Last Updated: 25 October 2024

 

Upflow, Inc. (“Upflow”) has developed and makes available a SaaS-based product that uses analytics and process automation to manage trade invoices (collectively with this website and any other products and services that link to this Privacy Policy, our “Services”). This Privacy Policy describes our privacy practices with respect to the personal information of individuals who represent businesses to which we may market and provide our Services, including the information we collect on this website and from individuals who are our customers’ authorized users, and from other sources.

 

Applicability of this Privacy Policy

Our Services are designed for businesses and are not intended for personal, family, or household use. Accordingly, we treat all personal information covered by this Privacy Policy, including information about any visitors to our website, as pertaining to individuals acting as business representatives, rather than in their personal capacity.

 

Personal Information We Collect

Information you provide to us

• Contact details, such as your first and last name, email address, state, and phone number.
  
  
• Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
  
  
• Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
  
  
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

 

Third-party sources

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Third parties, such as data providers, event co-sponsors, and others.
  
  
• Public sources, such as social media platforms.

 

Automatic data collection

We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:

• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
  
  
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them. We may use third party tools to assist with capturing online activity data.
  
  
• Email Open/Click Information. We may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email that we may send to you.

 

We may use the following tools for automatic data collection:

• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
  
  
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  
  
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

For additional details, please see our Cookie Policy below.

 

Public sources

We may combine personal information we receive from you with personal information we obtain from public sources, such as social media platforms.

 

How We Use Your Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery

We use your personal information to:

• Provide, operate and improve the Services and our business;
  
  
• Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
  
  
• Provide support for the Services, and respond to your requests, questions and feedback.
  
  

Research and development

As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.

 

Marketing and advertising

We may collect and use your personal information for marketing and advertising purposes, including:

• Direct marketing. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the “Opt-out of marketing communications” section below.
  
  
• Interest-based advertising. We engage our advertising partners, including third-party advertising companies and social media companies, to advertise our and our customers’ and partners’ Services. We and our advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across the web, our communications and other online services, and use that information to serve online ads. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt out” section below.
  
  

Compliance and protection

We may use your personal information to:

• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  
  
• Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  
  
• Audit our internal processes for compliance with legal and contractual requirements and internal policies;
  
  
• Enforce the terms and conditions that govern our website and Services; and
  
  
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

 

Legal bases for processing (for United Kingdom and EEA individuals)

If you are an individual in the United Kingdom or European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable United Kingdom and/or EU laws.  The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

• We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
  
  
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
  
  
• You give us consent to do so for a specific purpose; or
  
  
• We need to process your data to comply with a legal obligation.
  
  

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.  Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

 

How We Share Your Personal Information

We may share your personal information with:

• Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
  
  
• Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services).
  
  
• Advertising partners. Third party advertising companies, including for the interest-based advertising purposes described above, that may collect information on our website through cookies and other automated technologies.
  
  
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  
  
• Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
  
  
• Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Upflow or our affiliates (including, in connection with a bankruptcy or similar proceedings).

 

Cross-border processing of your personal information

To provide and operate our Services, it is necessary for us to process your personal information in the United States and France. If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

 

Your Choices

Personal information requests: In certain circumstances (including based on where you are located), you may have the following rights in relation to your personal information:

• the right to learn more about what personal information of yours is being processed, how and why such information is processed and the third parties who have access to such personal information. We have made this information available to you without having to request it by including it in this Privacy Policy;
  
  
• the right to access your personal information;
  
  
• the right to rectify/correct your personal information;
  
  
• the right to restrict the use of your personal information, where permitted under applicable law;
• the right to request that your personal information is erased/deleted, where permitted under applicable law;
  
  
• the right to data portability (i.e. receive your personal information or have it transferred to another controller in a structured, commonly used, machine readable format), where permitted under applicable law; and
  
  
• the right to object to the processing of your personal information or to direct us not to share your personal information with a non-affiliated third party, where permitted under applicable law.

 

To make a request, please contact us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

 

In addition, where you have provided your consent to processing for the purposes indicated above, you may withdraw your consent at any time (or otherwise exercise your aforementioned rights in relation to your personal information) by contacting us below (see “How to Contact Us” section below).

