Privacy Policy

Effective: May 10, 2019

1 - Introduction

Welcome to FrontApp, Inc. (“FrontApp”, "we", "us" and "our"). FrontApp provides software and services that unify your email, customer communication channels, and apps in one platform, helping teammates work better together.

The “Websites” means Front’s websites (including without limitation www.frontapp.com, app.frontapp.com and any successor URLS, mobile or localized versions and related domains and subdomains), and the “Services” means FrontApp’s products, applications and services, in each case in whatever format they may be offered now or in the future.

2 - Purpose of this Privacy Policy

The purpose of this “Privacy Policy” is to inform you of the type of personal data we collect when you use our Services, why we collect the data, how it is used and your rights and choices. If you do not agree with this Privacy Policy, do not access or use our Services.

3 - Personal Data We Collect

Personal Data that you provide to us. When you register for a FrontApp account you are required to provide certain basic contact information, such as your name, and email address, and telephone number. If you choose to register for an account utilizing your credentials from a third party service (such as Google or Microsoft), then your name and email address will be provided to us as permitted by your profile settings within that third party service. If you are registering for a paid account you will also be required to provide payment information, such as payment card details (collected by our payment service provider), Single Sign On(SSO) SAML 2.0 credentials as well as other information that you voluntarily choose to add to your account profile, like a profile photo or a birth date. We will inform you, when requesting your Personal Data, if certain data must be provided or if it is optional. We will also inform you of the consequences should you not wish to provide this data.

We also collect the information that you may choose to submit to our customer support team, for example regarding a problem you are experiencing with our Services. This may include your contact information, a summary of the problem you are experiencing, and any other documentation or information that would be helpful in resolving the issue.

Automatically collected data. When you interact with FrontApp through the Services, we automatically collect information about you through cookies (small text files placed on your device), mobile device identifier and other technologies. Please read the “Cookies” section below to learn more about how we use cookies and other technologies. When you visit our Websites, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Website. This log data includes your Internet Protocol (“IP”) address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.

Data from other services you link to your account: In order to perform tasks that are part of the Services we require you to integrate your third party email service with your Services account. Doing so provides us with access to your email account(s) and the content included therein. You authorize this access by agreeing to this Privacy Policy and providing any consent required by your email provider. We receive information about you when you or your administrator integrate or link a third-party service with our Services. For example, if you create an account or log into our Services using your Google or Microsoft credentials, we receive your name and email address as permitted by your Google or Microsoft profile settings in order to authenticate you. You or your administrator may also integrate other third party services you use with and into our Services. For example, you may authorize our Services to access and display messages from within an instant messaging application, or to access and display files from a third-party document sharing service. The information we receive when you integrate our Services with a third-party service depends on the settings, permissions and privacy policy associated with that third-party service. Please check the privacy settings and privacy policy of these third-party services to understand what data may be disclosed to and shared with us.

4. How We Use Personal Data

We collect Personal Data for the following purposes:

To provide the Services and manage your access to and use of the Services: We use information about you to provide the Services to you, including to register you for the Services, process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.

To communicate with you about the Services and provide you with customer support: We use your contact information to communicate with you about the Services, respond to your customer support questions and requests, and to provide you notices regarding the Services (including notices about your account, product update announcements, security alerts, administrative notifications and the like). In connection with providing you with customer support, we may also use the information we automatically collect and information that you provide to us and consent for us to view and utilize as part of a support request so that we can respond to your request, analyze information related to your support request, and to repair or improve the Services. We may also provide you with tailored communications that are based on your interactions with the Services. For example, certain actions you take may trigger a third-party app suggestion or we may communicate with you as you begin using the Services to assist you as you learn to be proficient in your use of the Services. These communications are fundamental to the Services and in most cases you cannot opt out of them. If an opt out is available, you will find information about how to opt out in the communication itself or in your account settings.

For research and development: So that we can continually improve the functionality of our Services, we utilize our collective learnings about the way users interact with and use the Services, as well as feedback provided directly to us, to troubleshoot issues, fix bugs, enhance functionality, and identify areas for integration and improvement of the Services.

