Terms & Policies

User Terms of Service

Effective Date: August 30th, 2019

CheckFlow Ltd. (“CheckFlow,” “we,” “our”) offers checklist and process management software (the “Service”) online via our websites, including but not limited to www.checkflow.io, www.checkflow.co.uk, blog.checkflow.io (the “Websites”). CheckFlow Ltd. is located at International House, 24 Holborn Viaduct, London, EC1A 2BN, United Kingdom. If you have any questions about these User Terms of Service (the “Terms”), please email us at terms@checkflow.io. CheckFlow has two different types of users:

  • We call users who use the Service as part of a paid CheckFlow subscription plan (regardless of the subscription tier) “Subscribers.” The Service features and functionalities available to Subscribers are determined by the subscription tier and the specific terms agreed to between CheckFlow and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (the “Customer Agreement”).
  • We call users who use the Service as a Guest “Guests.” While Guests can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers.

We refer to these two types of users collectively as “Users” or “you” for purposes of these Terms. Regardless of what type of User you are, these Terms create a legal agreement directly between you and CheckFlow and explain the rules governing use of the Service and Websites. By accessing or using the Service and Websites, you acknowledge and agree that you have read, understand, and agree to be bound by these Terms and our Privacy Policy. If you do not agree to these Terms, please do not access or use the Service and Websites. We may, from time to time, modify these Terms. Please check this page periodically for updates. We will comply with applicable local legal obligations to provide you with notice of changes to these Terms. Your continued use of the Service and Websites after any such update constitutes your acceptance of such changes.

1. Eligibility & Scope

1.1 General. To use the Service and Websites you must be, and represent and warrant that you are, at least 13 years of age and competent to agree to these Terms. If CheckFlow has previously prohibited you from accessing or using the Service and Websites, you are not permitted to access or use the Service and Websites.

1.2 Location. These Terms are applicable to Users worldwide.

2. Account Registration & Use

2.1 Account Registration and Confidentiality. To access the Service and Websites, you must register for a CheckFlow account by creating a user name and password. You agree to provide us with accurate, complete, and current registration information about yourself. It is your responsibility to ensure that your password remains confidential and secure. By registering, you agree that you are fully responsible for all activities that occur under your user name and password. We may assume that any communications we receive under your account have been made by you. If you are a billing owner, an administrator, or if you have confirmed in writing that you have the authority to make decisions on behalf of a Customer (“Account Administrator”), you represent and warrant that you are authorized to make decisions on behalf of the Customer and agree that CheckFlow is entitled to rely on your instructions.

2.2 Unauthorized Account Use. You are responsible for notifying us at terms@checkflow.io if you become aware of any unauthorized use of or access to your account. You understand and agree that we may require you to provide information that may be used to confirm your identity and help ensure the security of your account. CheckFlow will not be liable for any loss, damages, liability, expenses or attorneys’ fees that you may incur as a result of someone else using your password or account, either with or without your knowledge and/or authorization, and regardless of whether you have or have not advised us of such unauthorized use. You will be liable for losses, damages, liability, expenses and attorneys’ fees incurred by CheckFlow or a third party due to someone else using your account. In the event that the Account Administrator or Customer loses access to an account or otherwise requests information about an account, CheckFlow reserves the right to request from the Account Administrator or Customer any verification it deems necessary before restoring access to or providing information about such account in its sole discretion.

3. Our Proprietray Rights

The Service and Websites are owned and operated by CheckFlow and contain materials (including all software, design, text, editorial materials, informational text, photographs, illustrations, audio clips, video clips, artwork and other graphic materials, and names, logos, trademarks and services marks) which are derived in whole or in part from materials supplied by CheckFlow and its partners, as well as other sources, and are protected by United States copyright laws, international treaty provisions, trademarks, service marks and other intellectual property laws. The Service and Websites are also protected as a collective work or compilation under U.S. and global copyright and other law and treaties. You agree to abide by all applicable copyright and other laws, as well as any additional copyright notices or restrictions contained in the Service and Websites. You acknowledge that the Service and Websites have been developed, compiled, prepared, revised, selected, and arranged by CheckFlow and others through the application of methods and standards of judgment developed and applied through the expenditure of substantial time, effort, and money and constitute valuable intellectual property of CheckFlow and such others. You agree to notify CheckFlow immediately upon becoming aware of any claim that the Service and Websites infringe upon any copyright, trademark, or other contractual, statutory, or common law rights. Any unauthorized use of any material contained on or through the Service and Websites may violate copyright laws, trademark laws, the laws of privacy and publicity and communications regulations and statutes.

4. User Content & Feedback

4.1 User Content and Submissions on the Service. The Service allows you to create tasks and submit associated information, text, files, and other materials (collectively, “User Content”) and to share that User Content with others. User Content submitted or otherwise made available to the Service is subject to the following terms:

4.1.1 Subscriber User Content on the Service. Content submitted to the Service by Subscribers (“Subscriber User Content”) is owned and controlled by the Customer as set forth in the introduction to these Terms and the Customer Agreement. CheckFlow maintains a limited, non-exclusive and non-transferrable (except in connection with the sale or transfer of its business) license to access, use, copy, reproduce, process, adapt, publish, transmit, host, and display Subscriber User Content for the following limited purposes: (i) to maintain, provide and improve the Service; (ii) to prevent or address technical or security issues and resolve support requests; (iii) to investigate when we have a good faith belief, or have received a complaint alleging, that such Subscriber User Content is in violation of the Customer Agreement or these Terms; (iv) to comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our (TODO: Insert Link to Law Enforcement Guidelines) Law Enforcement Guidelines; and (v) as otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer.

4.1.2 Guest User Content.Guests maintain ownership of the User Content that they submit to the Service (“Guest User Content”). By submitting Guest User Content, Guest Users grant CheckFlow a license to access, use, copy, reproduce, process, adapt, publish, transmit, and display that Guest User Content, as permitted by CheckFlow’s Privacy Policy, including if required to do so by law or in good faith to comply with legal process. We reserve the right to remove any Guest User Content on the Service that violates these Terms or that is otherwise objectionable in CheckFlow’s sole discretion.

4.2 Feedback on the Websites. The Websites may have certain features that allow you to submit comments, information, and other materials (collectively, “Feedback”) to CheckFlow and share such Feedback with other users, or the public. By submitting Feedback through the Websites, you grant CheckFlow a license to access, use, copy, reproduce, process, adapt, publish, transmit, host, and display that Feedback for any purpose (including in testimonials or other CheckFlow marketing materials and where required to do so by law or in good faith to comply with legal process.). We reserve the right to remove any Feedback posted in public forums for any reason at our sole discretion.

4.3 User Content and Feedback Representations. You acknowledge and agree that you have all required rights to submit User Content and Feedback without violation of any third-party rights. You understand that CheckFlow does not control, and is not responsible for, User Content or Feedback, and that by using the Service and/or Websites, you may be exposed to User Content or Feedback from other users that is offensive, indecent, inaccurate, misleading, or otherwise objectionable. Please also note that User Content and Feedback may contain typographical errors, other inadvertent errors or inaccuracies. You agree that you will indemnify, defend, and hold harmless CheckFlow for all claims resulting from User Content or Feedback you submit through the Service and/or Websites. We reserve the right, at our own expense, to assume the exclusive defense and control of such disputes, and in any event you will cooperate with us in asserting any available defenses.

5. License & Acceptable Use

5.1 Your License. Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-sublicensable, non-transferable, and revocable license to access and use the Service and Websites only for your own internal use (or, for Subscribers, uses authorized by the Customer), and only in a manner that complies with all legal requirements that apply to you or your use of the Service and Websites, including the CheckFlow Privacy Policy and these Terms. CheckFlow may revoke this license at any time, in its sole discretion.

5.2 Acceptable Use. All Users must comply with the following rules regarding acceptable use of the Service and Websites.

Disruption of the Service. You may not:

  • access, tamper with, or use non-public areas of the Service and Websites, CheckFlow’s computer systems, or the technical delivery systems of CheckFlow’s providers;
  • probe, scan, or test the vulnerability of any system or network or breach or circumvent any security or authentication measure;
  • access or search the Service and Websites by any means other than CheckFlow’s publicly supported interfaces (for example, “scraping”);
  • attempt to disrupt or overwhelm our infrastructure by intentionally imposing unreasonable requests or burdens on our resources (e.g. using “bots” or other automated systems to send requests to our servers at a rate beyond what could be sent by a human user during the same period of time); or
  • interfere with or disrupt the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service and Websites, or by scripting the creation of User Content in such a manner as to interfere with or create an undue burden on the Service and Websites.

Misuse of the Service and Websites. You may not utilize the Service and Websites to carry out, promote or support:

  • any unlawful or fraudulent activities;
  • the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity in a manner that does or is intended to mislead, confuse, or deceive others;
  • activities that are defamatory, libelous or threatening, constitute hate speech, harassment, or stalking;
  • the publishing or posting of other people’s private or personal information without their express authorization and permission;
  • the sending of unsolicited communications, promotions advertisements, or spam;
  • the publishing of or linking to malicious content intended to damage or disrupt another user’s browser or computer; or
  • the promotion or advertisement of products or services other than your own without appropriate authorization.

