directly, through a third party or email, our servers will automatically collect and store information provided by your web browser, mobile application or third party service. This information may include Internet Protocol (IP) address, type and version of your browser, the type and version of your device and operating system, the date and time of your usage, your browser configuration, plugins, and cookies.
  • Service Usage - To improve our platform and better understand what features you are using and how you are using them, we may collect information about how you interact and access our Services. This includes your interactions with the Services, third party integrations such as the Foqal Slack Extension, and (with the permission of the Customer) importing usage information from third parties.
  • Device Information - This includes information such as what device you are using and version, application ids, unique identifiers, and crash data.
  • Geo-Location - To understand the general location of where you are coming from, we may collect the WiFi and IP address from your browser or device. We do not collect the precise GPS location from your mobile device.
  • Third Party Data - We will sometimes partner with third parties to enrich our data and your experience. This includes using services such as Google Analytics to understand usage patterns on the site, using selected vendors to understand email campaign performance, and download lists of bad IP addresses to block potential bad actors.

Please keep in mind that if you directly disclose personally-identifiable information or personally sensitive data through our Services, this information may be collected and used by others with whom the Customer chooses to share this data.

Data Jurisdiction

Unfortunately Foqal doesn’t have an office in every country. We may transfer your data to countries other than the one where you live including the United States. Other countries have regulations that might be different from yours, however we take all measures to ensure that your Data remains protected and complies with applicable data protection laws. The hosting facilities for our Services are located in United States of America.

If your data originates in the European Union, the United Kingdom, or Switzerland, the following are safeguards we deploy:

  • Foqal complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s), as applicable) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland, to the United States. Foqal has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
  • European Union Model Clauses - to meet the security, privacy, and adequacy requirements of international data transfer between our Customers residing in the EU and Foqal, we offer European Union Model Clauses (also known as Standard Model Clauses). To get a copy of this data addendum, please contact us at legal@foqal.io.

How we use your data

To build the best product and provide you with a great experience, we will often change the way we process and analyze your data. Overall, we will use your Customer and User data as necessary to:
  • Provide you with service - to operate our products and websites and deliver the services you have requested.
  • Fix, resolve, or prevent technical, operational, and security issues.
  • Analyze Customer or User Data to understand your organizational or personal preferences, understand concepts or jargon unique to your organization or business, and find trends in how users interact with the products with the intent purpose of improving our products and services.
  • From time to time, Foqal may contact you via email. In order to improve our Services, we may receive a notification when you open an email from Foqal or click on a link therein. Cases in which we may contact you:
    • When asking us a question, telling us about a problem, or providing general feedback, we may use your information to understand your problem or question and respond back to you.
    • We may send automated messages to inform you of:
      • Information, actions and organizational requests available to you through the Services. 
      • Changes to this or any other policy.
      • Important notices regarding security, abuse, fraud, privacy, etc. We may also contact you with additional notices and actions to validate your account and email and inform you of certain actions performed to your account.
      • Surveys, changes to our products and services, and general communications. You can opt out at any time.
    • We may use Customer or User Data to identify and inform you of other products or services available from Foqal and its affiliates. You can opt out at any time.
  • Billing - if using a paid Foqal product or service, we will use your billing information to process your credit card and keep track of payments and invoices.

Opting out of communications

Certain communications are required for the purpose of maintaining a Customer account. Because these are required messages for an account, you will have to close your account to stop receiving these messages.

Certain communications are sent to a User on behalf of a Customer or for the purpose of providing service to a Customer. An individual user may not opt out of these, but a Customer may change the settings and stop certain communications from being sent to their Customer Group.​Finally, a certain set of communications consists of general surveys about your experience, changes to the Services, general communications, and marketing. You can always opt out of such communications by replying STOP or clicking on the “Unsubscribe” link if provided at the bottom of the email.

Sharing and Disclosure with Third Parties

Foqal does not sell, rent or lease its Customer information or lists to third parties. However, at times, we may share Customer or User data with certain third parties for the following reasons:

  1. To comply with law and safety - Foqal may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Foqal or the site; (b) protect and defend the rights or property of Foqal; and/or (c) act under exigent circumstances to protect the personal safety of users of Foqal, or the public.

  2. To process Customer or User Data - Foqal may share data with trusted partners to help perform statistical analysis, process payments, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Foqal, and they are required to maintain the confidentiality of your information.

    For the list of current Subprocessors, please visit our subprocessor addendum.

  3. Third party integrations - With permission and acting on behalf of the Customer, we may share data with third party integrations added or requested to be added by the Customer. We are not responsible for the collection, sharing, use or misuse of third party integrations added by the Customer.

  4. Aggregate or anonymized data - We may share for any purpose or in any way required the aggregate or anonymized (de-identified) information gathered from Customer or User data. These are things like total number of questions answered across all Customers using the Services.

  5. Customer Support Questions - Any support question you ask directly by contacting us via Email, Phone, Slack, or any other means is subject to being used to help other customers with their support inquiries. Before sharing the question, we will make the best effort to remove any identifying information about the User or Customer making the inquiry.

  6. Affilies and Changes in business structure - At any time that Foqal engages in a merger, full or partial acquisition, sale of some or all assets, dissolution, bankruptcy, or division into multiple entities, or in the steps while contemplating or transacting such activities, Customer or User data may be disclosed with the related party. At the outcome of such proceedings, Customer and User Data may be shared with the affiliates in the corporate group.

Data Retention

We retain all Customer Data for the duration of the contract or until requested by the Customer to delete the data.

We retain all Service data for a duration required to perform processing. Since many pieces of data are required for continued service or for detecting trends over long periods of time, we will not delete most pieces of data unless explicitly requested.

More specifically

  • Account Information - We will keep this information until the Customer account is closed, or a User is no longer associated with a Customer account. At that time, we will anonymize the User information but retain the Customer’s content submitted by the User. This data will no longer be identifiable or associated to the original submitting User.
  • Billing and other Information - We need to keep billing information to continue to process your payment. We will delete this information when a Customer closes the account, when the credit card information expires, or when you downgrade your Account to a free plan.
  • Log Data - We will store most log data for a maximum of 60 days. We may retain this information for longer in the case your log information indicates or helps identify an issue. In that case, we may retain this log information for a total of 2 years.
  • Service Usage, Device Information, Geo-Location - Because we use this data for many reasons such as understanding usage patterns, security, and auditing, we usually retain this data the longest.
  • We will only delete Audit logs based on the configuration of our Customers. If the Customer selects to never delete Audit logs, we will not delete Audit log information until the Customer closes the Account.
  • Other Reasons - Most information will be retained for 3 years. After 3 years we either delete or anonymize and aggregate the information. When aggregating, certain personal information such as online identifiers and IP address might still be retained. This data will live for 3 years regardless of account closure and data deletion requests as this information is used for historical and statistical research.
  • Third Party Data - Please refer to our Subprocessor Addendum for details

Data Portability, Right to be forgotten

Portability

Both Users and Customers may ask for their data at any time by contacting us by emailing data-requests@foqal.io. We require up to 5 business days to create the data export and email you the data.

We are not responsible for any exported data which does not comply with our Terms of Service and causes any harm to you, your systems, your networks or your business(es) such as, not limited to, malware or exploits or content that promotes unlawful activities; is sexually obscene; libelous, defamatory, or fraudulent; discriminatory or abusive toward any individual or group; or infringes on any proprietary right of any party.

Customer Data Export

As a Customer, you own the data and have access to download all of the data adhering to the Terms of Service, submitted by your Users, which has not been deleted by the Customer, User, or Foqal.

User Data Export

Users have the right to export all the information directly collected, submitted, or posted about the User. This includes things like name, email, user activity, and login times and locations. Because the controller and owner of the data is the Customer, we can not export all submitted posts, conversations, or questions and answers submitted by a User without permission from the Customer.

Right to be forgotten

Customers have the right to delete their data at the time they chose to close the account by contacting us. Immediately after receiving the request to delete Customer data, we will suspend the account and make all logins unavailable. Twenty (20) days after this time, we will begin deleting all customer data and will complete no later than thirty (30) days after receiving the initial request.

To help comply with Customers’ User deletion requests, please contact us. When we receive a request to delete the data for a User, we will immediately restrict the login of that User. We will then anonymize the personal information for that User but retain the uploaded data. Additionally, we will delete any personal information that we maintain about the User such as the name, email, and phone number.

Data Processing

We rarely need to process a User’s personal data. However in the cases that we do, we may pause or stop completely for the following reasons.

  1. When the accuracy of User data is contested by contacting us, we will for fifteen (15) days discontinue processing this users personal data to allow this information to be rectified by the User in writing. If after 30 days no response is received in writing via email, we will again continue processing the contested User data. Once a response is received from the User with evidence of accuracy and User’s identify, we will apply the new data within five (5) business days and restart processing.
  2. If we no longer need User or Customer data or a request has been received to delete the User or Customer data, but we are required to retain it for legal reasons, we will discontinue processing it until we are able to delete it in accordance to the legal requirements. If you have any requests to retain your data, please contact us.

Security

We know how important your data is to you and security is one of our top priorities. Foqal secures your personal information from unauthorized access, loss, misuse, or disclosure. Foqal uses many methods to do this including encrypting data in transit and at rest, keeping logs of data access, verifying the authorization of Services and Users accessing the data, and many other techniques to keep up to date with the current security landscape. 