To market and promote our Services: We use your contact information and information about how you use the Services to communicate directly with you, including by sending you newsletters, promotions or information about current and future products and services. You may opt out of receiving such communications at any time by (i) clicking the unsubscribe link included in all the emails you receive or (ii) contacting us as indicated in Section 12 below (“Contact”).

For safety and security: We use information about you and the way in which you use the Services to verify accounts and activity, monitor for suspicious or fraudulent activity and identify violations of our Services policies.

To protect our legitimate business interests and legal rights: Where required by law, or where we think it is necessary to protect our legal rights and interests or the legal rights and interests of others, we use information about you in connection with legal claims, compliance and regulatory functions. If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, we will keep basic data to identify you and prevent further unwanted processing.

As used above, “legitimate interests” means our interests in conducting our business, managing and delivering the best Services to you. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

With your consent: We use Personal Data about you where you have given us consent to do so for a specific purpose not listed above. For example, with your permission we may publish testimonials or featured customer stories on our Websites to promote the Services, including names and profile photo of representatives of our customers alongside the testimonial.

While providing our Services, we may collect on behalf of our customers information related to our customers’ employees, customers and other individuals. Our use of information on behalf of our customers is governed by our contract with the applicable customer and the customer’s own privacy policies. We are not responsible for the privacy policies or privacy practices of customers or other third parties.

5 - Privacy Shield

FrontApp, Inc. complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. FrontApp, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov. FrontApp, Inc. is overseen by the US Federal Trade Commission (FTC). JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us at privacy@frontapp.com. If you are not satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles. Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, FrontApp, Inc. will provide individuals access to Personal Data about them. FrontApp, Inc. also will take reasonable steps to enable individuals to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.

FrontApp, Inc. is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to service providers. FrontApp, Inc. complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.

6 - European Union (EU) Individuals

Scope. This section applies if you are an individual in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Data Controller. FrontApp,Inc. is the data controller for processing of your Personal Data. We act as a data processor (or service provider) in relation to the Services we provide to our Customers. Our establishment in the EU is in France (FrontAPP SARL). To find out our registered officehow to contact us, please see the “Contact” section below.

Your Rights. Subject to EU data protection law, you have the following rights in relation to your Personal Data:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that Personal Data in an automated way. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing; or
    • If we are processing your Personal Data for direct marketing (you can always object using the unsubscribe link in our marketing communications).
  • Right to withdraw consent: If you have consented to our use of your Personal Data for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing of your data that has already taken place.
  • Right to make a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Please go to “Contact” for information on how to exercise your rights.

7 - Disclosure of Personal Data

Personnel, service providers. Only our personnel, service providers and trusted third-party applications have access to your Personal Data. These parties include hosting, back-up and other IT services providers, website analytics companies, providers of digital advertising services, providers of CRM, marketing and sales software solutions, billing and processing payments functions. We only provide such parties with the information that they need to perform the services we have hired them to provide.

Our Subsidiaries and Affiliates: Front is managed and operates primarily out of the United States and France. We allow our French subsidiary, FrontApp SARL, and its employees and agents to access your Personal Data for the purposes described in this policy (this sharing is in our legitimate interest).

Legal Requirements.We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of FrontApp, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

With Your Consent: We may share Personal Data about you with third parties when you give us consent to do so. For example, with your permission we may publish and display testimonials or featured customer stories on our Websites, including names and profile photo of representatives of our customers alongside the testimonial.

8 - Data Retention

8.1 - General Provisions

FrontApp may retain your Personal Data for a period of time consistent with the original purpose of collection. For instance, we may retain your Personal Data during the time you have an account to use our Websites or Services, or as agreed in our subscription agreements, and for a reasonable period of time thereafter. We also may retain your Personal Data as necessary to comply with our legal obligations, to establish proof of a right or a contract, resolve disputes, enforce our agreements, in accordance with the law.

8.2 - Provisions specific to credit card information

Your credit card information is stored no longer than the time necessary to allow the fulfillment of the transaction, except in the case of a subscription, to facilitate the payment of regular customers. In that case, credit card information is stored for the whole duration of your subscription and at least until the date at which you carry out your last transaction. Such storage is implemented by our secured payment service provider Stripe.