User Content Standards Within the Service and Websites. You may not post any User Content on the Service or Websites that:

  • violates any applicable law, any third party’s intellectual property rights, or anyone’s right of privacy or publicity;
  • is deceptive, fraudulent, illegal, obscene, pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited children), defamatory, libelous or threatening, constitutes hate speech, harassment, or stalking;
  • contains any personal information of minors;
  • contains any sensitive personal information, such as financial information, payment card numbers, social security numbers, or health information without CheckFlow’s prior written consent granted as part of a Customer Agreement;
  • contains viruses, bots, worms, or similar harmful materials; or
  • contains any information that you do not have a right to make available under law or any contractual or fiduciary duty.

Violations of this Section 5. In addition to any other remedies that may be available to us, CheckFlow reserves the right to take any remedial action it deems necessary, including immediately suspending or terminating your account or your access to the Service or Websites, upon notice and without liability for CheckFlow should you fail to abide by the rules in this Section 5 or if, in CheckFlow’s sole discretion, such action is necessary to prevent disruption of the Service or Websites for other users. If you are a Subscriber, CheckFlow reserves the right to notify the Customer’s Account Administrator(s) or other Customer representative(s) of any violations of these Terms.

6. Privacy

For information about how we collect, use, and share the data we collect from and about you, please see our Privacy Policy which is incorporated by reference into these Terms.

7. Limitation of Liability

If we fail to comply with these Terms, we are responsible for loss or damage that you suffer that is a foreseeable result of our breach of these Terms or our negligence, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it is an obvious consequence of our breach or if it was an order that was accepted. We also only provide the Service and Websites for your internal use. We have no liability to you for any loss of profit, loss of business, business interruption or loss of business opportunity based on your use of or reliance on the Service and Websites. We do not exclude or limit in any way our liability to you where it would be unlawful for us to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors, for fraud or fraudulent misrepresentation and for breach of your legal rights in relation to the Service and Websites.

The information presented on or through the Service and Websites is made available solely for general information purposes. We do not confirm the accuracy, completeness or usefulness of this information. Any reliance that you place on such information is strictly at your own risk.

8. Viruses

You understand that we cannot and do not guarantee that files available for downloading from the Internet or our Service or Websites will be free of viruses or other destructive code. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to the Service and Websites for any reconstruction of any lost data.

9. Third-Party Links & Service & Websites

The Service and Websites may provide (1) information and content provided by third parties; (2) links to third-party websites or resources, such as sellers of goods and services; and (3) third-party products and services for sale directly to you. CheckFlow is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for (i) any content, advertising, products, or other materials on or available from such sites or resources, (ii) any errors or omissions in these websites or resources, or (iii) any information handling practices or other business practices of the operators of such sites or resources. You further acknowledge and agree that CheckFlow shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any linked sites or resources. Your interactions with such third parties will be governed by the third parties’ own terms of service and privacy policies, and any other similar terms.

10. Modification

CheckFlow reserves the right at any time to modify or discontinue, temporarily or permanently, the Service and Websites (or any part thereof), with or without notice. You agree that CheckFlow shall not be liable to you or any third party for any modification, suspension or discontinuance of the Service and Websites.

11. Applicable Law

Please note that these Terms, and their subject matter and formation, are governed by the laws of the United Kingdom. However, if you are a consumer and resident of any other European country you will benefit from, and if you are a consumer and resident of any country in APAC or the UAE you may benefit from, any mandatory provisions of, and legal rights available to you under, the laws of that country. Nothing in these Terms affects your rights as a consumer to rely on any such local law mandatory provisions and legal rights.

You can contact CheckFlow at terms@checkflow.io if you have any complaints or disputes about the Services. You and CheckFlow shall use best efforts to settle any dispute, claim, question, or disagreement directly through consultation and good faith negotiations, which shall be a precondition to either party initiating a lawsuit or other form of complaint. If we do not reach an agreed-upon solution within a period of 30 days from the time informal dispute resolution is pursued, to the extent permitted by applicable law, all controversies, disputes, demands, counts, claims or causes of action between you and CheckFlow arising out of, under, or related to the Services shall be submitted to the exclusive jurisdiction of the courts of the United Kingdom. However, if you are a resident of any other European country, APAC country or the UAE, you may also bring proceedings in that country.

12. General Terms

12.1. No waiver. If we fail to insist that you perform any obligations under these Terms, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived such rights and will not mean that you do not have to comply with your obligations. If we do waive a failure or breach by you, we will only do so in writing and that will not mean that we automatically waive any future failure of breach by you.

12.2. Severability. Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are unlawful or unenforceable, the remaining paragraphs will remain in full force and effect.

12.3. Miscellaneous. The section titles in these Terms are for convenience only and have no legal or contractual effect.

12.4 Notices. We may deliver notice to you by e-mail, posting a notice on the Service and Websites or any other method we choose and such notice will be effective on dispatch. If you give notice to us, it will be effective when received and you must use the following email address: terms@checkflow.io.

Privacy Policy

Effective Date: August 30th, 2019

CheckFlow offers checklist and process management software online (the “Service”) via our websites, including but not limited to www.checkflow.io, www.checkflow.co.uk, blog.checkflow.io (the “Websites”). As you use the Service and interact with the Websites, CheckFlow collects and processes information from and about you in order to provide you with access to the Service, enhance your experience while using the Service, and interact with you. This Privacy Policy (the “Policy”) describes how CheckFlow collects, uses, and discloses information collected through the Service and Websites, and what choices you have with respect to such information. The first section below explains which privacy terms are applicable to you depending on what type of user you are.

References to “CheckFlow” throughout the Policy mean the CheckFlow entity that acts as the data controller or data processor of your information, as explained in more detail below. If you do not agree with this Policy, do not access or use the Service, Websites, or any other part of CheckFlow’s business.

If you have any questions about this Privacy Policy, please contact CheckFlow by emailing us at terms@checkflow.io.

This Privacy Policy contains the following sections:

I. What Type of User am I and Which Privacy Terms Are Applicable to Me?

CheckFlow has three different types of users depending on the CheckFlow products used. Please see the bullets below to determine which type of user you are, and then click the internal link to visit the privacy terms applicable to you. It is possible that you may use CheckFlow in different ways. If so, please review all applicable privacy terms. Also, don’t forget to review Section V, which contains privacy terms applicable to all users.

  • Subscribers. We call users who use the Service as part of any tier of a paid CheckFlow subscription plan “Subscribers.” The Service features and functionalities available to Subscribers are determined by the specific terms agreed to between CheckFlow and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (for purpose of this Policy, the “Customer Agreement”). The Customer controls its instance of the Service and is the data controller of the information collected through the Service about Subscribers, and CheckFlow is a data processor of such information. To go directly to the terms applicable to Subscribers, please click here.
  • Guest Users. We call users who use the service as a Guest “Guest Users.” While Guest Users can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers. CheckFlow is the data controller of the information collected through the Service about Guest Users. To go directly to the terms applicable to Guest Users, please click here.
  • Site Visitors. We call users of the Websites “Site Visitors.” Site Visitors can be individuals who are simply browsing the Websites but who do not use the CheckFlow Service; or, Site Visitors can be Guest Users or Subscribers who visit the Websites to seek additional information about CheckFlow. CheckFlow is the data controller of the information collected through the Website about Site Visitors. To go directly to the terms applicable to Site Visitors please click here.

II. Privacy Terms for Subscribers

A. Overview

Section II of this Policy applies only to Subscribers. If you are a Subscriber, the “Customer Agreement” governs the collection and processing of information collected from you through the Customer’s instance of the Service (e.g. a Customer’s organization or team, but for purposes of this Policy referred to as the “Team”), including all associated messages, attachments, files, tasks, templates and template names, team names, checklists, conversations, and other content submitted through the Service (“Team Content”). In the event of a conflict between this Privacy Policy and the Customer Agreement, the Customer Agreement governs. Because the Customer controls the Workspace used by Subscribers, if you have any questions about the Customer’s specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you are a Subscriber located in the European Union, please note that the Customer is the data controller with respect to the processing of your Workspace Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing Workspace Content of EU data subjects governed by the Customer Agreement, CheckFlow is the data processor, meaning that we collect and process such information solely on behalf of the Customer.

B. Collection and Use of Subscriber Information

This section explains the information we collect from Subscribers. We do not require Subscribers to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.