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you, your third parties, and us cannot be guaranteed.

Cookies

The Foqal website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you submit some useful information to a Foqal product, a cookie helps Foqal to recall your specific information on subsequent visits. When you return to the same Foqal product, the information you previously provided can be retrieved.

Additionally, we allow a small set of third parties to set cookies within the Foqal products to allow with tracking certain types of behavior. This includes services like Google Analytics and Hubspot.  

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Foqal services or websites you visit.  You may find more information about disabling cookies by using the following links:

  • Chrome - https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
  • Firefox - https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
  • Safari - https://support.apple.com/kb/ph21411?locale=en_US
  • Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
  • Opera - https://www.opera.com/help/tutorials/security/privacy/

Privacy Shield Statement

Foqal commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland.

We do share Customer Data and Service Data with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Policy and whom also comply with The Privacy Shield Framework. Our vendors perform services such as payment processing, network data transmission, and other similar services. When we transfer your data to our vendors under Privacy Shield, we remain responsible for it. While Foqal processes all Customer Data and Service Data in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our Subprocessor Addendum

Foqal may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, Foqal strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

Your Rights

Foqal is the subprocessor to most of your personal data (name, email, etc) that we access. Any requests to add, modify, or delete such data should be made to the Customer to which you as a User are bound. Once the Customer modifies this data, it will be updated within our system within 10 business days.

Foqal also collects and processes certain information about you (such as IP address, geo-location, device information) as mentioned in this Privacy Policy. This information is never shared with any party other than the mentioned Subprocessors. The duration of how long we store this information is described in the Data Retention Section. However if you would like for us to remove such information faster, please contact us at dpo@foqal.io and we will respond to you within 10 business days.

You have the right to access and export your personal information at any time. Please refer to the Data Portability section of this Privacy Policy for more information.

We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first.

Complaints

In compliance with the Privacy Shield Principles, Foqal commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Foqal at: dpo@foqal.io

For more information refer to the Privacy Shield Dispute resolution process

Other

External Data Storage Sites

We may store and process your User Data on servers provided by third party hosting vendors with whom we have contracted.

Links

The Foqal website and products contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our Users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Children Under 16

The Services are not designed for use by anyone under the age of sixteen.  Foqal does not knowingly collect personally identifiable information from children under the age of sixteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use this website. If you learn that a child under the age of 16 has provided us with any personal information, please contact us immediately.

Changes to this Statement

Foqal reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat Customer Data and User Data by sending a notice to the primary email address specified in your Customer and User Accounts, by placing a prominent notice on our site, and/or by updating any privacy information on this page. Your continued use of the Services after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Privacy Policy.

License

This Privacy Statement is licensed under this Creative Commons Zero License. This Statement is provided on an "as-is" basis. You are free to use this Statement for any purpose and modify it as you would like, however, we are not liable for any loss or damage suffered as a result of use or misuse or reliance on the information and content of this Statement.

This Creative Commons Zero License Licence does not grant any trademark or other intellectual property permissions and does not convey or constitute any legal advice. Your use of this information does not create an attorney-client relationship between you and Foqal. This Privacy Statement and procedures may not suit your organizational needs, so always consult a lawyer if you want to adopt this Statement for your own uses.  

Resolving complaints

If you have concerns about the way Foqal is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by contacting us at privacy@foqal.io with the subject line "Privacy Concerns." We will respond promptly — within 30 days at the latest.

You may also contact our Data Protection Officer directly by emailing dpo@foqal.io

Dispute resolution process

In the unlikely event that a dispute arises between you and Foqal regarding our handling of your User Personal Information, we will do our best to resolve it. Please contact us and give us the opportunity to resolve the issue. If we cannot, we commit to cooperate with EU Data Protection Authorities (DPAs) regarding any User Data related to human resource data or otherwise transferred from an EU country participating in the Privacy Shield Program. For this approach, please contact the U.S. Department of Commerce (either directly or through a European or United Kingdom Data Protection Authority) to attempt to resolve the issue.

Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.

Independent arbitration

Under certain limited circumstances, European Union or United Kingdom individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you choose to. If you wish to invoke binding arbitration, each party will be responsible for its own attorney’s fees.

We are subject to the jurisdiction of the Federal Trade Commission.

Contact Information

Foqal welcomes your feedback. If you have any questions, comments, feedback, or you believe that Foqal has not adhered to this Privacy Statement, please contact us at legal@foqal.io or using our contact page at http://foqal.io/contact

If you need to communicate with our Data Protection Officer, please email dpo@foqal.io.