Updated: August 1, 2015
At ProcedureFlow, we believe privacy goes hand in hand with security and
confidentiality. They are very important to us and we take each of them
very seriously. ProcedureFlow is the custodian of data on behalf of our
users. We don't own any user data. Any data you publish in ProcedureFlow
is, by default, private to your organization. That is, viewing the data
published within a specific organization requires authentication as a
member of that organization.
collect at ProcedureFlow, how we use it, and what choices you have.
When we talk about ProcedureFlow in this policy, we are talking about
GEMBA Software Solutions Inc. (the company that owns ProcedureFlow) and
the ProcedureFlow website at procedureflow.com.
This policy describes how ProcedureFlow treats your information, not how
other organizations treat your information. If you are using ProcedureFlow
in a workplace or on a device or account issued to you by your employer or
another organization, that organization likely has its own policies regarding
storage, access, modification, deletion, and retention of data which may apply
to your use of ProcedureFlow. Data that would otherwise be considered private
to you or to a limited group of people will be accessible by your Organizational
Administrator, who has complete control over and can access all data published
within the organization's ProcedureFlow environment.
Information we collect and receive
We collect different kinds of information. Some of it is personally identifiable
and some is non-identifying or aggregated. Here are the types of information we
collect or receive:
Account and Profile information. When you create an account
in ProcedureFlow, we collect your name, email address, password, and
organization name. Optionally, you can also individually add email addresses
for people you'd like to invite to join your organization's ProcedureFlow
Billing information. For billing purposes, we collect the
following information: organization name, organization address, contact name,
email address and telephone number, PO number (if required), number of active
users, and Accounts Payable contact name, email address and telephone (if
different from the organization's primary contact).
Log data. When you use ProcedureFlow, our servers automatically
record information, including information that your browser sends whenever you
visit a website. This log data may include your Internet Protocol (IP) address,
your geographic information based on your IP address, your browser type, settings,
configuration and plug-ins, language preferences, and cookie data.
Information from partners or other 3rd parties. ProcedureFlow may
receive information from partners or other third parties that we could use to make
our own information better or more useful. This might be aggregate level information
about where in the world an IP address is located or it might be more specific
information such as how well an online marketing or email campaign is performing.
session-based and persistent cookies. Cookies are small text files sent by us to your
computer and from your computer to us, each time you visit procedureflow.com.
They are unique to your ProcedureFlow account or your browser. Session-based cookies
last only while your browser is open and are automatically deleted when you close your
browser. Persistent cookies last until you or your browser delete them or until they
Some cookies are associated with your ProcedureFlow account and personal information
in order to remember that you are logged in. Other cookies are not tied to your account
but are unique and allow us to do site analytics and customization. If you access
ProcedureFlow through your browser, you can manage your cookie settings there, but if you
disable all cookies you may not be able to use ProcedureFlow.
In addition, we also use third parties, like Google Analytics, to gather website analytics.
You may opt-out of third party cookies
from Google Analytics on their website.
How we use your information
We use your information for the following:
Providing the ProcedureFlow service. We use information you provide
to authenticate you and deliver data to you and from you.
Understanding and improving ProcedureFlow. To make our product better,
we have to understand how users are using it. We have a fair bit of data about usage
and we intend to use it many different ways to improve our product, including research.
This policy is not intended to place any limits on what we do with usage data that is
aggregated or de-identified so it is no longer tied to a specific ProcedureFlow user.
Investigating and preventing bad stuff from happening. We work hard to
keep ProcedureFlow secure and to prevent abuse and fraud.
Communicating with you.
Solving your problems and responding to your requests. If you
contact us with a problem or question, we will use your information to respond
to that request and address your problems or concerns.
In-product communications. We may use information you provide
to contact you through ProcedureFlow. For example, ProcedureFlow may inform you
of upcoming maintenance, new features or how to get started.
Email messages. We may send you service or administrative emails,
such as when we notice that you have exceeded a usage limit. We may also contact
you to inform you about changes in our service, or our service offerings. In
addition, we sometimes send emails to our users about new product features or
other news about ProcedureFlow.
When you use ProcedureFlow, you have control over a number of things with respect to your
own information and account. If you are an organization administrator, you have additional
choices that impact your organization's privacy. Some users will not have access to all of
the same choices that their organization administrator(s) do. ProcedureFlow is set up by
organization and provides organization administrators with the maximum ability to control
Choices for Users
As a ProcedureFlow user, you cannot completely delete your user account because it's
considered part of the organization's data.
Your account can only be deactivated by your organization administrator.
You can, however, change your account information at any time.
Choices for organization administrators
Organization administrators have the ability to manage and change most of their
organization's settings, including inviting and deactivating users.
You currently cannot completely delete your organization from ProcedureFlow,
but you can delete all entry points and deactivate all users associated with
You can also request from us an export of all your organization's data.
For more about these privileges, choices and permissions, see our help.
Sharing and disclosure
There are times when personal data, content and other user information may
be shared by ProcedureFlow. This policy discusses only how ProcedureFlow
may share your user information. Organizations that use ProcedureFlow may
have their own policies for the sharing and disclosure of information they
enter and access through ProcedureFlow. ProcedureFlow may share your user
With consent, to comply with legal process, or to protect ProcedureFlow
and our users. When we have your consent or if we believe that disclosure
is reasonably necessary to comply with a law, regulation or legal request;
to protect the safety, rights, or property of the public, any person, or
ProcedureFlow; or to detect, prevent, or otherwise address fraud, security
or technical issues. If we receive a law enforcement or other third party
request for information, we will provide prior notice to the subject of the
request where we are legally permitted to do so.
With third parties and agents. ProcedureFlow may employ
third party companies or individuals to process personal information on
our behalf based on our instructions and in compliance with this Privacy
Policy. For example, we may share data with a security consultant to help
us get better at preventing unauthorized access, with an email vendor to
send messages on our behalf, or with other consultants who work on our
behalf and who are under contractual promises of confidentiality.
About you with your organization administrator(s).
ProcedureFlow will share your user information with your Organization
Administrator. If the email address under which you've registered your
account belongs to or is controlled by an organization, (to be clear, we're
not talking about free web-based email providers like Gmail, Hotmail or
Yahoo! Mail) we disclose that email address and associated user name to
that organization in order to help it understand who associated with that
organization uses ProcedureFlow, and to assist the organization with its
enterprise accounts. Please do not use a work email address for
ProcedureFlow unless you are authorized to do so, and are therefore
comfortable with this kind of sharing.
In the event of a merger or sale. If we engage in a
merger, sale or similar transaction or proceeding that involves the
That is aggregated and non-identifiable. We may also
share aggregated or non-personally identifiable information with our
partners or others for business or research purposes.
ProcedureFlow takes all reasonable steps to protect your information from
loss, misuse, and unauthorized access or disclosure. When you enter
information into ProcedureFlow, we encrypt all transmissions of that
information to our service using secure socket layer technology (SSL).
We follow generally accepted standards to protect all information,
including all personal data, submitted to us, both during transmission
and once we receive it.
We may change this policy from time to time, and if we do we'll post any
changes on this page. If you continue to use ProcedureFlow after those
changes are in effect, you agree to the terms and conditions of the
revised policy. If the changes are material, we may provide more prominent
notice or seek your consent to the new policy.
Please feel free to contact us if you have any questions about
email@example.com or at
our mailing address below:
GEMBA Software Solutions Inc.
One Germain Street, Atrium Suites
Saint John, New Brunswick
Canada E2L 4V1