  1. Team Content. Team Content is collected, used, and shared by CheckFlow in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement, or as required by applicable law. The Customer, and not CheckFlow, determines its own, internal policies regarding storage, access, modification, deletion, sharing, and retention of Team Content which may apply to your use of the Service. For example, a Customer may provide or remove access to the Service, manage permissions, or manage groups. Please check with the Customer about the policies and settings that they have instituted with respect the Workspace Content that you provide when using the Service.
  2. Account Information. To set up your CheckFlow account, you or the Customer will provide us with basic information about you which may include your name, email address, and password. If you submit payment information in connection with your use of the Service, we utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address, and phone number. In such circumstances, the third party service provider, and not CheckFlow, stores your payment information on our behalf.
  3. Service Usage Information. As you use the Service, we collect information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
    • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
    • Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
    • Team Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Team. For example, we may log the number of Teams you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
  4. Other Information. You may provide us with information when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g., support forms, sales forms, user research participation forms); information you provide in connection with CheckFlow contests or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
  5. Information Collected from Third-Party Integrations. If you choose to use or connect to third-party integrations (e.g., Zapier, Slack, Trello) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.

C. How Does CheckFlow Use Subscriber Information?

This section explains how CheckFlow uses information collected from Subscribers.

  1. Team Content. CheckFlow may view and use Team Content collected from and about Subscribers only as necessary:
    • To maintain, provide and improve the Service
    • To prevent or address technical or security issues and resolve support requests
    • To investigate when we have a good faith belief, or have received a complaint alleging, that such Workspace Content is in violation of the Customer Agreement or our User Terms of Service
    • To comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our Law Enforcement Guidelines
    • As otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer
  2. Account Information, Service Usage Information, Information from Third Party Integrations, and Other Information. CheckFlow may use these categories of information collected from and about Subscribers to:
    • Maintain, provide, and improve the Service
    • Respond to your requests for information
    • Prevent or address technical or security issues and resolve support requests
    • Investigate in good faith alleged violations of our User Terms of Service
    • Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our (TODO: Link) Law Enforcement Guidelines
    • Help us better understand user interests and needs, and customize the Service for our users
    • Engage in analysis, research, and reports regarding use of the Service
    • Protect the Service and our users
    • Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them
    • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about CheckFlow. You have the ability to unsubscribe from such promotional communications
    • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Sharing of Subscriber Information

In accordance with the applicable Customer Agreement, we may share the information we collect from Subscribers as follows:

  • Affiliates and Subsidiaries. We may share the information we collect within the CheckFlow family of companies.
  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
  • Business Transactions. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Service can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as the acquiring party modifies it. If such transfer is subject to additional mandatory restrictions under applicable laws, CheckFlow will comply with such restrictions.
  • Consistent with your settings within the Service. Please note that the Team Content you submit through the Service may be viewable by other users in your Team, depending on the specific settings you or your team administrator have selected.

E. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.

F. Combined Information

We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.

G. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Customer Agreement requires or permits specific retention or deletion periods.

H. Data Subject Rights

Please contact your Team owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.

III. Privacy Terms for Guest Users

A. Overview

Section III of this Policy applies only to Guest Users of the Service. If you are a Guest User located in the European Union, CheckFlow is the data controller with respect to the processing of your personal data pursuant to the GDPR.

B. Collection and Use of Guest User Information

This section explains how we collect, process, and use the information collected from Guest Users. We do not require Guest Users to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as discussed below.

  1. Information You Provide to CheckFlow. CheckFlow collects the following information submitted directly through the Service by Guest Users:
    • The messages, attachments, files, tasks, templates and template names, team names, checklists, conversations, and other content submitted through the Service (collectively, the “Team Content”);
    • Information you provide as part of your account registration with CheckFlow, which may include your name, team name, email address and password (collectively, the “Account Information”); and
    • Information you provide in other interactions with us, such as requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms), information you provide in connection with CheckFlow contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
  2. Service Usage Information. As you use the Service, we collect a variety of information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
    • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
    • Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
    • Team Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Team. For example, we may log the number of Teams you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
  3. Information Collected from Third-Party Integrations. If you choose to use or connect to third-party integrations (e.g., Zapier, Slack, Trello) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.

C. How Does CheckFlow Use Guest User Information?

CheckFlow may use the information collected from Guest Users to: - Maintain, provide, and improve the Service - Respond to your requests for information - Prevent or address technical or security issues and resolve support requests - Investigate in good faith alleged violations of our User Terms of Service - Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our (TODO: Link) Law Enforcement Guidelines - Help us better understand user interests and needs, and customize the Service for our users - Engage in analysis, research, and reports regarding use of the Service - Protect the Service and our users - Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them - In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about CheckFlow. You have the ability to unsubscribe from such promotional communications - Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Legal Bases for Use of Your Information

If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Service as a Guest User are as follows:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using the Service)
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Service; operate our Service; prevent fraud, analyze use of and improve our Service, and for similar purposes)
  • Where use of your information is necessary to comply with a legal obligation
  • Where we have your consent to process data in a certain way

E. Sharing of Guest User Information

We share the information we collect through the Service about Guest Users with the following:

  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
  • Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, CheckFlow will comply with such restrictions.
  • Consent. We may also disclose your information to third parties with your consent to do so.
  • Consistent with your settings within the Service. Please note that the Team Content you submit through the Service may be viewable by other users in your Team, depending on the specific settings you have selected.

F. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

G. Combined Information

For the purposes discussed in this Policy, we may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.

H. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “CheckFlow Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update information which is out of date or incorrect
  • delete certain information which we are holding about you
  • restrict the way that we process and disclose certain of your information
  • transfer your information to a third party provider of services
  • revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

IV. Privacy Terms for Site Visitors

A. Overview

Section IV of this Policy applies only to Site Visitors. If you visit the Websites, regardless of whether you are also a user of the Service, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of CheckFlow’s Websites, not to use of the Service. If you are a Site Visitor located in the European Union, CheckFlow is the data controller with respect to the processing of your personal data pursuant to the EU General Data Protection Regulation (“GDPR”).

B. Collection and Use of Site Visitor Information

  1. Information Collected from Site Visitors

    When you use the Websites, we collect the following information about you:

    • Contact Information – if you submit a request for information or a question through the Websites, you may be asked to provide us with basic information including your name, email address, phone number, and postal address. We will also keep records of the communication, the question/request you raised, and how it was resolved. If you choose to participate in a CheckFlow contest, or research study offered through the Websites, we will also collect basic contact information from you in connection with such activity.
    • Websites Usage Information – as you browse the Websites, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Websites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you use the Websites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Websites, domain names, landing pages, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Websites, date and time stamp information and other such information.
    • Location Information – We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
  2. Cookies and Similar Technologies

    To collect the Websites Usage Information discussed above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Websites. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which pages of the Websites you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Websites and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

  3. Use of Information Collected from Site Visitors

    We use the information collected from Site Visitors for a variety of purposes including to:

    • Maintain, provide, and improve the Websites and the Service
    • Respond to your requests for information
    • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about CheckFlow. You have the ability to unsubscribe from such promotional communications
    • Prevent or address technical or security issues
    • Investigate in good faith alleged violations of our User Terms of Service
    • Help us better understand Site Visitor interests and needs, and customize the advertising and content you see on the Websites
    • Engage in analysis and research regarding use of the Websites and the Service

C. Legal Bases

If you are located in the EU, please note that the legal bases under the GDPR for using the information we collect through your use of the Websites as a Site Visitor are as follows:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by browsing the Websites)
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Websites; operate our Websites; prevent fraud, analyze use of and improve our Websites, and for similar purposes)
  • Where use of your information is necessary to comply with a legal obligation
  • Where we have your consent to process data in a certain way

D. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Websites so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

E. Combined Information

You agree that, for the purposes discussed in this Policy, we may combine the information that we collect through the Websites with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy. If, however, the collection of any information about you is governed by a Customer Agreement, information will only be combined and used in accordance with such Customer Agreement and the sections of this Policy applicable to Subscribers.

F. Website Analytics

  1. Website Analytics

    We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

  2. Notice Concerning Do Not Track Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Websites for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

G. Sharing of Site Visitor Information

We share the information we collect through the Websites with the following:

  • Affiliates and Subsidiaries. We may share the information we collect within the CheckFlow family of companies.
  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
  • Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, CheckFlow will comply with such restrictions.
  • Consent. We may also disclose your information to third parties with your consent to do so.

H. Retention of Your Information

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “CheckFlow Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update information which is out of date or incorrect
  • delete certain information which we are holding about you
  • restrict the way that we process and disclose certain of your information
  • transfer your information to a third party provider of services
  • revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

J. Third Party Links And Services

The Websites may contain links to third-party websites and functionalities. If you choose to use these third party services, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by CheckFlow, CheckFlow is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.

V. Additional Privacy Terms for All Users

The following additional information about CheckFlow’s privacy practices apply to all users of CheckFlow (Subscribers, Guest Users, and Site Visitors).

A. Changes To Our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Service or Websites, or advances in technology. We will make the revised Policy accessible through the Service and Websites, so you should review the Policy periodically. If we make a material change to the Policy, we will comply with applicable legal requirements regarding providing you with notice and/or consent.

B. How We Protect Your Information

CheckFlow takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.

C. Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at the “CheckFlow Contact Info” section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.

