Privacy Policy
Effective Date: September 12th, 2024
SpikeFli Analytics Corp. ("we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy outlines the types of information we collect, how we use and protect it, and the rights you have regarding your personal data when using our website and services.
1. Information We Collect
We may collect the following types of information when you interact with our website, use our services, or contact us:
- Personal Identification Information: Name, email address, phone number, company name, and job title.
- Payment Information: Credit card or billing information (processed by secure third-party providers).
- Technical Information: IP address, browser type, operating system, device type, and usage data through cookies and similar technologies.
- Service Data: Information related to your company’s telecom, IT, utilities, and other expense data that we manage through our platform.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Provision: To provide, manage, and improve our expense management platform and related services.
- Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical support.
- Billing and Payments: To process transactions and manage billing information.
- Analytics and Improvements: To understand how users interact with our website and platform to enhance user experience.
- Marketing and Communication: To send you relevant information about our services, including newsletters, offers, and updates, only with your consent.
3. How We Share Your Information
We do not sell or rent your personal information. We may share your data with:
- Service Providers: Third-party vendors who assist us in providing services (e.g., payment processors, IT support, cloud hosting).
- Legal and Regulatory Requirements: If required by law or in response to valid legal requests, such as subpoenas or court orders.
- Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
4. Data Security
We implement industry-standard security measures to protect your personal data from unauthorized access, use, or disclosure. Key security measures include:
- Data Encryption: All personal information regarding clients (e.g., manager lists, contact info) is encrypted. However, information provided by carriers (such as phone numbers, location, and cost-related data) is not encrypted but is protected through password protocols and SSL transaction security.
- File Upload Controls: File uploads are controlled by our integrated CRM, and only SpikeFli staff have access. Files are processed through Bernard (in-house owned program), which handles various data conversion functions, device list updates, and updates for available months. Files cannot be uploaded without using SpikeFli Bernard, ensuring full control over access.
- Malware Protection: We employ detection, prevention, and recovery controls to protect against malware, including file validation, SQL injection prevention, and virus protection. Authenticated users have limited capabilities to upload files, and non-authenticated users are not permitted to upload files.
- Incident Response: In the event of a data breach, we will notify affected clients immediately upon realizing the breach, in accordance with our Service Level Agreement (SLA).
- Firewall Rules: Firewall rules are restricted to only required access for Admin users, with Remote Desktop access available only from defined IPs. Non-application ports are disabled, and only Signal R, FTP (IP-restricted), and HTTPS are accessible.
- Public Network Security: Information passed over public networks is encrypted using SSL to protect against fraudulent activity, contract disputes, unauthorized disclosure, and modification. Authentication is required for access.
- Public Network Storage: Information stored on public networks is protected by OS and SQL security, with authentication required for access (session, validation, cookies), SSL transfer, and encryption of personal information. No static files are accessible, and data uploads are deleted immediately after processing into SQL.
5. Jurisdiction
SpikeFli supports clients primarily in Canada and the United States. Our data centers and servers are located in the U.S. and Canada, ensuring secure and compliant handling of client information.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request access to your personal data that we hold.
- Correction: Request corrections to any inaccurate or incomplete information.
- Deletion: Request deletion of your personal data where applicable.
- Opt-Out: Opt-out of marketing communications at any time by following the unsubscribe instructions included in our emails.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to track activity on our website and collect certain information. You can manage your cookie preferences through your browser settings.
8. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
9. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with the revised effective date.
10. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
SpikeFli Analytics Corp.
Email: info@spikefli.com
Phone: 833-571-2467
Address: PO Box 43082, Deer Valley, Calgary, AB, Canada. T2J 7A7
