Privacy Policy for ClearFlow LLC

 

Last updated: August 8, 2024

ClearFlow LLC ("Company," "We," "Us," or "Our") is committed to safeguarding the privacy of both Website Visitors and Authorized Users of our Software as a Service (SaaS) platform. This Privacy Policy outlines how we collect, use, disclose, and protect personal information for both groups, including integrations with ESRI ArcGIS Online and other third-party services. It also details the privacy rights of government entities (e.g., municipalities) using our platform and explains our compliance with applicable data protection laws.

We do not sell personal information. We use personal data to provide, improve, and market our services when submitted by Website Visitors through forms. By accessing our Website or Platform, You agree to the collection and use of information as outlined in this Policy. This Privacy Policy applies to Website Visitors, Authorized Users, and government entities, ensuring compliance with all applicable laws.

 

1.     Interpretation and Definitions

1.1.   Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

1.2.   Definitions For the purposes of this Privacy Policy:

1.2.1.“Company” (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to ClearFlow LLC, 7722 Gooseneck Ct West Olive, MI 49460.

1.2.2."Agreement" refers to this Privacy Policy, the ClearFlow Master Services Agreement (MSA), and any other related documents, including but not limited to Quotes and Statements of Work (SOWs).

1.2.3."Customer Data" refers to all operational, geospatial, website usage, and any other information provided by the Customer or Authorized Users. This data is processed, stored, or transmitted through the Platform, and includes data managed via third-party services like ESRI ArcGIS Online, subject to both this Privacy Policy and third-party policies.

1.2.4."Platform" or "SaaS Platform" refers to the ClearFlow Software-as-a-Service (SaaS) Platform, including the Website and all related applications, integrations (including ESRI ArcGIS Online), and services provided to the Customer. The Platform encompasses the provision of services, user access, and data processing governed by the MSA, EULA, and this Privacy Policy.

1.2.5."Personal Data" refers to any information related to an identified or identifiable individual, including but not limited to names, addresses, email addresses, phone numbers, and other identifiers. Personal Data may be collected from Website Visitors, Platform Users, or other individuals interacting with the Company's services.

1.2.6."Authorized Users" or “Users” refers to employees, contractors, subcontractors, vendors, or agents of the Customer who are granted access to the Platform under the MSA. "Authorized Users" must comply with the MSA, EULA, and this Privacy Policy. If accessing the Platform on behalf of a company or other entity, " Users" also refers to that entity..

1.2.7.“Service Level Agreement” or “SLA” refers to the performance standards, uptime commitments, response times, and other service metrics the Company agrees to meet in the provision of the Platform and related services as specified in the MSA.

1.2.8.“ESRI ArcGIS Online” refers to the third-party platform used for geospatial data and GIS services, which is integrated into The Company’s SaaS platform. Any data processed or stored on ESRI ArcGIS Online is subject to ESRI’s data security and privacy policies.

1.2.9.“Government Entity” refers to municipalities, local governments, or other public sector clients using The Company’s platform for water and wastewater management, GIS operations, and reporting.

1.2.10.   “Confidential Information” refers to any non-public information disclosed by either Party in connection with this Agreement that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.

1.2.11.   “Affiliate” means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.

1.2.12.   “Cookies” are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.

1.2.13.   “Device” means any device that can access the Service such as a computer, a cellphone, or a digital tablet.

1.2.14.   “Service” refers to the Website and Platform provided by the Company.

1.2.15.   “Service Provider” means any third party that processes data on behalf of the Company, including those involved in operating or analyzing the Platform or Website.

1.2.16.   “Usage Data” refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

1.2.17.   “Website” refers to the Company Website, accessible from https://www.clearflow.net 

1.2.18.   "Website Visitors" refers to individuals who access or interact with the Company's website, including those submitting forms, requesting information, browsing, or utilizing any online services provided through the website.

1.2.19.   “You/Your” refers to either Website Visitors interacting with the Company’s website or Authorized Users utilizing the Platform, as defined in the context.