VI. CheckFlow Contact Info

CheckFlow Ltd. is located at International House, 24 Holborn Viaduct, London, EC1A 2BN, United Kingdom. If you wish to contact us or have any questions about or complaints in relation to this Policy, please contact us at privacy@checkflow.io

Subscriber Agreement

Effective Date: August 30th, 2019

This Subscriber Agreement (the “Agreement”) is entered into by and between CheckFlow Ltd. (“CheckFlow”) and the organization agreeing to the terms of this Agreement (“Customer”). This Agreement shall be effective on the earliest of (a) the date Customer clicks a button indicating its agreement with the terms of this Agreement; (b) Customer entering into an Order Form or similar form referencing or otherwise incorporating this Agreement; or (c) Customer’s use of the Service (the “Effective Date”). If you are entering into this Agreement on behalf of your organization, that organization is deemed to be the Customer and you represent that you have the power and authority bind that organization to this Agreement. This Agreement applies to you if you are a new Customer on or after August 30, 2019.

1 The Service.

1.1 Provision of the Service. CheckFlow shall make the Service purchased under an Order Form available to Customer and its End Users pursuant to this Agreement during the applicable Subscription Term. The Service includes the features and functionality applicable to the version of the Service ordered by Customer. CheckFlow may update the content, functionality, and user interface of the Service from time to time in its sole discretion.

1.2 Access Rights. Customer has a non-exclusive, non-sublicenseable, non-transferable (except as specifically permitted in this Agreement) right to access and use the Service pursuant to this Agreement during the applicable Subscription Term, solely for Customer’s internal business purposes subject to the limitations set forth in the Order Form.

1.3 Usage Restrictions. Customer shall not (a) make the Service available to, or use any Service for the benefit of, anyone other than Customer and its Affiliates; (b) rent, sublicense, re-sell, assign, transfer, distribute, time share, or similarly exploit the Service; (c) reverse engineer, copy, modify, adapt, hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks; (d) access the Service, the Documentation, or CheckFlow’s Confidential Information to build a competitive product or service; (e) alter or remove, or permit any third party to alter or remove, any proprietary trademark or copyright markings incorporated in, marked on, or affixed to the Service; (f) allow End User Subscriptions to be shared or used by more than one individual End User (except that End User Subscriptions may be reassigned to new End Users replacing individuals who no longer use the Service for any purpose, whether by termination of employment or other change in job status or function); or (g) access or use the Service: (i) to send or store infringing, obscene, threatening, or otherwise unlawful material, including material violative of third-party privacy rights; (ii) in violation of applicable laws; (iii) to send or store material knowingly or intentionally containing software viruses, worms, Trojan horses or other harmful computer code, files, or scripts; or (iv) in a manner that interferes with or disrupts the integrity or performance of the Service (or the data contained therein).

1.4 Protection of Customer Data. CheckFlow shall implement and maintain administrative, organizational, and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data.

1.5 Administration of Customer’s Account. Customer acknowledges that it retains administrative control over to whom it grants access to Customer Data hosted in the Service. Customer may specify an End User to be the billing owner and, depending on the Subscription, one or more End Users to be administrators (each an “Administrator”) to manage its account, and CheckFlow is entitled to rely on communications from an Administrator when servicing Customer’s account. Depending on the version purchased by Customer, Customer’s Administrator(s) may have the ability to access, monitor, use, and/or export Customer Data. Customer is responsible for maintaining the security of End User accounts and passwords.

1.6 Compliance. Customer is responsible for use of the Service by its End Users and for their compliance with this Agreement. Customer is solely responsible for the accuracy, quality, legality, reliability, and appropriateness of all Customer Data. Customer shall ensure that it is entitled to transfer the relevant Customer Data to CheckFlow so that CheckFlow and its service providers may lawfully use, process, and transfer the Customer Data in accordance with this Agreement on Customer’s behalf. Customer shall promptly notify CheckFlow if it becomes aware of any unauthorized use of or access to Customer’s account or the Service.

1.7 Suspension. CheckFlow may request that Customer suspend the account of any End User who (a) violates this Agreement or CheckFlow’s User Terms of Service; or (b) is using the Service in a manner that CheckFlow reasonably believes may cause a security risk, a disruption to others’ use of the Service, or liability for CheckFlow. If Customer fails to promptly suspend or terminate such End User’s account, CheckFlow reserves the right to do so.

1.8 Customer’s Use of Third Party Services. Customer may install or enable third party services for use with the Service, such as online applications, offline software products, or services that utilize the CheckFlow API in connection with Customer’s use of the Service (“Third Party Services”). Any acquisition and use by Customer or its End Users of such Third Party Services is solely the responsibility of Customer and the applicable third party provider. Customer acknowledges that providers of such Third Party Services may have access to Customer Data in connection with the interoperation and support of such Third Party Services with the Service. To the extent Customer authorizes the access or transmission of Customer Data through a Third Party Service, CheckFlow shall not be responsible for any use, disclosure, modification, or deletion of such Customer Data or for any act or omission on the part of the third party provider or its service.

1.9 Trial Subscriptions. Customer may access a version of the Service on a trial basis (a “Trial”) subject to the terms of this Agreement; provided, however, the following additional terms shall apply to its Trial notwithstanding anything to the contrary herein: (a) CheckFlow shall have the right to terminate a Trial at any time and for any reason; (b) CheckFlow is providing the Service “as is” and makes no warranties (express or implied) of any kind with respect to the Service during the Trial; and (c) CheckFlow shall have no obligation to indemnify Customer.

2 Warranties.

2.1 By CheckFlow. CheckFlow warrants that during the applicable Subscription Term (a) the Service shall perform materially in accordance with the applicable Documentation; and (b) CheckFlow shall not materially decrease the functionality of the Service.

2.2 By Customer. Customer warrants that (a) this Agreement is legally binding upon it and enforceable in accordance with its terms; (b) it has obtained all legally required consents and permissions from End Users for the submission and processing of personal data through the Service; and (c) the transfer and processing of Customer Data under the Agreement is lawful.

2.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS SECTION, TO THE FULLEST EXTENT PERMITTED BY LAW, THE PROFESSIONAL SERVICES, SERVICE, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND CHECKFLOW AND ITS AFFILIATES EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT CHECKFLOW DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. CHECKFLOW IS NOT RESPONSIBLE FOR AND DISCLAIMS ALL LIABILITY RELATED TO DELAYS, DELIVERY FAILURES, INTERCEPTION, ALTERATION, OR OTHER DAMAGE RESULTING FROM MATTERS OUTSIDE OF ITS CONTROL, INCLUDING PROBLEMS INHERENT IN THE USE OF THE INTERNET, MOBILE AND PERSONAL COMPUTING DEVICES, TRANSMISSION OF ELECTRONIC COMMUNICATIONS OVER THE INTERNET OR OTHER NETWORKS, AND THIRD PARTY HOSTING SERVICE PROVIDERS.

3 Fees and Payment.

3.1 Subscription Fees. Customer’s Subscription fees are set forth in the applicable Order Form and are based on the number of End Users and version of the Service purchased. Customer shall pay all fees when due and is responsible for providing complete and accurate billing information to CheckFlow. If such fees are being paid via credit card or other electronic means, Customer authorizes CheckFlow to charge such fees using Customer’s selected payment method. Payment obligations are non-cancelable and fees paid are non-refundable unless otherwise provided herein. The number of End Users purchased under a Subscription cannot be decreased during the applicable Subscription Term. If Customer requires the use of a purchase order or purchase order number, Customer shall provide the purchase order number at the time of purchase. Where Customer designates use of a third-party payment processor network (such as a payment agent, for example), Customer shall be responsible for payment of all fees and charges associated with use of such network. CheckFlow reserves the right to suspend Customer’s account, in addition to all of its other available rights and remedies, in the event that Customer’s account becomes overdue. Suspension shall not relieve Customer’s obligation to pay amounts due.

3.2 Auto-renewal. Customer agrees that its Subscription will automatically renew on an annual or monthly basis depending on Customer’s Subscription (the “Renewal Date”). Customer authorizes CheckFlow to automatically charge Customer for the applicable fees on or after the Renewal Date unless the Subscription has been terminated or cancelled in accordance with this Agreement. If Customer wishes to reduce the number of End Users in its Subscription, it must do so prior to the Renewal Date. Customer must cancel its Subscription prior to the Renewal Date in order to avoid billing of the next period’s Subscription fees. Customer can cancel its Subscription anytime online by going into its account settings and following the instructions provided. If Customer chooses to cancel its Subscription during the Subscription Term, Customer may use the Service until the end of Customer’s then-current Subscription Term, but will not be issued a refund for the most recently (or any previously) charged fees.