By subscribing to our Services, you agree to this storage. Data relating to the visual cryptogram or CVV2 on the back of your credit card is not stored. In the case of a payment by credit card, however, data relating to the credit card may be stored as intermediary archives for evidence purpose in the case of possible disputes regarding the transaction, for the duration provided by article L.133–24 of the French Monetary and Financial Code, i.e. 13 months from the debit date. This duration may be extended to 15 months, to take into account the possible use of delayed debit card.

9 - Data Security

We take all necessary precautions, as well as appropriate organizational and technical measures, to maintain the security, integrity and confidentiality of your Personal Data, and in particular to prevent it from being altered or damaged and to prevent any unauthorized third party from accessing it. We also use secured payment systems consistent with the state of the art and the applicable laws and regulations.

10 - Cookies

Cookies are small text files that are placed on your computer or mobile device when you visit a website, mobile app or use an online platform. Cookies are widely used by online service providers to facilitate and help to make the interaction between users and websites, mobile apps and online platforms faster and easier, as well as to provide reporting information. For more information about cookies and their impact on you and your browsing visit www.aboutcookies.org

Cookies set by the website and/or mobile app and/or platform owner (in this case, FrontApp) are called "first party cookies". Cookies set by parties other than the website and/or mobile app and/or platform owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website and/or mobile app and/or platform (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer or device both when it visits the website and/or mobile app and/or platform in question and also when it visits certain other websites and/or mobile apps and/or platforms. By choosing to use our the Websites after having been notified of our use of cookies in the ways described in this Privacy Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

Why do we use cookies? We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites and/or App and/or platform to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites and/or App and/or platform. Third parties serve cookies through our Websites and/or App and/or platform for analytics and other purposes. This is described in more detail below.

Our Websites cookies

Purpose Vendor How to refuse
Essential website cookies: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features. FrontApp, Inc. Because these cookies are strictly necessary to deliver the Websites and the Services to you, you cannot refuse them.
Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective are marketing campaigns are, or to help us customize our Websites for you.
  • Google Analytics
  • FullStory
  • Hubspot
  • Segment
  • Intercom
  • Vimeo
To refuse these cookies, please follow the instructions below under the heading "Managing Cookies” Alternatively, please click on the relevant opt-out link below:
  • Google Analytics
  • FullStory
  • You may opt out from Hubspot by clicking here (or if located in the European Union, by clicking here)
  • Segment does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.
  • Intercom does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.
  • Vimeo does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.
Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
  • Bing Ads
  • DoubleClick
  • Facebook Pixel
  • Google AdWords
  • Capterra
To refuse these cookies, please follow the instructions below under the heading "Managing cookies" Alternatively, please click on the relevant opt-out link below:
  • Bing Ads
  • DoubleClick
  • Facebook Pixel does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.
  • Google AdWords
  • Capterra does not appear to provide an opt-out link for its cookies. For more information about such cookies, please see this page.

Managing cookies: Most internet browsers allow you to erase cookies from your computer hard drive, block all cookies (or just third-party cookies) or warn you before a cookie is stored on your device. Please note, if you choose to block all cookies, our site will not function as intended and you will not be able to use or access many of the services we provide. If you have blocked all cookies and wish to make full use of the features and services we offer, you will need to enable your cookies. You can do this in your browser. Rather than blocking all cookies, you can choose to only block third-party cookies which will still allow our website to function as intended.

How We Respond to Do Not Track (DNT) Signals. Some internet browsers have incorporated “Do Not Track” features which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Services do not respond to this type of signal.

11 - Modifications

We reserve the right, at our sole discretion, to modify this Privacy Policy or any portion thereof. Any changes will be effective from the time of publication of the new privacy policy. If we believe that the changes are material, we will let you know by doing one (or more) of the following: (i) posting the changes on or through the Services, (ii) sending you an email or message about the changes. Your continued use of the Services after the changes have been implemented shall indicate your agreement with the terms of such revised privacy policy. Otherwise, and if the new privacy policy does not suit you, you must no longer use the Services.

12 - Contact

Have questions or concerns about Front and privacy? Contact us by email at privacy@frontapp.com or by post at:

FrontApp, Inc.
525 Brannan St, 300
San Francisco, CA 94107
USA
FRONTAPP SARL
15 rue Gambetta
91120 Palaiseau
France