1.2.20.   "Data Controller" refers to the entity (the Company) that determines the purposes and means of processing Personal Data.

1.2.21.   "Data Processor" refers to any entity that processes Personal Data on behalf of the Data Controller.

2.     Data Collected.  We collect and use the following types of data:

2.1.   Data Collected from Website Visitors Who Fill in Forms or Request Information. We collect Personal Data from Website Visitors who fill out forms, request information, or contact us via our website. This includes names, email addresses, phone numbers, and message content. This data is processed for communication purposes, improving our services, and providing requested information. We do not share visitor data with third parties unless necessary to fulfill requests or comply with legal obligations. All collected data is handled in accordance with this Privacy Policy.

2.2.   Data Users Provide to Access the Platform. We collect Personal Data when Users access the Platform. This may include names, contact details, job titles, and message content. Personally identifiable information collected is used for user authentication, account setup, and service access. We do not share visitor data with third parties unless it is necessary to provide services on the Platform or comply with legal obligations. All collected data is handled in accordance with this Privacy Policy.

2.3.   Data Collected via Third Party Sources and ESRI ArcGIS. Customer Data may be processed by third-party service providers, including ESRI ArcGIS. These third parties are subject to their own privacy policies, in addition to this Privacy Policy. When using our Platform in conjunction with ESRI ArcGIS, certain data is processed through ESRI’s platform, subject to their privacy policies. The Company ensures secure data transmission, but Customers must review ESRI’s policies to understand how their data is managed.

2.4.   Automatically Collected Data (Usage Data). We collect Usage Data automatically when You use our Platform or website. This includes information such as Your Device’s IP address, browser type, version, the pages you visit, the time and date of Your visit, time spent on those pages, and diagnostic data. If You access our service via a mobile device, we collect information such as mobile device type, unique device ID, IP address, mobile operating system, and Internet browser type.

2.5.   Tracking Technology and Cookies. We use cookies, web beacons, and other tracking technologies to improve and analyze Our services. You can manage cookie preferences through your browser settings. Cookies can be persistent or session-based and serve purposes such as maintaining security, enhancing the user experience, and personalizing content.

2.5.1.Necessary/Essential Cookies: These session cookies are necessary to authenticate users and provide services on our website.

2.5.2.Notice Acceptance Cookies: Persistent cookies to track whether users have accepted cookies on the website.

2.5.3.Web Beacons: Used to count users visiting specific pages or to monitor emails opened for website statistics

3.     Use of Your Personal Data. The Company may use Personal Data for the following purposes:

3.1.   Provision of Services: We use Customer Data and Personal Information to provide platform access, ensure operational functionality, and integrate with third-party services like ESRI ArcGIS.

3.1.1.Platform Access: Personal Data is used to authenticate users and provide core features like GIS mapping and water/wastewater management.

3.1.2.ESRI ArcGIS Integration: Data processed through ESRI is governed by their privacy policies. ClearFlow ensures secure transmission between platforms but remains separate from ESRI’s data handling practices.

3.1.3.Customer Support: Data may be used to provide technical support, troubleshoot issues, and improve the user experience.

3.2.   Service Improvement: We analyze data to improve platform performance, operational workflows, and GIS integration, in compliance with this Privacy Policy and third-party policies like ESRI’s.

3.3.   Compliance and Reporting:

3.3.1.Government Reporting: We assist government customers in complying with FOIA requests while protecting sensitive or proprietary information.

3.3.2.Legal Obligations: We may use or disclose data to comply with legal obligations, enforce agreements, or resolve disputes.

3.4.   Marketing and Communications:

3.4.1.Customer and Website Visitor Communication: We use Personal Information to send updates, notifications, and service changes. Marketing communications will only be sent with prior consent, where applicable.

