By using the Services, you consent to the data practices described in this statement. If you do not agree, please immediately discontinue your use of the Services.
Types of Data
Customer's User Data
When the Services are attached to third party products such as Slack or Zendesk, we will collect, on behalf of and with the permission of the Customer, additional data such as documents and information about the people using those products (the “Users”).
If invited, or given access to by the Customer, Users may optionally have access to use the Services directly.
The collection of Users that were invited or given access to by a Customer or interact with the Services through a third party for one Customer are considered the “Customer Group”. A single user may be part of multiple Customer Groups.
Collection of Data
Whenever a User directly interacts with our Services or through a third party service, we may collect personally identifiable or non-personal information about the User such as:
- First and Last name
- Email Address
- Employer and Job Title
- Profile Image
- Company website
- Documents, texts, images, descriptions, support tickets, questions, answers, interactions, and other available data to make that information available to the Customer Group from within the Services.
Additionally, when a User creates an account with the Service, we will ask the user to create a password and optionally enter a phone number.
Because the above data is considered Customer Data, we will give certain options to the Customer to assist in accessing, modifying, and deleting such information. We are referred to as the “Processor” of such data. As such, the retention, deletion, access, sharing, modification and storage of this data is controlled by the policies and settings of the Customer. For any questions about your data as a User, please check with the Customer.
To be able to operate the Service, configure it, and understand how the Service performs, we also collect certain personally identifiable information that is not considered Customer Data. We are referred to as the “Controller” of such data.
This data includes:
- Billing and other Information - Whenever a Customer purchases a paid version of our services, our third party payment processor may store your credit card information, billing address, or other information that you provide at the time of checkout on our behalf.
- Log Data - Whenever using our Services directly, through a third party or email, our servers will automatically collect and store information provided by your web browser, mobile application or third party service. This information may include Internet Protocol (IP) address, type and version of your browser, the type and version of your device and operating system, the date and time of your usage, your browser configuration, plugins, and cookies.
- Service Usage - To improve our platform and better understand what features you are using and how you are using them, we may collect information about how you interact and access our Services. This includes your interactions with the Services, third party integrations such as the Foqal Slack Extension, and (with the permission of the Customer) importing usage information from third parties.
- Device Information - This includes information such as what device you are using and version, application ids, unique identifiers, and crash data.
- Geo-Location - To understand the general location of where you are coming from, we may collect the WiFi and IP address from your browser or device. We do not collect the precise GPS location from your mobile device.
- Third Party Data - We will sometimes partner with third parties to enrich our data and your experience. This includes using services such as Google Analytics to understand usage patterns on the site, using selected vendors to understand email campaign performance, and download lists of bad IP addresses to block potential bad actors.
Please keep in mind that if you directly disclose personally-identifiable information or personally sensitive data through our Services, this information may be collected and used by others with whom the Customer chooses to share this data.
Unfortunately Foqal doesn’t have an office in every country. We may transfer your data to countries other than the one where you live including the United States. Other countries have regulations that might be different from yours, however we take all measures to ensure that your Data remains protected and complies with applicable data protection laws. The hosting facilities for our Services are located in United States of America.
If your data originates in the European Union, the United Kingdom, or Switzerland, the following are safeguards we deploy:
- European Union Model Clauses - to meet the security, privacy, and adequacy requirements of international data transfer between our Customers residing in the EU and Foqal, we offer European Union Model Clauses (also known as Standard Model Clauses). To get a copy of this data addendum, please contact us at firstname.lastname@example.org.
How we use your data
- Provide you with service - to operate our products and websites and deliver the services you have requested.
- Fix, resolve, or prevent technical, operational, and security issues.
- Analyze Customer or User Data to understand your organizational or personal preferences, understand concepts or jargon unique to your organization or business, and find trends in how users interact with the products with the intent purpose of improving our products and services.
- From time to time, Foqal may contact you via email. In order to improve our Services, we may receive a notification when you open an email from Foqal or click on a link therein. Cases in which we may contact you:
- When asking us a question, telling us about a problem, or providing general feedback, we may use your information to understand your problem or question and respond back to you.
- We may send automated messages to inform you of:
- Information, actions and organizational requests available to you through the Services.
- Changes to this or any other policy.
- Important notices regarding security, abuse, fraud, privacy, etc. We may also contact you with additional notices and actions to validate your account and email and inform you of certain actions performed to your account.
- Surveys, changes to our products and services, and general communications. You can opt out at any time.
- We may use Customer or User Data to identify and inform you of other products or services available from Foqal and its affiliates. You can opt out at any time.
- Billing - if using a paid Foqal product or service, we will use your billing information to process your credit card and keep track of payments and invoices.
Opting out of communications
Certain communications are required for the purpose of maintaining a Customer account. Because these are required messages for an account, you will have to close your account to stop receiving these messages.