3.3 Calculation. Subscription fees are based on annual or monthly periods (or pro rata portions thereof, calculated on a daily basis) that begin on the Subscription start date and each annual or monthly anniversary thereof. Subscriptions to the Service are sold on a tiered basis based on the number of End Users. Customer shall purchase a Subscription to the Service for each End User, and the initial number of End Users and tier is reflected in the applicable Order Form. Customer may add End Users to its Subscription at any time, in this case a new invoice is created with the pro rata rate for the remaining period in Customer's Subscription Term. CheckFlow reserves the right to revise fee rates and/or the billable amount structure for the Service at any time and will provide Customer with notice pursuant to Section 11.4 below) of any such changes at least twenty (20) days prior. CheckFlow may charge Customer the then-current pricing for the applicable Subscription if the number of End Users is modified and/or if Customer changes its Subscription plan.

3.4 Taxes. Any fees charged to Customer are exclusive of taxes. Except for those taxes based on CheckFlow’s net income, Customer shall be responsible for all applicable taxes in connection with this Agreement including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties. Should any payment for the Service be subject to withholding tax by any government, Customer shall reimburse CheckFlow for such withholding tax.

3.5 Future Features and Functionality. Customer agrees that any purchases under this Agreement are not contingent on the delivery of any future feature or functionality or dependent on any oral or written public or private comments made by CheckFlow regarding future features or functionality. CheckFlow may release Improvements and other features and functionality in its discretion. Some features and functionality may be available only with certain versions of the Service.

4 Term and Termination.

This Agreement commences on the Effective Date and shall remain in effect until all Subscriptions to the Service granted in accordance with this Agreement have expired or been terminated. Either party may terminate this Agreement if the other party: (a) is in material breach of this Agreement and fails to cure such breach within twenty (20) days following receipt of written notice from the non-breaching party, except that termination will take effect on notice in the event of a breach of Section 1.3 (“Usage Restrictions”); or (b) ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within sixty (60) days. Upon expiration or termination of this Agreement for any reason, all Subscriptions and any other rights granted to Customer under this Agreement shall immediately terminate, and CheckFlow may immediately deactivate Customer’s account(s) associated with the Agreement. In no event will any termination relieve Customer of the obligation to pay any fees accrued or payable to CheckFlow. The following sections shall survive expiration or termination of this Agreement: Sections 1.3 (“Usage Restrictions”), 2 (“Warranties”), 3.1 (“Subscription Fees”), 3.4 (“Taxes”), 4 (“Term and Termination”), 5 (“Confidentiality”), 6 (“Intellectual Property Rights”), 7 (“Indemnification”), 8 (“Liability”), 9 (“Export Compliance”), 10 (“Use Outside the United States of America”), 11 (“Miscellaneous”), and 12 (“Definitions”).

5 Confidentiality.

5.1 Definition of Confidential Information. During the course of performance under this Agreement, each party may make available to the other party information that is not generally known to the public and at the time of disclosure is either identified as, or should reasonably be understood by the receiving party to be, proprietary or confidential (the “Confidential Information”). Confidential Information specifically includes, but is not limited to, the Service, any Order Form(s) entered into by the parties, Customer Data, Results, business plans, product plans and roadmaps, strategies, forecasts, projects and analyses, financial information and fee structures, business processes, methods and models, and technical documentation. Confidential Information does not include information that (a) is or becomes publicly available without breach of this Agreement by the receiving party; (b) was known to the receiving party prior to its disclosure by the disclosing party; (c) is or was independently developed by the receiving party without the use of any Confidential Information of the disclosing party; or (d) is or was lawfully received by the receiving party from a third party under no obligation of confidentiality.

5.2 Protection of Confidential Information. Except as otherwise expressly permitted under this Agreement, with the express prior written consent of the disclosing party, or as required by law, the receiving party will not disclose, transmit, or otherwise disseminate to a third party any Confidential Information of the disclosing party. The receiving party will use the same care and discretion with respect to the Confidential Information received from the disclosing party as it uses with its own similar information, but in no event less than a reasonable degree of care. The receiving party may disclose the disclosing party’s Confidential Information to its employees, Affiliates, consultants, subcontractors, agents, or advisors (“Representatives”) who have a strict need to access the Confidential Information for the purpose of performing under this Agreement and only to those who are obligated to maintain the confidentiality of such Confidential Information upon terms at least as protective as those contained in this Agreement. Either party may disclose the terms of this Agreement to potential parties to a bona fide fundraising, acquisition, or similar transaction solely for purposes of the proposed transaction, provided that any such potential party is subject to written non-disclosure obligations and limitations on use no less protective than those set forth herein.

5.3 Equitable Relief. The receiving party acknowledges that the remedy at law for breach of this Section 5 may be inadequate and that, in addition to any other remedy the disclosing party may have, it shall be entitled to seek equitable relief, including, without limitation, an injunction or injunctions (without the requirement of posting a bond, other security or any similar requirement or proving any actual damages), to prevent breaches or threatened breaches of this Section 5 by the receiving party or any of its Representatives and to enforce the terms and provisions of this Section 5 in addition to any other remedy to which the disclosing party is entitled at law or in equity.

5.4 Compelled Disclosure. The receiving party may access and disclose Confidential Information of the disclosing party if legally required to do so in connection with any legal or regulatory proceeding; provided, however, that in such event the receiving party will, if lawfully permitted to do so, notify the disclosing party within a reasonable time prior to such access or disclosure so as to allow the disclosing party an opportunity to seek appropriate protective measures. If the receiving party is compelled by law to access or disclose the disclosing party’s Confidential Information as part of a civil proceeding to which the disclosing party is a party, the disclosing party will reimburse the receiving party for the reasonable costs of compiling and providing secure access to such Confidential Information. Receiving party will furnish only that portion of the Confidential Information that is legally required to be disclosed, and any Confidential Information so disclosed shall maintain its confidentiality protection for all purposes other than such legally compelled disclosure.

5.5 Sensitive/Personal Information. Customer agrees that it shall not use the Service to send or store personal information subject to special regulatory or contractual handling requirements (e.g., Payment Card Industry Data Security Standards, and any similar data protection laws) including without limitation: credit card information, credit card numbers and magnetic stripe information, social security numbers, driver’s license numbers, passport numbers, government issued identification numbers, health-related information, biometric data, financial account information, personally identifiable information collected from children under the age of 13 or from online services directed toward children, and real time geo-location data which can identify an individual, or information deemed “sensitive” under applicable law (such as racial or ethnic origin, political opinions, or religious or philosophical beliefs).

6 Intellectual Property Rights.

6.1 By Customer. Customer owns all right, title, and interest in and to Customer Confidential Information and Customer Data, including all related Intellectual Property Rights. Customer grants CheckFlow and its authorized third party service providers a worldwide, non-exclusive license to host, copy, access, process, transmit, and display Customer Data: (a) to maintain, provide, and improve the Service and perform under this Agreement; (b) to prevent or address technical or security issues and resolve support requests; (c) to investigate in good faith an allegation that an End User is in violation of this Agreement or the CheckFlow User Terms of Service; or (d) at Customer’s direction or request or as permitted in writing by Customer.

6.2 By CheckFlow. CheckFlow owns and will continue to own all right, title, and interest, including all related Intellectual Property Rights, in and to its Confidential Information, Results, and the Service, including any enhancements, customizations, or modifications thereto. Where Customer purchases Professional Services hereunder, CheckFlow grants to Customer a non-sublicensable, non-exclusive license to use any reports and other materials developed by CheckFlow as a result of the Professional Services (“Results”) solely in conjunction with Customer’s authorized use of the Service and in accordance with this Agreement.

6.3 Suggestions. CheckFlow welcomes feedback from its customers about the Service and Professional Services. If Customer (including any End User) provides CheckFlow with any feedback or suggestions regarding the Service or Professional Services (“Feedback”), CheckFlow may use, disclose, reproduce, sublicense, or otherwise distribute and exploit the Feedback without restriction or any obligation to Customer or any End User provided that CheckFlow shall not identify Customer or any End User as the source of such Feedback.

7 Indemnification.

7.1 By Customer. Customer shall defend CheckFlow, its Affiliates, and their employees, officers, and directors (together, the “CheckFlow Indemnified Parties”) from and against third party claims, actions, and demands arising from allegations that Customer Data, unauthorized use of the Service by Customer or its End Users, or CheckFlow’s processing of data pursuant to Customer’s instructions infringes a third party’s Intellectual Property Right or privacy right (each, a “Claim Against CheckFlow”), and Customer shall indemnify and hold the CheckFlow Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against CheckFlow Indemnified Parties as a result of, or for any amounts paid by the CheckFlow Indemnified Parties under a Customer-approved settlement of, a Claim Against CheckFlow.

7.2 By CheckFlow. CheckFlow shall defend Customer, its Affiliates, and their employees, officers, and directors (together the “Customer Indemnified Parties”) from and against third party claims, actions, and demands alleging that Customer’s authorized use of the Service infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of that third party (each, a “Claim Against Customer”), and CheckFlow shall indemnify and hold the Customer Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Customer Indemnified Parties as a result of, or for any amounts paid by the Customer Indemnified Parties under an CheckFlow-approved settlement of, a Claim Against Customer; provided, however, in no event will CheckFlow have any obligations or liability under this Section 7.2 to the extent a Claim Against Customer arises from: (a) Customer or any End User’s use of the Service other than as permitted under this Agreement; or (b) use of the Service in a modified form or in combination with products, services, content, or data not furnished to Customer by CheckFlow.

