Updated: August 1, 2015

At ProcedureFlow, we believe privacy goes hand in hand with security and confidentiality. They are very important to us and we take each of them very seriously. ProcedureFlow is the custodian of data on behalf of our users. We don't own any user data. Any data you publish in ProcedureFlow is, by default, private to your organization. That is, viewing the data published within a specific organization requires authentication as a member of that organization.

This privacy policy is here to help you understand what information we collect at ProcedureFlow, how we use it, and what choices you have. When we talk about ProcedureFlow in this policy, we are talking about GEMBA Software Solutions Inc. (the company that owns ProcedureFlow) and the ProcedureFlow website at procedureflow.com.

This policy describes how ProcedureFlow treats your information, not how other organizations treat your information. If you are using ProcedureFlow in a workplace or on a device or account issued to you by your employer or another organization, that organization likely has its own policies regarding storage, access, modification, deletion, and retention of data which may apply to your use of ProcedureFlow. Data that would otherwise be considered private to you or to a limited group of people will be accessible by your Organizational Administrator, who has complete control over and can access all data published within the organization's ProcedureFlow environment.

Information we collect and receive

We collect different kinds of information. Some of it is personally identifiable and some is non-identifying or aggregated. Here are the types of information we collect or receive:

• Account and Profile information. When you create an account in ProcedureFlow, we collect your name, email address, password, and organization name. Optionally, you can also individually add email addresses for people you'd like to invite to join your organization's ProcedureFlow environment.
• Billing information. For billing purposes, we collect the following information: organization name, organization address, contact name, email address and telephone number, PO number (if required), number of active users, and Accounts Payable contact name, email address and telephone (if different from the organization's primary contact).
• Log data. When you use ProcedureFlow, our servers automatically record information, including information that your browser sends whenever you visit a website. This log data may include your Internet Protocol (IP) address, your geographic information based on your IP address, your browser type, settings, configuration and plug-ins, language preferences, and cookie data.
• Information from partners or other 3rd parties. ProcedureFlow may receive information from partners or other third parties that we could use to make our own information better or more useful. This might be aggregate level information about where in the world an IP address is located or it might be more specific information such as how well an online marketing or email campaign is performing.

Our cookie policy

ProcedureFlow uses cookies, or similar technologies to record log data. We use both session-based and persistent cookies. Cookies are small text files sent by us to your computer and from your computer to us, each time you visit procedureflow.com. They are unique to your ProcedureFlow account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Some cookies are associated with your ProcedureFlow account and personal information in order to remember that you are logged in. Other cookies are not tied to your account but are unique and allow us to do site analytics and customization. If you access ProcedureFlow through your browser, you can manage your cookie settings there, but if you disable all cookies you may not be able to use ProcedureFlow.

In addition, we also use third parties, like Google Analytics, to gather website analytics. You may opt-out of third party cookies from Google Analytics on their website.

How we use your information

We use your information for the following:

• Providing the ProcedureFlow service. We use information you provide to authenticate you and deliver data to you and from you.
• Understanding and improving ProcedureFlow. To make our product better, we have to understand how users are using it. We have a fair bit of data about usage and we intend to use it many different ways to improve our product, including research. This policy is not intended to place any limits on what we do with usage data that is aggregated or de-identified so it is no longer tied to a specific ProcedureFlow user.
• Investigating and preventing bad stuff from happening. We work hard to keep ProcedureFlow secure and to prevent abuse and fraud.
• Communicating with you.
  • Solving your problems and responding to your requests. If you contact us with a problem or question, we will use your information to respond to that request and address your problems or concerns.
  • In-product communications. We may use information you provide to contact you through ProcedureFlow. For example, ProcedureFlow may inform you of upcoming maintenance, new features or how to get started.
  • Email messages. We may send you service or administrative emails, such as when we notice that you have exceeded a usage limit. We may also contact you to inform you about changes in our service, or our service offerings. In addition, we sometimes send emails to our users about new product features or other news about ProcedureFlow.

Your choices

When you use ProcedureFlow, you have control over a number of things with respect to your own information and account. If you are an organization administrator, you have additional choices that impact your organization's privacy. Some users will not have access to all of the same choices that their organization administrator(s) do. ProcedureFlow is set up by organization and provides organization administrators with the maximum ability to control their organizations.

Choices for Users

• As a ProcedureFlow user, you cannot completely delete your user account because it's considered part of the organization's data.
• Your account can only be deactivated by your organization administrator.
• You can, however, change your account information at any time.

Choices for organization administrators

• Organization administrators have the ability to manage and change most of their organization's settings, including inviting and deactivating users.
• You currently cannot completely delete your organization from ProcedureFlow, but you can delete all entry points and deactivate all users associated with an organization.
• You can also request from us an export of all your organization's data.

For more about these privileges, choices and permissions, see our help.

Sharing and disclosure

There are times when personal data, content and other user information may be shared by ProcedureFlow. This policy discusses only how ProcedureFlow may share your user information. Organizations that use ProcedureFlow may have their own policies for the sharing and disclosure of information they enter and access through ProcedureFlow. ProcedureFlow may share your user information:

• With consent, to comply with legal process, or to protect ProcedureFlow and our users. When we have your consent or if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or ProcedureFlow; or to detect, prevent, or otherwise address fraud, security or technical issues. If we receive a law enforcement or other third party request for information, we will provide prior notice to the subject of the request where we are legally permitted to do so.
• With third parties and agents. ProcedureFlow may employ third party companies or individuals to process personal information on our behalf based on our instructions and in compliance with this Privacy Policy. For example, we may share data with a security consultant to help us get better at preventing unauthorized access, with an email vendor to send messages on our behalf, or with other consultants who work on our behalf and who are under contractual promises of confidentiality.
• About you with your organization administrator(s). ProcedureFlow will share your user information with your Organization Administrator. If the email address under which you've registered your account belongs to or is controlled by an organization, (to be clear, we're not talking about free web-based email providers like Gmail, Hotmail or Yahoo! Mail) we disclose that email address and associated user name to that organization in order to help it understand who associated with that organization uses ProcedureFlow, and to assist the organization with its enterprise accounts. Please do not use a work email address for ProcedureFlow unless you are authorized to do so, and are therefore comfortable with this kind of sharing.
• In the event of a merger or sale. If we engage in a merger, sale or similar transaction or proceeding that involves the transfer of the information described in this Privacy Policy.
• That is aggregated and non-identifiable. We may also share aggregated or non-personally identifiable information with our partners or others for business or research purposes.

Security

ProcedureFlow takes all reasonable steps to protect your information from loss, misuse, and unauthorized access or disclosure. When you enter information into ProcedureFlow, we encrypt all transmissions of that information to our service using secure socket layer technology (SSL). We follow generally accepted standards to protect all information, including all personal data, submitted to us, both during transmission and once we receive it.

Changes to this Privacy Policy

We may change this policy from time to time, and if we do we'll post any changes on this page. If you continue to use ProcedureFlow after those changes are in effect, you agree to the terms and conditions of the revised policy. If the changes are material, we may provide more prominent notice or seek your consent to the new policy.

You can see past versions of our Privacy Policy and Terms of Service in our Policy Archives.

Contacting ProcedureFlow

Please feel free to contact us if you have any questions about ProcedureFlow's Privacy Policy or practices. You may email us at help@procedureflow.com or at our mailing address below: