Platform Privacy Policy

1. Introduction

Flybits is a data technology company that offers a service used by businesses (our customers) to create personalized and relevant digital experiences for their customers (end-users). Our customers do this by integrating our technology into their websites, mobile apps and other online services.

Flybits operates as a “processor” of data in that we process data on the service solely as directed by our customers and for no other purpose. Our customers act as “controllers” and are responsible for determining how they want to use our services, and how to use your personal data when they do so. As a “processor”, we are not required to provide you with information about what we do, or how our customers can use our service to use your personal data. However, Flybits is committed to data protection and privacy, and have built our platform and services with privacy-by-design principles in mind. Which is why we have shared this privacy notice to explain to both our customers and their customers how information (including personal data) is collected and used when our customers use our platform.

If you have any questions about our use of personal data when you visit our website, apply for a job, or get in touch with us via our website or other means, please take a look at our Flybits Corporate Privacy Notice.

2. The Flybits Platform

For the purposes of this notice, Flybits (Collectively, “Flybits, our, we”), defines the “Customer” as an entity that subscribes to a license to use Flybits products and services in any marketing capacity, and the term “End-User” as any individual who uses the Customer’s product or services provided and/or powered by Flybits (collectively, “Service”). Our Customers can do so by integrating our Service with their websites, apps, social media and other digital channels (their “Digital Properties”). This Platform Privacy Notice describes how Flybits collects, discloses, stores, and uses information that could individually identify End-Users (“Personal Data”) in connection with the Service.

We receive certain information about End-Users from our Customers, and we process that information as part of our Service to help our Customers create personalized and relevant digital experiences for their customers. The type of information we process is generally pseudonymous information, and can include an End-User’s IP address (for service delivery), user agent, browser type, computer (or mobile device’s) operating system, mobile device ID or other pseudonymous identifiers. In certain places like the European Union, this type of pseudonymous data is considered personal data.

This Platform Privacy Notice explains:

What data is processed of individual End-Users (defined below)
The reasons why Personal Data is collected (defined below)
How such Personal Data is used

3. End-Users

Our Customers can incorporate our Service into their Digital Properties. If you are an End-User who uses such a Digital Property provided to you by our Customer, then this section is relevant for you. If required by applicable law, the Customer will need to inform you about, and may seek your explicit consent to collect and/or process Personal Data volunteered by you when you use their Digital Properties.

3.1 Collection and Use of Personal Data

When you use a Digital Property of one of our Customers that use our Service, your Personal Data about usage of the Digital Property is collected, recorded and analyzed in order for our Customers to deliver a personalized digital experience, improve service delivery, and operational security. The Personal Data that is collected is determined solely by our Customer. Our Customer may choose not to include all types of Personal Data mentioned below in their use of the Service. End-User data is not shared between Customers directly, nor are personal data shared by Flybits amongst our Customers.

When you are an employee of one of our customers: we collect your name, email address or phone number, and any other information that we may receive as part of onboarding, support and billing (ie: such as login ID, profile and role).

Flybits does not condone the collection or use of Personal Data without permission from an End-User. We work with our Customers to ensure their use of the Service clearly asks for your permission to collect and use your Personal Data.

3.2 What Personal Data can be collected as part of the Service

A Customer can decide to capture the following data when an End-User engages with a Digital Property:

Session Activity: Any engagement that takes place on the Service, such as pageviews and/or button clicks, duration of time spent on the Service, and user-inputted data including answers that you submit via surveys provided by the Service.

Sensory Data: Any data captured from sensors on your mobile device such as accelerometer, battery level, network connectivity, calendar availability, geolocation, or other environmental data from external hardware such as beacons.

Customer Information: Information that our Customers own about End-User segmentation, such as “first-time user”, “inactive user”, etc. Please note that in order to protect End-User privacy, all such data is pseudonymized/de-identified through a method called “tokenization”.

User Account Information: Information that authenticates you when you log in to a Digital Property, and/or helps to maintain web session security while using a Digital Property, such as authorization token (JWT).