7.3 Potential Infringement. If the Service becomes, or in CheckFlow’s reasonable judgment is likely to become, the subject of a claim of infringement, then CheckFlow may in its sole discretion: (a) obtain the right, at CheckFlow’s expense, for Customer to continue using the Service; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Service so that it is no longer infringing. If CheckFlow, in its sole and reasonable judgment, determines that none of the above options are commercially reasonable, then CheckFlow may suspend or terminate Customer’s use of the Service, in which case CheckFlow’s sole liability (in addition to its obligations under Section 7.2) shall be to provide Customer with a prorated refund of any prepaid, unused fees applicable to the remaining portion of the Subscription Term. Sections 7.2 and 7.3 state CheckFlow’s sole liability and the Customer Indemnified Parties’ exclusive remedy for infringement claims.

7.4 Indemnification Process. The party seeking indemnification shall provide prompt notice to the indemnifying party concerning the existence of an indemnifiable claim and shall promptly provide the indemnifying party with all information and assistance reasonably requested and otherwise cooperate fully with the indemnifying party in defending the claim. Failure to give prompt notice shall not constitute a waiver of a party’s right to indemnification and shall affect the indemnifying party’s obligations under this Agreement only to the extent that the indemnifying party’s rights are materially prejudiced by such failure or delay. The indemnifying party shall have full control and authority over the defense of any claim; provided, however, that any settlement requiring the party seeking indemnification to admit liability or make any financial payment shall require such party’s prior written consent, not to be unreasonably withheld or delayed.

8 Liability.

8.1 Limitation of Liability. EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 (“INDEMNIFICATION”), IN NO EVENT SHALL EITHER PARTY’S OR ITS AFFILIATES’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER HEREUNDER IN THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY.

8.2 Exclusion of Consequential and Related Damages. IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES, OR LOSS OF USE, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

8.3 The provisions of this Section 8 allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement.

9 Export Compliance.

The Service may be subject to export laws and regulations of the United Kingdom (U.K.) and other jurisdictions. Customer represents that neither it nor any of its End Users are named on any U.K. government denied-party list. Customer shall not permit any End User to access or use any Service in a U.K. embargoed country or region or in violation of any U.K. export law or regulation. Customer and its End Users shall not use the Service to export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.K. in connection with this Agreement without first complying with all export control laws and regulations that may be imposed by the U.K. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.

10 Use Outside the United Kingdom.

The Service is controlled and operated by CheckFlow from its offices in the United Kingdom. Except as explicitly set forth herein, CheckFlow makes no representations that the Services are appropriate for use in other jurisdictions. Those who access or use the Service from other jurisdictions do so at their own risk and are responsible for compliance with local laws. CheckFlow may offer services in other jurisdictions that are subject to different terms and conditions. In such instances, the terms and conditions governing those non-U.K. services shall take precedence over any conflicting provisions in this Agreement.

11 Miscellaneous.

11.1 Prior Versions. If you were an existing Customer prior to August 30, 2019, the prior version of this Agreement you agreed to when subscribing to the Service will continue to apply to you until you are otherwise notified in accordance with the terms of that agreement.

11.2 Governing Law; Venue. This Agreement and any disputes arising under it will be governed by the laws of the United Kingdom without regard to its conflict of laws provisions, and each party consents to the personal jurisdiction and venue of the courts located in the United Kingdom. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

11.3 Informal Dispute Resolution and Arbitration. The parties agree that most disputes can be resolved without resort to litigation. The parties agree to use their best efforts to settle any dispute directly through consultation with each other before initiating a lawsuit or arbitration. If, after good faith negotiations the parties are unable to resolve the dispute, the parties agree that any and all disputes arising out of or in any way relating to this Agreement, including without limitation its existence, validity or termination, shall be resolved according to United Kingdom law and exclusively by binding arbitration before a single arbitrator with the Judicial Arbitration and Mediation Service (JAMS) and pursuant to the then existing arbitration rules at JAMS. If the parties cannot agree upon selection of an arbitrator, then JAMS shall appoint an arbitrator experienced in the enterprise software industry. The place of the arbitration will be London, United Kingdom unless otherwise agreed upon by the parties. The arbitration will be conducted in English. The arbitrator shall provide detailed written findings of fact and conclusions of law in support of any award. Judgment upon any such award may be enforced in any court of competent jurisdiction. The parties further agree that the arbitration shall be conducted in their individual capacities only and not as a class action or other representative action, and the parties expressly waive their right to file a class action or seek relief on a class basis. If any court or arbitrator determines that the class action waiver set forth herein is void or unenforceable for any reason or that an arbitration can proceed on a class basis, then the portions of Section 11.3 mandating arbitration shall be deemed null and void in its entirety and the parties shall be deemed to have not agreed to arbitrate disputes. Customer may opt out and not be bound by the arbitration and class action waiver provisions by sending written notice to CheckFlow. The notice must be sent within thirty (30) days of the Effective Date of this Agreement between Customer and CheckFlow. If Customer opts out of arbitration, CheckFlow also will not be bound to arbitrate. Notwithstanding the foregoing, either party shall be entitled to seek injunctive relief as set forth in Section 5.3 (“Equitable Relief”) above and to stop unauthorized use of the Service or infringement of Intellectual Property Rights. Disputes, claims, or controversies concerning either party’s Intellectual Property Rights or claims of piracy or unauthorized use of the Service shall not be subject to arbitration. The parties further agree that the prevailing party in any action or proceeding to enforce any right or provisions under this Agreement, including any arbitration or court proceedings, will be entitled to recover its reasonable costs and attorneys’ fees.

11.4 Notice. CheckFlow may give general notices related to the Service that are applicable to all customers by email, text, in-app notifications, or by posting them on the CheckFlow website or through the Service and such electronic notices shall be deemed to satisfy any legal requirement that such notices be made in writing. Other notices must be sent via email, first class, airmail, or overnight courier to the addresses of the parties provided herein or via an Order Form and are deemed given when received. Notices to CheckFlow must be sent to CheckFlow Legal at with a copy to CheckFlow Ltd., International House, 24 Holborn Viaduct, London, EC1A 2BN, United Kingdom.

11.5 Publicity. CheckFlow may include Customer’s name and logo in CheckFlow’s online customer list and in print and electronic marketing materials.

11.6 Beta Access. Customer may be invited to participate in review and testing of pre-release versions of new and beneficial tools and Service enhancements which may be identified to Customer as “alpha,” “beta,” “preview,” “pre-release,” “early access,” or “evaluation” product or services (collectively, the “Beta Tests” and such pre-release functionality, the “Beta Product”). Customer acknowledges and understands that its participation in Beta Tests is not required and is at Customer’s own risk, and that Beta Products are made available on an “as is” basis without warranties (express or implied) of any kind, and may be discontinued or modified at any time. Beta Products are for evaluation and testing purposes, not for production use, not supported, not subject to availability or security obligations, and may be subject to additional terms. CheckFlow shall have no liability for any harm or damage arising out of or in connection with Beta Products. The Beta Products, including without limitation Customer’s assessment of any Beta Product, are Confidential Information of CheckFlow.

11.7 Relationship of the Parties. The parties are and shall be independent contractors with respect to all services provided under this Agreement. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. Without limiting this Section, a Customer’s End Users are not third-party beneficiaries to Customer’s rights under this Agreement.

11.8 Force Majeure. CheckFlow shall not be liable for delayed or inadequate performance of its obligations hereunder to the extent caused by a condition that is beyond CheckFlow’s reasonable control, including but not limited to natural disaster, civil disturbance, acts of terrorism or war, labor conditions, governmental actions, interruption or failure of the Internet or any utility service, failures in third-party hosting services, and denial of service attacks (each a “Force Majeure Event”). CheckFlow shall be relieved from its obligations (or part thereof) as long as the Force Majeure Event lasts and hinders the performance of said obligations (or part thereof). CheckFlow shall promptly notify Customer and make reasonable efforts to mitigate the effects of the Force Majeure Event.

11.9 Severability; No Waiver. In the event that any provision of this Agreement is found to be invalid or unenforceable pursuant to any judicial decree or decision, such provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and remain enforceable between the parties. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision.

11.10 Assignment. Neither this Agreement nor any of the rights and licenses granted under this Agreement may be transferred or assigned by either party without the other party’s express written consent (not to be unreasonably withheld or delayed); provided, however, that either party may assign this Agreement and all Order Forms under this Agreement upon written notice without the other party’s consent to an Affiliate or to its successor in interest in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the non-assigning party. Any other attempt to transfer or assign this Agreement will be null and void. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.