Certain communications are sent to a User on behalf of a Customer or for the purpose of providing service to a Customer. An individual user may not opt out of these, but a Customer may change the settings and stop certain communications from being sent to their Customer Group.Finally, a certain set of communications consists of general surveys about your experience, changes to the Services, general communications, and marketing. You can always opt out of such communications by replying STOP or clicking on the “Unsubscribe” link if provided at the bottom of the email.
Sharing and Disclosure with Third Parties
Foqal does not sell, rent or lease its Customer information or lists to third parties. However, at times, we may share Customer or User data with certain third parties for the following reasons:
- To comply with law and safety - Foqal may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Foqal or the site; (b) protect and defend the rights or property of Foqal; and/or (c) act under exigent circumstances to protect the personal safety of users of Foqal, or the public.
- To process Customer or User Data - Foqal may share data with trusted partners to help perform statistical analysis, process payments, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Foqal, and they are required to maintain the confidentiality of your information.
For the list of current Subprocessors, please visit our subprocessor addendum.
- Third party integrations - With permission and acting on behalf of the Customer, we may share data with third party integrations added or requested to be added by the Customer. We are not responsible for the collection, sharing, use or misuse of third party integrations added by the Customer.
- Aggregate or anonymized data - We may share for any purpose or in any way required the aggregate or anonymized (de-identified) information gathered from Customer or User data. These are things like total number of questions answered across all Customers using the Services.
- Customer Support Questions - Any support question you ask directly by contacting us via Email, Phone, Slack, or any other means is subject to being used to help other customers with their support inquiries. Before sharing the question, we will make the best effort to remove any identifying information about the User or Customer making the inquiry.
- Affilies and Changes in business structure - At any time that Foqal engages in a merger, full or partial acquisition, sale of some or all assets, dissolution, bankruptcy, or division into multiple entities, or in the steps while contemplating or transacting such activities, Customer or User data may be disclosed with the related party. At the outcome of such proceedings, Customer and User Data may be shared with the affiliates in the corporate group.
We retain all Customer Data for the duration of the contract or until requested by the Customer to delete the data.
We retain all Service data for a duration required to perform processing. Since many pieces of data are required for continued service or for detecting trends over long periods of time, we will not delete most pieces of data unless explicitly requested.
- Account Information - We will keep this information until the Customer account is closed, or a User is no longer associated with a Customer account. At that time, we will anonymize the User information but retain the Customer’s content submitted by the User. This data will no longer be identifiable or associated to the original submitting User.
- Billing and other Information - We need to keep billing information to continue to process your payment. We will delete this information when a Customer closes the account, when the credit card information expires, or when you downgrade your Account to a free plan.
- Log Data - We will store most log data for a maximum of 60 days. We may retain this information for longer in the case your log information indicates or helps identify an issue. In that case, we may retain this log information for a total of 2 years.
- Service Usage, Device Information, Geo-Location - Because we use this data for many reasons such as understanding usage patterns, security, and auditing, we usually retain this data the longest.
- We will only delete Audit logs based on the configuration of our Customers. If the Customer selects to never delete Audit logs, we will not delete Audit log information until the Customer closes the Account.
- Other Reasons - Most information will be retained for 3 years. After 3 years we either delete or anonymize and aggregate the information. When aggregating, certain personal information such as online identifiers and IP address might still be retained. This data will live for 3 years regardless of account closure and data deletion requests as this information is used for historical and statistical research.
- Third Party Data - Please refer to our Subprocessor Addendum for details
Data Portability, Right to be forgotten
Both Users and Customers may ask for their data at any time by contacting us by emailing email@example.com. We require up to 5 business days to create the data export and email you the data.
We are not responsible for any exported data which does not comply with our Terms of Service and causes any harm to you, your systems, your networks or your business(es) such as, not limited to, malware or exploits or content that promotes unlawful activities; is sexually obscene; libelous, defamatory, or fraudulent; discriminatory or abusive toward any individual or group; or infringes on any proprietary right of any party.
Customer Data Export
As a Customer, you own the data and have access to download all of the data adhering to the Terms of Service, submitted by your Users, which has not been deleted by the Customer, User, or Foqal.
User Data Export
Users have the right to export all the information directly collected, submitted, or posted about the User. This includes things like name, email, user activity, and login times and locations. Because the controller and owner of the data is the Customer, we can not export all submitted posts, conversations, or questions and answers submitted by a User without permission from the Customer.
Right to be forgotten
Customers have the right to delete their data at the time they chose to close the account by contacting us. Immediately after receiving the request to delete Customer data, we will suspend the account and make all logins unavailable. Twenty (20) days after this time, we will begin deleting all customer data and will complete no later than thirty (30) days after receiving the initial request.