3.3 Usage and Performance Information

When you use a Digital Property from one of our Customers that use the Service, usage and performance information is collected, and shortly thereafter aggregated or de-identified so that it no longer personally identifies an End-User. These tools help to monitor operational security and for our Customers how End-Users use their Digital Properties.

Log Data: Information that is automatically recorded by the Service such as IP addresses, device and browser type, operating system, and other statistics.

Mobile Device Identifiers: Identifier that is used by the Service to reach the End-User with notifications displayed in the installed Customer App.

3.4 Information relating to children

Please note that the Service is not intended to be used for Digital Properties directed at children under the age of 13 (16 in the EU), and therefore, Flybits and its Customer do not knowingly acquire or receive Personal Data from children under the age of 13 (16 in the EU). If the Customer later learns that any End-User of the Service is under the age of 13 (16 in the EU), the Customer will take appropriate steps to remove that user’s information and will restrict that individual from future data capture by means of the Service.

3.5 Security

We take all reasonably necessary steps to protect all information we hold from misuse, loss, unauthorized access, modification or disclosure. All information is kept in a secured environment, encrypted at rest and in transit and protected by firewall security systems to keep information secure and safe, using industry standards. Flybits strives to use commercially acceptable means and industry standard practices to protect the data we process.

3.6 End-User Inquiries

We have kept this Platform Privacy Notice simple and transparent for your understanding, as your privacy is important to us.

If you are a citizen of the EU, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, including but not limited to the ability to request a copy and/or deletion of your Personal Data.

Please note that as Flybits is a Data Processor, it does not own the Personal Data used or stored on our products and services but processes it on behalf of its Customer. If you wish to inquire about your Personal Data that may have been collected in connection with our use of a Digital Property, please contact the company that provided the service to you. If we receive a request from an End-User, we will do our best to forward such a request to the relevant Customer and support the Customer in answering the request.

4. Where Data is Stored

4.1 Geographical location

Flybits offers services in a number of data regions. A Flybits “Data Region” is a set of data centers located within a defined geographical area where Customer and End-User data is stored. Data will only be transferred outside its current country or region when appropriate safeguards to protect the End-User personal data has been put in place and previous permission has been granted by the Customer.

4.2 Processing in the European Economic Area (EEA)

Flybits adheres to the EU General Data Protection Regulation (GDPR). Consequently, Flybits processes all data provided by its Customers in its European Data Region, in the European Economic Area (EEA) only.

All data collected through the Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services Europe (“Hosting Provider”), using EU geographic locations. We enter into Data Processing Agreements with our Customers, and with our providers, where they act as sub-processors. Flybits has adopted safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession and we will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

4.3 Processing in the United States of America (US)

For Customers with accounts in the Flybits US Data Region, Flybits processes data solely in data centers located in the US. Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services (“Hosting Provider”). Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

4.4 Processing in Canada

For Customers with accounts in the Flybits Canada Data Region, Flybits processes data solely in data centers located in the United States of America or Canada (as determined by the Customers’ requirements). Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services (“Hosting Provider”). Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with Canadian provincial or federal laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

4.5 Processing in South America

For Customers with accounts in our South America Data Region, Flybits processes data solely in data centers located in Brazil. Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services (“Hosting Provider”). Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with regional laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

5. Our Legal Obligation to Disclose Personal Information

Flybits complies with any government or law enforcement entity investigation that provides proper law enforcement warrants and subpoenas.

6. Flybits Data Protection Officer

Flybits has a Data Protection Officer who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:

Flybits Inc.
Attn: Data Protection Officer
175 Bloor St East North Tower,
Suite 1400
Toronto, ON M4W 3R8
Canada
dataprotectionofficer@flybits.com

7. Version information

Version: 25 Nov 2021

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
aka_debug		This cookie is set by the provider Vimeo.This cookie is essential for the website to play video functionality. The cookie collects statistical information like how many times the video is displayed and what settings are used for playback.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
player	1 year	This cookie is used by Vimeo. This cookie is used to save the user's preferences when playing embedded videos from Vimeo.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_gat_UA-62189407-1	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
_hjTLDTest	session	No description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 8 months 9 days	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.