11.11 Modifications. CheckFlow may revise this Agreement from time to time by posting the modified version on its website. If, in CheckFlow’s sole discretion, the modifications proposed are material, CheckFlow shall provide Customer with notice in accordance with Section 11.4 at least twenty (20) days prior to the effective date of the modifications being made. By continuing to access or use the Service after the posted effective date of modifications to this Agreement, Customer agrees to be bound by the revised version of the Agreement.

11.12 Entire Agreement. This Agreement, including all attachments, exhibits, addendums, and any Order Form(s) hereunder, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes and replaces any prior or contemporaneous representations, understandings and agreements, whether written or oral, with respect to its subject matter. The parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this agreement, express or implied, except for the representations and warranties set forth in this Agreement. To the extent of any conflict or inconsistency between the provisions of the Agreement and any Order Form, the Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process, web portal, or any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

12 Definitions.

12.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means either: (a) ownership or control of more than 50% of the voting interests of the subject entity; or (b) the power to direct or cause the direction of the management and policies of an entity, whether through ownership, by contract, or otherwise.

12.2 “Customer Data” means information submitted by an End User through the Service, including all associated messages, attachments, files, tasks, templates, checklists, team names, groups, conversations, and other similar content.

12.3 “Documentation” means CheckFlow’s then-current online user guides, as updated from time to time, and made accessible from within the “Help” feature of the Service.

12.4 “End User” means an individual who is authorized by Customer to use the Service under Customer’s account. End Users may include, without limitation, Customer’s or its Affiliates’ employees, consultants, contractors and agents.

12.5 “Intellectual Property Rights” means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

12.6 “Improvements” means new features, functionality, enhancements, upgrades, error corrections and bug fixes to the Service made generally available by CheckFlow at no additional charge.

12.7 “Order Form” means an ordering document or an online order set forth in the Service interface entered into between Customer and CheckFlow (or Affiliates of either party) specifying the Service or Professional Services (if any) to be provided under this Agreement.

12.8 “Professional Services” means the customer success services provided by CheckFlow, as specified in the applicable Order Form.

12.9 “Service” means CheckFlow’s collaboration work management software as a service platform, including any Improvements, as described in the applicable Order Form.

12.10 “Subscription” means the access to the Service purchased by Customer on a per End User basis.

12.11 “Subscription Term” means the period identified in the Order Form during which Customer’s End Users are permitted to use or access the Service pursuant to the terms set forth in this Agreement.

Acceptable Use Policy

Effective Date: August 30th, 2019

All users of the CheckFlow Service are expected to comply with this Acceptable Use Policy.

Acceptable Use of the Service

  1. Disruption of the Service. You may not:

    1. access, tamper with, or use non-public areas of the Service, CheckFlow’s computer systems, or the technical delivery systems of CheckFlow’s providers;
    2. probe, scan, or test the vulnerability of any system or network or breach or circumvent any security or authentication measure;
    3. access or search the Service by any means other than CheckFlow’s publicly supported interfaces (for example, “scraping”);
    4. attempt to disrupt or overwhelm our infrastructure by intentionally imposing unreasonable requests or burdens on our resources (e.g. using “bots” or other automated systems to send requests to our servers at a rate beyond what could be sent by a human user during the same period of time)
    5. interfere with or disrupt the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service, or by scripting the creation of Content in such a manner as to interfere with or create an undue burden on the Service.
  2. Misuse of the Service. You may not utilize the Service to carry out, promote or support:

    1. any unlawful or fraudulent activities;
    2. the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity in a manner that does or is intended to mislead, confuse, or deceive others;
    3. activities that are defamatory, libelous or threatening, constitute hate speech, harassment, or stalking;
    4. the publishing or posting other people’s private or personally identifiable information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission;
    5. the sending unsolicited communications, promotions advertisements, or spam;
    6. the publishing of or linking to malicious content intended to damage or disrupt another user’s browser or computer; or
    7. promotion or advertisement of products or services other than your own without appropriate authorization.
  3. Content Standards Within the Service. You may not post any Content on the Service that:

    1. violates of any applicable law, any third party’s intellectual property rights, or anyone’s right of privacy or publicity;
    2. is deceptive, fraudulent, illegal, obscene, pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited children), defamatory, libelous or threatening, constitutes hate speech, harassment, or stalking;
    3. contains viruses, bots, worms, or similar harmful materials; or
    4. contains any information that you do not have a right to make available under law or any contractual or fiduciary duty.
  4. Violations of this Acceptable Use Policy. In addition to any other remedies that may be available to us, CheckFlow reserves the right to immediately suspend or terminate your account or your access to the Service upon notice and without liability for CheckFlow should you fail to abide by this Acceptable Use Policy. If you are a user of the Service under your employer or organization’s account, CheckFlow reserves the right to notify your employer or organization of any violations of this Acceptable Use Policy.

  5. Modifications. CheckFlow may amend or modify this Acceptable Use Policy from time to time in its sole and reasonable discretion. We will post any such changes on our website. If you object to any such change(s), your sole recourse shall be to cease using the Service. Continued use of the Service following notice of any such changes shall constitute your acknowledgement and acceptance of such changes.

For questions about these or any CheckFlow terms or policies, email us at terms@checkflow.io

Cookies Policy

Effective Date: August 30th, 2019

We use and allow certain other companies to use cookies, web beacons, and other similar technologies (collectively “Cookies”) on our Services. We do this to understand your use of our Services; improve your user experience and enable personalized features and content; optimize our advertisements and marketing; and to enable third-party advertising companies to assist us in serving ads specific to your interests across the Internet. You can find more information about Cookies at: www.allaboutcookies.org.

What are Cookies?

Cookies are text files containing small amounts of information which are downloaded to the browser that you use when you visit a site. The entity that places cookies on your browser can then read the information on that cookie that it set. Cookies are typically classified as either “session cookies” which do not stay on your device after you close your browser or “persistent cookies” which will usually remain on your device until you delete them or they expire. Different cookies are used to perform different functions:

  • Essential Cookies: Some cookies are essential and enable you to move around the Services and use their features, such as accessing secure areas of the Services. Without these cookies, we cannot enable appropriate content based on the type of device you are using.
  • Functionality Cookies: These cookies allow us to remember choices you make on our websites (such as your preferred language or the region you are in).
  • Personalization Cookies: We also use cookies to change the way our Services behave or look in order to personalize your experience from information we infer from your behavior on our Services or information we may already know about you because, for example, you are a registered user. These cookies may be used to tailor the Services or the content, look and feel delivered to you on subsequent sessions to our Services. For example, if you personalize webpages, or use specific parts of the Services, a cookie helps our webpage server recall your specific information. When you next use the Services, the information you previously provided can be retrieved, so you can easily use the Services features that you previously chose.
  • Analytics Cookies: We use our own cookies and/or third-party cookies and other identifiers (such as web beacons) to see how you use our Services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies and web beacons may be used to: maintain a consistent look and feel across our Services; track and provide trend analysis on how our users interact with our Services; track errors and measure the effectiveness of our promotional campaigns.
  • Cross-Device Cookies: Sometimes, we may use cookies in combination with the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Services.

Third-Party Cookies

Please note that third parties (including for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies on our Services. We used trusted partners like Google AdWords to help us service advertising. We also use Google Analytics on our Services to help us analyze how our Services are used. Google Analytics uses performance cookies to track visitor interactions. For example, by using cookies, Google can tell us which pages our users view, which are most popular, what time of day our websites are visited, whether visitors have been to our websites before, what website referred the visitor to our websites, and other similar information. We have little control over these “third party” cookies, so we suggest that you check the respective privacy policies for these external services to help you understand what data these organizations hold about you and what they do with it.

Web Beacons

We may also use electronic images known as web beacons on our Services - sometimes called “clear GIFs”, “single-pixel GIFs”, or “web bugs”. Web beacons are used to deliver cookies on our Services, count clicks/users/visitors, and deliver co-branded content or services. We may include web beacons in our promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. Our Services may also contain web beacons from third parties to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other website operations. These web beacons may allow the third parties to set or read cookies on your device.

Controlling Cookies

There are a number of ways you can manage what cookies are set on you devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance, features, or Services of the website may be compromised.

1. Advertising Cookies

If you would like to disable advertising cookies, you can visit http://www.youronlinechoices.com. If you choose to turn off these cookies you will still see advertising on the internet but it may not be tailored to your interests. It does not mean that you won’t be served any advertisements while online. You can also manage this type of cookie in the privacy settings on the web browser you are using. Please see below for more information.

2. Browser Settings

You can disable and/or delete most types of cookies by using your browser settings. Please note that if you use your browser settings to block all cookies you may not be able to access parts of our or others’ services. The following links provide information on how to modify the cookies settings on some popular browsers:

3. Cross-Device Cookies

If you wish to opt out of our ability to track you across devices, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Do Not Track Signals

There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.

More Information

If you have any questions about how we use cookies, you can contact us at terms@checkflow.io.

DMCA Policy

Effective Date: August 30th, 2019

We respect artist and content owner rights and we expect our users to do the same. It is our policy to respond to claims of infringement in compliance with the Digital Millennium Copyright Act of 1998 (“DMCA”). If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement that is taking place through the Service, please complete the following DMCA Notice and deliver it to our Designated DMCA Agent at the contact information provided below.