 

Please note that in some circumstances, we may not be able to fully comply with your request, for example if we are required to retain certain information about you to comply with applicable laws and regulations or if the information is necessary in order for us to provide the services you requested. In particular, we, and our collection and processing of your personal information, may be governed by laws and regulations on anti-money laundering, fraud prevention, taxation and financial services. We will not discriminate against you for exercising your rights. We will not deny you access to our Services, or provide you a lower quality of Services if you exercise your rights.

 

You also have the right to lodge a complaint with the relevant authority (as applicable) or a supervisory authority in the UK or EU member state of your usual residence or place of work or of the place of the alleged breach, if you consider that the processing of your personal information carried out by Upflow or any of our affiliates or third-party service providers, has breached data protection laws. 

 

You may also appeal to certain courts against (A) any failure of the relevant authority to give written notice of whether the complaint is either being investigated or not being investigated and, where applicable, the progress and the outcome of the investigation or (B) a determination of the relevant authority not to investigate the complaint or a determination that a controller or processor has not breached or is not likely to breach an operative provision in connection with the complaint.

 

Opt-out of marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communications we send you.

Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our Services, for additional details please see our Cookie Policy below.  

 

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

 

Data Retention

We may retain your personal information for as long as it is reasonably needed in order to maintain and expand our relationship and provide you with our services; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of such information, the potential risk of harm from unauthorized use or disclosure of such information, the purposes for which we process it, and the applicable legal requirements.  

 

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

 

Children

The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

 

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at: legal@upflow.io or at the following mailing address:

• Upflow, Inc. Attn Legal team, 340 S Lemon Ave #7517, Walnut, CA 91789 USA
• For UK and EU Residents, please contact us at Upflow, SAS, Attn Legal team, 5 Avenue du Général de Gaulle, 94160 Saint-Mandé, FR

Notice to UK and EU Residents

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you can contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

 

Cookie Policy

This Cookie Policy explains how Upflow uses cookies and similar technologies in connection with our Services. This Cookie Policy should be read in conjunction with our Privacy Policy.

‍If you have any questions or concerns about the Cookie Policy, please contact us at legal@upflow.io or as otherwise described in our Privacy Policy.

‍What are cookies and similar technologies?

• Cookies are text files that websites store and access on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser to allow us to distinguish you from other users of our Services for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand activity and patterns, and facilitating online advertising.
  
  
• Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  
  
• Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

This Cookie Policy refers to all these technologies, and other types of tracking technologies used through our Services, collectively as “cookies.”

 

‍How do we use cookies and other similar technologies?

We may use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. The cookies placed through your use of our website are either set by us (first party cookies) or by a third party at our request (third-party cookies).

We may also allow our advertising partners to collect this information through our website.

 

‍What types of cookies and similar technologies do we use?

We may use the following categories of cookies:

‍Strictly Necessary Cookies: These cookies are necessary for the Services to function and cannot be switched off in our systems. They allow us to enable security, prevent fraud and debug the Services and are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the Services will not work.

 

‍Functional Cookies. These cookies are used to recognize you when you return to our Services or to enable the Services to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of the Services may not function properly.

 

‍Analytics Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us to know which pages are the most and least popular and see how visitors move around the Services. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our Services and will not be able to monitor its performance.

 

‍How can you control the use of cookies?

Depending on where you access the Services from, you may be presented with a cookie banner or other tool to provide permissions prior to non-Strictly Necessary cookies being set. In this case, we only set these non-Strictly Necessary cookies with your consent.

‍You can also limit online tracking by:

• Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  
  Use the following links to learn more about how to control cookies and online tracking through your browser:‍
  • Firefox; Chrome; Microsoft Edge; Safari (Mac); Safari (Mobile/iOS)

• Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

• Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
• Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
  • Digital Advertising Alliance for Websites: outout.aboutads.info
  • Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
  • Network Advertising Initiative: optout.networkadvertising.org
    
    
• Platform opt-outs. Some advertising companies offer opt-out features that let you opt out of use of your information for interest-based advertising, including:
  • Google: www.adsettings.google.com
  • Facebook: www.facebook.com/about/ads
  • Twitter: www.twitter.com/settings/personalization

 

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

 

‍Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. 

 

 

 

Upflow Privacy Policy - Last Updated October 2024