Floutwork, LLC is the owner of the Floutwork app and this SERVICE (or "Floutwork") is built and provided to you by Floutwork, LLC. This page is used to inform users regarding the security measures used to protect their information.
Floutwork is committed to protecting your data. We use a variety of security measures to help protect your information from unauthorized access or misuse. In this page, you can find information on our security practices. If you would like to learn more, please contact us anytime and we will be happy to provide you with more information.
Floutwork production services are hosted on Amazon Web Services’ (“AWS”) platform. The physical servers are located in AWS’s data centers. As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports). Additional details about AWS’ compliance programs, including FedRAMP compliance, can be found at AWS’ website (http://aws.amazon.com/security/).
Third-Party Website Login Information
The Service allows you to access third-party websites within the Floutwork app. For the sole purpose of helping you login to websites faster and easier, the Service allows you to store your login information, including passwords, within the Floutwork app. This login information is then used to log you into the websites you wish to access. This login information is encrypted with advanced encryption technology and is ONLY stored locally on your computer and never transmitted to any Floutwork or third party servers. You can delete all your login information easily within the Service by going to the Vault app and clicking "Delete Vault". Your login information will then be permanently deleted from the Service.
Third-Party Website Usage Information
Floutwork helps you monitor your productivity by providing insights into the time you spend on the web apps you use. Specifically, Floutwork shows you the percentage of time you spend on any web app that you have added and use within Floutwork. These are web apps that you add to your Floutwork home screen from Floutwork's App Store app. Floutwork collects information about the time you spend on these apps solely for the purpose of helping you better understand your work habits and achieve your work goals. We do not share this information with third parties for any reason. You have control over the data we collect about your app usage. You can delete all your app usage information from Floutwork at any time from the Settings menu on the page. Additionally, if you prefer not to have your app usage information tracked at all, you can opt out of tracking by selecting the appropriate option in the settings.
Outlook and Google Account Data
Floutwork offers features that allow you to link your Outlook or Google account(s) to our Service. We use secure OAuth mechanisms provided by Microsoft and Google to establish a secure connection between your email/calendar account(s) and Floutwork. Once linked, you have the tools to manage your emails and calendar events as you see fit, and Floutwork uses standard methods provided by Microsoft and Google to accomplish this.We take the security of your personal information seriously, and any information related to your email/calendar account(s) that you link to Floutwork is ONLY stored locally on your computer. We never store this information on any Floutwork or third-party servers.If you ever decide to disconnect your email/calendar account from the Service, you can easily do so by removing the connected account from the Email or Tasks app within Floutwork. Once you remove your connected account, all email and calendar data will be permanently deleted from the Service.
Other User Content
All user content except third-party website login information and Google or Outlook email data are hosted on MongoDB Atlas platform. MongoDB Atlas stores Floutwork user data within US Region of AWS. As of this date, MongoDB Atlast has the following certifications:
To learn more about MongoDB Atlas and compliance, visit MongoDB Atlas’ website (https://www.mongodb.com/cloud/trust).
Some user content, specifically attachments on tasks or notes stored within Floutwork, are hosted within AWS S3 and are stored within the US region of AWS.
We do not offer customers the option of hosting Floutwork on a private server, or to otherwise use Floutwork on a separate infrastructure.
Floutwork uses passwordless login. Instead of using a password to login, you enter your email address. Floutwork then sends you a one-time access code to your email address. This one-time access code is then entered by the you within the Floutwork app to login to the app. When the login session expires, you will need to login again to continue using the app. This one-time access code has an expiration duration as well. If you do not enter the one-time access code within the expiration duration, a new one-time access code will need to be obtained to login.
All user data stored in Floutwork is protected and access to such data is restricted to Authorized Personnel only. Authorized Personnel access is based on the principle of least privilege. Only a few hand picked individuals who are considered Authorized Personnel have direct access to Floutwork's production systems. Even Authorized Personnel who do have direct access to production systems are only permitted to view user data stored in Floutwork after getting consent directly from the user each time they need to access the data. Access requests are only granted for troubleshooting purposes or as otherwise permitted in Floutwork's Privacy Policy. Authorized Personnel are required to use Two-factor authentication (2FA) to login to production systems.
Floutwork maintains a list of personnel who are permitted to access Floutwork code, as well as the development and staging environments. These lists are reviewed quarterly and upon role change. Upon role change or leaving the company, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.
Floutwork uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the desktop client app and Floutwork servers. There is no non-TLS option for connecting to Floutwork servers. All connections are made securely over HTTPS.
Data drives on servers holding user data use full disk, industry-standard AES encryption with a unique encryption key for each server. Image attachments to notes or todos within Floutwork are stored in Amazon’s S3 service. Attachments are only accessible by using a secure HTTPS connection by you, the user, or an Authorized Personnel from Floutwork (this is only after getting consent directly from the you, the user, each time they need to access any attachments). Access is granted only to perform their job duties. Image attachments are encrypted using Amazon S3 server side 256-bit AES encryption. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process. At the written request of the user, all user data including image attachments can be deleted permanently.
If you have any questions regarding our security, please contact us at:
Floutwork, LLC
Ponte Vedra, FL 32081
hello@floutwork.com
