What this Statement Covers
Where Flightpath is the controller of your Personal Data, we are responsible for its processing, unless expressly specified otherwise. For the avoidance of doubt, our Privacy Statement does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers. For information on how we protect our customer’s data as a processor, please see our Data Processing Agreement.
Who We Are
A reference to “Flightpath,” “we,” “us” or the “Company” in this statement is a reference to Flightpath Software Inc. Flightpath operates an Enterprise Software as a Service platform that enables our clients to better manage their podcast advertising campaigns.
Flightpath Software Inc.
25 Dundurn St. North
Hamilton, ON Canada L8R 3C9
Information We Collect
We only collect information about users of the application if we have a reason to do so – for example, to provide our Services, to communicate with you, or to make our Services better.
We collect information in two ways: if and when you provide information to us and automatically through operating our Services.
Information You Provide to Us
We collect the information you provide directly to us. Here are the types of information we collect:
- User Log-in Information: We require that all users of Flightpath have a login and this requires that you provide their name, email address and a password. They have the opportunity to provide a profile photo or select an avatar.
- Transaction and Billing Information: Customers of Flightpath provide billing and payment information required to process the transaction and your payment, such as company name, billing address, credit card information, and contact information for an appropriate party within your organization.
- Credentials for Integrations: Depending on the integrations you configure on Flightpath, you may provide us with additional email addresses, phone numbers, credentials or login information for the purpose of connecting Flightpath with third-party services such as: notifications or billing platforms.
- Communicating with Us: You may also provide us information when you communicate with our team about a support question.
- Information about your Buyers/Customers: You may choose to provide us with the name, company, and email addresses of buyers you wish to communicate with using Flightpath.
Information That We Collect Automatically
We also collect some information automatically:
- Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically provide, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access and operating system. We collect log information when you use our Services – for example when you create or make changes to your account.
- Time Zone: We collect your browser's reported time zone. We use the collected time zone to correct the times we display from UTC to a more suitable time for each user.
How and Why We Use Information
Purposes for Using Information
We use information about you as mentioned above and for the purposes listed below:
- To provide our Services: such as, to set up and maintain your account or charge you for use of our services.
- To further develop and improve our Services: understanding what features are being used, what new features might be needed or helping users use our services more effectively.
- To monitor and prevent any problems with our Services: protect the security of our Services, fight spam, and protect the rights and property of Flightpath and others, which may cause us declining the use of our Services;
- To communicate with you: for example, to provide you with alerts, solicit your feedback, or to keep you up to date on new Flightpath features.
How Long We Keep Information
We do not keep your information for longer than is necessary.
- Inactive accounts. If your account is in default, we will take reasonable steps to rectify the situation. In the event we are unable to rectify payment, we will give you a final 30 day notice at which time your account will be closed and all your information will be removed from our servers.
- Database backups. We keep database backups for up to 12 months. Therefore, when you delete information from your account or close your account completely, your information can still be recovered from our encrypted database backups for up to 12 months.
Legal Bases for Collecting and Using Information
A note for those in the European Union about our legal grounds for processing information about you under EU data protection laws. Our use of your information is based on the grounds that:
- The use is necessary to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, to enable access to our website on your device or charge you for a paid plan; or
- The use is necessary for compliance with a legal obligation; or
- The use is necessary to protect your vital interests or those of another person; or
- We have a legitimate interest in using your information–for example, to provide and update our Services, to improve our Services so we can offer you an even better user experience, to safeguard our Services, to communicate with you, to monitor and prevent any problems with our Services, and to personalize your experience.
How We Share Information
We do not sell our users' private personal information. We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Statement for the personal information we share with them.
- Third-Party Vendors: We may share information about you with third-party vendors who need to know information about you to provide their services to us, or to provide their services to you. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, or SMS and email delivery services that help us stay in touch with you). We require vendors to agree to privacy commitments to share information with them. These vendors are listed in the "List of Data Sub-processors" section below.
- Legal Requests: We may disclose information about you in response to a subpoena, court order, or other governmental requests.
- To Protect the Rights, Property, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Flightpath, third parties, or the public. For example, if we have a good faith belief there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Flightpath goes out of business or enters bankruptcy, user information would likely be one of the assets that are transferred or acquired by a third party. If any of these events were to happen, this Privacy Statement would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Statement.
- With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as the notification services that you connect to your account on our site.
- Aggregated or De-Identified Information: We may share information, which has been aggregated or reasonably de-identified so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services or trends within the larger podcast publishing industry.
Although no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our Services for potential vulnerabilities and attacks. We handle data breaches according to our Data Breach Policy.
You have several choices available when it comes to information about you:
- Limit the Information that You Provide: If you have an account with us, you can choose not to provide the optional account information. Please remember that if you do not provide this information, certain features of our Services may not be accessible.
- Close Your Account: While we'd be very sad to see you go if you no longer want to use our Services, you can close your Flightpath account. Please remember that we may continue to retain your information after closing your account, as described in "How Long We Keep Information" above.
If you are located in certain countries or states, including those that fall under the European General Data Protection Regulation (AKA the “GDPR”), data protection laws give you rights regarding your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
Usually, you can access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren't able to do that, or you would like to contact us about one of the other rights, please see our Contact details at the top of this page.
Other Things You Should Know
Because Flightpath Services are offered worldwide, the information about you, which we process when you use the Services in the EU, may be used, stored, and/or accessed by third party processors operating outside the European Economic Area (EEA). This is required for the purposes listed in the "How and Why We Use Information" section above.
List of Data Sub-processors
Flightpath uses these products/services (which are all GDPR and CCPA compliant):
- Digital Ocean: for Tier 1 HA hosting of our applications and storing data.
- Amazon Web Services: for storing encrypted database backups, privacy vaults, and our data lake.
- Healthchecks.io: for worker/task monitoring (no PII data sent)
- Datadog: for log and application monitoring
- Sentry: for application monitoring (no PII data sent)
- Mixpanel: for usage monitoring (no PII data sent)
- Maijet: for sending transactional email
Privacy Statement Changes
We reserve the right to modify this Privacy Statement at any time. Please review it occasionally. If we believe that the changes are material, we will endeavor to notify all of our active clients by email, but this notification may not reach all users.
- Mar 3, 2023: Initial version
This Privacy Statement was adapted from Healthchecks.io with their permission. Our deepest gratitude.