3.4.2.By submitting forms on our Website or using our Platform, You grant the Company permission to contact You using the information provided, such as email or phone number, to respond to inquiries, provide requested information, or send service-related communications. You may opt out of future communications at any time by following unsubscribe instructions or contacting Us directly

3.5.   Product Improvement: Data may be used to enhance our platform, add features, and develop tailored solutions.

3.6.   Data Sharing and Third Parties

3.6.1.Third-Party Service Providers: We may share Customer Data with third-party service providers for platform operations, such as hosting, payment processing, and customer support. Data shared with ESRI for geospatial services is subject to their privacy policy. In legal or compliance matters, data may be disclosed if required by law. We also share data with affiliates or business partners to enhance services or in business transactions like mergers. We will not share personal data without prior consent except as outlined in this policy.

3.6.2.Legal or Compliance Disclosures: Data may be disclosed if required by law or for public records requests.

3.6.3.Affiliates and Business Partners: We may share data with affiliates or partners to enhance services.

3.6.4.Business Transactions: Data may be transferred during mergers or acquisitions, ensuring compliance with data protection laws.

3.6.5.With Your Consent: We will not disclose personal data to third parties without obtaining prior consent, except as outlined in this policy.

3.7.   Additional Uses of Data

3.7.1.Account Management: Personal data is used to manage user registration and access to the platform.

3.7.2.Technical Support: Data is used to assist with technical issues, ensuring accurate data processing.

3.7.3.Contract Performance: Your data may be used for developing, complying with, and fulfilling the contracts related to the services you have purchased, or any other contract established between you and The Company. This also includes interactions with third-party services like ESRI ArcGIS Online.

3.7.4.Communication: We may contact Users to provide updates or security notifications.

3.7.5.Business Transfers: Data may be transferred in case of mergers, acquisitions, or sales. In such an event, The Company will ensure that any such transfer of data is done in compliance with applicable data protection laws and that the acquiring entity is contractually bound to maintain the privacy and security of Customer Data.

4.     Data Security, Access, Processing, and Retention:

4.1.   Data Security Measures: The Company implements industry-standard security protocols, including encryption, access controls, and regular audits, to protect Customer Data. The Customer and its Authorized Users are responsible for securing access credentials and must immediately report any unauthorized access. The Company ensures secure data transmission between its Platform and third-party providers, such as ESRI ArcGIS, but is not liable for breaches originating from third-party platforms..

4.2.   ESRI ArcGIS Integration Security: When using the Platform in conjunction with ESRI ArcGIS Online, data security for information stored on ESRI’s servers is governed by their own security measures. The Company will not be liable for any breaches or incidents involving ESRI ArcGIS. Data security for information stored on ESRI’s servers is governed by ESRI’s policies. While the Company ensures secure data handling between its platform and ESRI, Customers are encouraged to review ESRI’s security measures.

4.3.   For municipal and other government Customers, The Company ensures that its data protection measures comply with applicable data privacy and security regulations, including federal, state, and local government data protection laws. This ensures that sensitive municipal data is safeguarded against unauthorized access, breaches, or disclosures in accordance with public sector requirements.

4.4.   Access Control: Access to Customer Data within the Company platform is restricted to authorized personnel only. Each user is granted access based on their role and level of responsibility. We also implement strong password policies and multi-factor authentication (MFA) to further safeguard access to sensitive data.

4.5.   Data Retention: The Company retains Customer Data as necessary to provide services and comply with legal obligations. Data stored on third-party platforms like ESRI ArcGIS follows their retention policies, and the Customer is encouraged to review these. Data collected from website visitors is retained as needed to respond to inquiries and may be deleted upon request or completion of the interaction.

4.6.   Data Breach Notifications: In the unlikely event of a data breach that may compromise Customer Data, The Company will notify the affected Customer(s) promptly, in accordance with applicable breach notification laws. The Company will also work with the Customer to meet any additional breach notification requirements that apply, especially for government entities. Customers are responsible for notifying their end-users of breaches that affect their personal data, as required by law. The Company will provide necessary support to assist government clients in complying with public sector-specific breach notification requirements, including those governed by local and federal regulations

4.7.   Data Processing: Data processing is governed by this Privacy Policy, the MSA, and the EULA. Users must comply with all data processing terms, including public records laws, and review third-party data protection policies, such as those of ESRI ArcGIS.