You must provide the following information in writing in your DMCA Notice:

  1. Identify the copyrighted work that you claim has been infringed;
  2. Identify the material that is claimed to be infringing and where it is located on the Service;
  3. Provide reasonably sufficient information to permit us to contact you, such as your address, telephone number, and, e-mail address;
  4. Provide a statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law;
  5. Provide a statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner; and
  6. Provide an electronic or physical signature of a person authorized to act on behalf of the copyright owner;

Email the DMCA Notice, with the above information completed, to our Designated DMCA Agent at copyright@checkflow.io

UNDER FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY AND CIVIL PENALTIES, INCLUDING MONETARY DAMAGES, COURT COSTS, AND ATTORNEYS’ FEES.

In accordance with the DMCA and other applicable law, we have adopted a policy of terminating, in appropriate circumstances, users who are deemed to be repeat infringers. We may also limit access to the Service and/or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

For questions about these or any CheckFlow terms or policies, email us at terms@checkflow.io

Law Enforcement Data Request Guidelines

Effective Date: August 30th, 2019

These guidelines are intended to provide law enforcement authorities with information regarding the process for requesting records from CheckFlow. So that we can ensure compliance with our user Terms of Service and Privacy Policy, we respond only to law enforcement requests that adhere to established legal process and applicable law.

  1. Legal Requirements. A Mutual Legal Assistance Treaty (MLAT) request or letter rogatory may be required to compel the disclosure of the contents of an account.
  2. Account Preservation Requests. We will take reasonable steps to preserve account records in connection with official criminal investigations for a period of 90 days pending our receipt of a formal legal request for user data. You may request the preservation of records via email, as indicated below.
  3. Information Required in Connection With Your Request.
    1. Your Contact Information.
      1. Requesting Agency’s name
      2. Requesting Agent’s name
      3. Requesting Agent’s badge/identification number
      4. Requesting Agent’s Agency-issued Email address
      5. Requesting Agent’s telephone number, including extension
      6. Requesting Agent’s mailing address (PO Box not acceptable)
      7. Requested response date (please allow at least 3 weeks for processing)
    2. Data Request Information
      1. Full (first and last) name of the CheckFlow User
      2. Email address(es) associated with the User’s account
      3. A clear and specific description of the data being requested (we will be unable to process overly broad or vague requests)
  4. Data Availability. We will search for and disclose data that is specified with particularity in an appropriate form of legal process and which we are reasonably able to locate and retrieve.
  5. User Notification. CheckFlow’s policy is to notify users of requests for their information, which includes a copy of the request, prior to disclosure so that they may have an opportunity to challenge such request unless: (a) we are prohibited from doing so by law or court order; (b) there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors; or (c) prior notice would be counterproductive (for example, if we believe that the account in question has been hijacked). Law enforcement officials who believe that notification would jeopardize an investigation should obtain a proper court order or other appropriate process establishing that notice is prohibited. Please note that Officer authored affidavits, cover letters or similar statements are not sufficient to preclude notice to our users. Please note that in situations where a data request draws attention to an ongoing violation of our Terms of Service we may, in order to protect our service and its Users, take action to prevent any further abuse, including actions that could notify the User(s) who are the subject of your data request that we are aware of their misconduct.
  6. Submitting Your Request. A data request may be served by email at datarequest@checkflow.io

For questions about these or any CheckFlow terms or policies, email us at terms@checkflow.io

Subprocessors

Effective Date: August 30th, 2019

In connection with our provision of the Services, CheckFlow and its affiliates may engage third parties (each a “Subprocessor”) to process your Personal Data. In certain circumstances an affiliate of CheckFlow may even be a Subprocessor. As a condition of permitting a Subprocessor to process your Personal Data, CheckFlow (and its affiliates as applicable) will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organizational measures CheckFlow has put into place to protect your Personal Data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. All terms capitalized above, but not defined have the meaning set forth in CheckFlow’s User Terms of Service, Privacy Policy, and/or your applicable customer agreement with CheckFlow.

Entity Name Subprocessing Activity Entity Country
Microsoft Azure, Inc. Cloud Service Provider United States
Stripe, Inc. Payment Processor United States

As CheckFlow continues to grow, we may decide to work with new Subprocessors and will provide you with notice when that happens as required under your applicable agreement with CheckFlow.

CheckFlow’s Commitment to GDPR Compliance

Effective Date: August 30th, 2019

The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. CheckFlow has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps CheckFlow has taken to align its practices with the GDPR include:

  • Revisions to our policies and contracts with our partners, vendors, and users
  • Enhancements to our security practices and procedures
  • Closely reviewing and mapping the data we collect, use, and share
  • Creating more robust internal privacy and security documentation
  • Training employees on GDPR requirements and privacy/security best practices generally
  • Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of CheckFlow’s GDPR compliance program and how customers can use CheckFlow to support their own GDPR compliance initiatives.

Data Processing Agreements

Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). CheckFlow offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which CheckFlow commits to process and safeguard personal data in accordance with GDPR requirements. This includes CheckFlow’s commitment to process personal data consistent with the instructions of the data controller.

International Data Transfers

As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework, including the United States. To comply with this requirement, CheckFlow is certified under the EU-US Privacy Shield framework, which requires it to maintain certain safeguards for personal data transferred to the United States. Additionally, CheckFlow offers customers who are data controllers of EU personal data the option to enter into EU Model Contractual Clauses with us upon request.

Data Access, Management, and Portability Tools

The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. CheckFlow is committed to facilitating data subject requests consistent with the GDPR, as further described in our Privacy Policy.

Privacy Documentation

At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. CheckFlow shares the GDPR’s commitment to these principles, and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. You can learn more about how CheckFlow collects, uses, and discloses personal data by visiting CheckFlow’s Privacy Policy.

Data Security

The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for CheckFlow: we have implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and using the latest security features available to us in Microsoft Azure. CheckFlow also offers customers the ability to use additional security controls to further enhance the security of their teams’ data. For more information, please see our (TODO: Security Statement) Security Statement.

Ongoing Compliance and Communication

The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at privacy@checkFlow.io.

CheckFlow’s Statement on Security

CheckFlow has been built with security as our top priority. Protecting your data is extremely important to us.

Our security strategy covers all aspects of our business, including:

  • CheckFlow corporate security policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our system architecture
  • Data model access control in CheckFlow
  • Systems development and maintenance
  • Service development and maintenance
  • Regularly working with third party security experts

CheckFlow Corporate Security Policies & Procedures

Every CheckFlow employee signs a Data Access Policy that binds them to the terms of our data confidentiality policies, available in our Terms & Policies. Access rights are based on employee’s job function and role.

Security in our Software Development Lifecycle

CheckFlow uses the Microsoft Team Foundation Version Control (TFVC) system. Changes to CheckFlow’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein CheckFlow employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. CheckFlow engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.

In addition to a list where all access control changes are published, we have a suite of automated unit tests that check that access control rules are written correctly and enforced as expected. We also work with third-party security professionals to:

  • Test our code for common exploits
  • Use network scanning tools against our production servers

Security at the CheckFlow office

Our office is secured via keycard access which is logged, and visitors are recorded at our front desk.

We monitor the availability of our office network and the devices on it. We collect logs produced by networking devices such as firewalls, DNS servers, DHCP servers, and routers in a central place. The network logs are retained for the security appliance (firewall), wireless access points, and switches.

CheckFlow Architecture & Scalability

Scalability/Reliability of Architecture

CheckFlow uses an elastic pool of Microsoft SQL Azure databases to manage user data. We take a full backup every week, differential backups every 12 hours, and transaction log backups every 5-10 minutes. The backups are stored in storage blobs that are geo-replicated to a paired data center for protection against a data center outage. All this means that in the event of a disaster we would be able to quickly restore your data to within the last 10 minutes.

We currently host data in secure SSAE 16 audited data centers via Microsoft Azure in the United States.

Encrypted Transactions

Web connections to the CheckFlow service are via TLS 1.2 and above.

Data Center Security

Microsoft Azure

Microsoft employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Microsoft’s physical security processes, please visit https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security.

Product Features

Administrator Management Features

  • Authentication - CheckFlow authenticates users via a two-factor (2FA) authentication process. When a new user is registered the user will have to confirm their email using a token link sent to their registered email address.
  • User Management - Administrators can see user activity, and modify user status and permissions from a central administration interface.

User Features

  • Privacy, Visibility, & Sharing Settings - Users determine who can access different categories of data like Checklists, Tasks and Templates. Access to a CheckFlow Team is only possible by invitation from a Team Administrator. You can limit a user’s access by inviting them as a Guest.

Privacy

CheckFlow’s privacy policy, which describes how we handle data input into CheckFlow, can be found here.

Availability

We are committed to making CheckFlow consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Want to report a security concern?

Email us at security@checkflow.io.