To help comply with Customers’ User deletion requests, please contact us. When we receive a request to delete the data for a User, we will immediately restrict the login of that User. We will then anonymize the personal information for that User but retain the uploaded data. Additionally, we will delete any personal information that we maintain about the User such as the name, email, and phone number.
We rarely need to process a User’s personal data. However in the cases that we do, we may pause or stop completely for the following reasons.
- When the accuracy of User data is contested by contacting us, we will for fifteen (15) days discontinue processing this users personal data to allow this information to be rectified by the User in writing. If after 30 days no response is received in writing via email, we will again continue processing the contested User data. Once a response is received from the User with evidence of accuracy and User’s identify, we will apply the new data within five (5) business days and restart processing.
- If we no longer need User or Customer data or a request has been received to delete the User or Customer data, but we are required to retain it for legal reasons, we will discontinue processing it until we are able to delete it in accordance to the legal requirements. If you have any requests to retain your data, please contact us.
We know how important your data is to you and security is one of our top priorities. Foqal secures your personal information from unauthorized access, loss, misuse, or disclosure. Foqal uses many methods to do this including encrypting data in transit and at rest, keeping logs of data access, verifying the authorization of Services and Users accessing the data, and many other techniques to keep up to date with the current security landscape.
We strive to take appropriate security measures to protect against unauthorized access to or alteration of your information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you, your third parties, and us cannot be guaranteed.
The Foqal website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you submit some useful information to a Foqal product, a cookie helps Foqal to recall your specific information on subsequent visits. When you return to the same Foqal product, the information you previously provided can be retrieved.
Additionally, we allow a small set of third parties to set cookies within the Foqal products to allow with tracking certain types of behavior. This includes services like Google Analytics and Hubspot.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Foqal services or websites you visit. You may find more information about disabling cookies by using the following links:
- Chrome - https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
- Firefox - https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari - https://support.apple.com/kb/ph21411?locale=en_US
- Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- Opera - https://www.opera.com/help/tutorials/security/privacy/
Privacy Shield Statement
Foqal commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland.
Foqal may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, Foqal strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
Foqal is the subprocessor to most of your personal data (name, email, etc) that we access. Any requests to add, modify, or delete such data should be made to the Customer to which you as a User are bound. Once the Customer modifies this data, it will be updated within our system within 10 business days.
We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first.
In compliance with the Privacy Shield Principles, Foqal commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Foqal at: firstname.lastname@example.org
For more information refer to the Privacy Shield Dispute resolution process
External Data Storage Sites
We may store and process your User Data on servers provided by third party hosting vendors with whom we have contracted.
The Foqal website and products contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our Users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Children Under 16
The Services are not designed for use by anyone under the age of sixteen. Foqal does not knowingly collect personally identifiable information from children under the age of sixteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use this website. If you learn that a child under the age of 16 has provided us with any personal information, please contact us immediately.
Changes to this Statement
This Privacy Statement is licensed under this Creative Commons Zero License. This Statement is provided on an "as-is" basis. You are free to use this Statement for any purpose and modify it as you would like, however, we are not liable for any loss or damage suffered as a result of use or misuse or reliance on the information and content of this Statement.
This Creative Commons Zero License Licence does not grant any trademark or other intellectual property permissions and does not convey or constitute any legal advice. Your use of this information does not create an attorney-client relationship between you and Foqal. This Privacy Statement and procedures may not suit your organizational needs, so always consult a lawyer if you want to adopt this Statement for your own uses.
If you have concerns about the way Foqal is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by contacting us at email@example.com with the subject line "Privacy Concerns." We will respond promptly — within 30 days at the latest.
You may also contact our Data Protection Officer directly by emailing firstname.lastname@example.org
Dispute resolution process
In the unlikely event that a dispute arises between you and Foqal regarding our handling of your User Personal Information, we will do our best to resolve it. Please contact us and give us the opportunity to resolve the issue. If we cannot, we commit to cooperate with EU Data Protection Authorities (DPAs) regarding any User Data related to human resource data or otherwise transferred from an EU country participating in the Privacy Shield Program. For this approach, please contact the U.S. Department of Commerce (either directly or through a European or United Kingdom Data Protection Authority) to attempt to resolve the issue.
Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.
Under certain limited circumstances, European Union or United Kingdom individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you choose to. If you wish to invoke binding arbitration, each party will be responsible for its own attorney’s fees.
We are subject to the jurisdiction of the Federal Trade Commission.
Foqal welcomes your feedback. If you have any questions, comments, feedback, or you believe that Foqal has not adhered to this Privacy Statement, please contact us at email@example.com or using our contact page at http://foqal.io/contact.
If you need to communicate with our Data Protection Officer, please email firstname.lastname@example.org.