5.     Data Protection Rights

5.1.   Customers and Authorized Users: The Company ensures Customers and Authorized Users maintain full control over their personal data. Depending on applicable laws, such as the CCPA, you may have the following rights:

5.1.1.Right to Access: You may request a copy of personal information we collect, use, or share. The Company will provide specific details about how Your data is collected and shared.

5.1.2.Right to Know: You can request information regarding:

5.1.2.1.           Categories of personal information collected.

5.1.2.2.           Sources of this information.

5.1.2.3.           Business purposes for collection/sharing.

5.1.2.4.           Third parties with whom your data is shared.

5.1.2.5.           Specific data collected about you.

5.1.3.Right to Correct: You may request the correction of inaccurate personal data, and we will ensure your data is accurate based on the provided information.

5.1.4.Right to Delete: You may request the deletion of your personal data, except where legal requirements prevent deletion (e.g., compliance with FOIA or public records laws). We will assist with compliance and protect sensitive data.

5.1.5.Right to Restrict Processing: You may request limits on how your data is processed, such as when you dispute its accuracy.

5.1.6.Right to Object to Processing: You can object to specific data processing, such as direct marketing or profiling, unless compelling legal reasons exist for continuing.

5.1.7.Right to Data Portability: You may request a copy of your personal data in a portable, machine-readable format and request its transfer to another service provider, where feasible.

5.1.8.Right to Opt-Out: You can opt out of the sale or processing of your data for targeted advertising or profiling. While the Company does not sell data, you may control certain data-sharing practices by contacting us directly.

5.1.9.Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your data protection rights. The Company will not:

5.1.9.1.           Deny services.

5.1.9.2.           Charge different prices or rates.

5.1.9.3.           Provide a different level of service.

5.1.9.4.           Suggest that you may receive different pricing or quality.

5.1.10.   Public Records and Government Customers: Certain Customer data may be subject to public records laws (e.g., FOIA). We will assist with compliance and protect sensitive or proprietary data to the fullest extent permitted by law.

5.2.   Website Visitors: Website visitors also have rights under applicable privacy laws (e.g., CCPA), including:

5.2.1.Right to Access: You may request a copy of personal data collected from you, such as information submitted via forms.

5.2.2.Right to Know: You may request information about categories of data collected, purposes for collection, and any third-party sharing.

5.2.3.Right to Correct: You can request corrections to inaccurate data submitted through the website.

5.2.4.Right to Delete: You may request the deletion of personal data, subject to legal exceptions.

5.2.5.Right to Opt-Out of Sale or Sharing: You may opt out of data-sharing practices, such as cookies or marketing data collection.

5.2.6.Right to Non-Discrimination: The Company will not deny services or alter the level of service for visitors exercising their privacy rights.

6.     Exercising Your Policy Rights. Website visitors, Customers, or Authorized Users may submit verifiable requests to exercise their rights under this Privacy Policy. Only the individual or someone legally authorized may submit a request. To submit a request:

6.1.   Email us at: [email protected]

6.2.   To protect Your personal data, we require sufficient information to verify the identity of any individual submitting a request including:

6.2.1.Valid email or account number for Customers/Authorized Users.

6.2.2.For website visitors, verifiable details like email or name used during inquiries.

6.3.   Requests Must:

6.3.1.Allow us to verify your identity or authorization

6.3.2.Provide sufficient detail for us to respond appropriately.

6.4.   We cannot respond if we cannot verify your identity or authority.

6.5.   For government entities, certain data may be exempt from deletion or modification requests if required to be retained under public records laws. The Company will assist with compliance in accordance with the MSA and applicable public records laws while protecting sensitive information to the fullest extent allowed by law.

6.6.   You may only submit a verifiable consumer request for access or data portability up to twice within a 12-month period.

6.7.   For government entities, certain data may be exempt from deletion or modification requests if required to be retained under public records laws. The Company will assist with compliance in accordance with the MSA and applicable public records laws while protecting sensitive information to the fullest extent allowed by law.