Uberflip is committed to providing a barrier-free environment for all stakeholders including our clients/customers, employees, job applicants, suppliers, and any visitors who may enter our premises, access our information, or use our services.
To review Uberflip’s Accessibility Policy and Multi-Year Accessibility Plan, please click here.
If you are a person with disabilities and would like to request the above documents in an accessible format, please contact us by phone at 1-888-694-2946 or by email to Accessibility@uberflip.com.
Last updated April 25, 2023
What is a cookie?
Cookies are small text files sent by a website you visit to your computer or mobile device, which enables you to use the features and functionality of the website and services and to improve your experience. They are unique to your account or your browser. Cookies can be “session-based” or “persistent”: (1) session-based cookies last only while your browser is open and are automatically deleted when you close your browser and (2) persistent cookies last until you or your browser delete them or until they expire.
To find out more about cookies, visit this site.
How is Uberflip using cookies?
Some cookies are associated with your account and personal information in order to remember that you are logged in to your Uberflip Hub. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.
|Strictly Necessary||These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, however some parts of the Site will not function. These cookies do not store any personally identifiable information.|
|Performance||These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. The information collected from these cookies are aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.|
|Functional||These cookies enable the Site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.|
|Targeting||These cookies may be set through our Site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.|
|Social Media||These cookies are set by a range of social media services that we have added to the Site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.|
What third-party cookies does Uberflip use?
You can find a list of the third-party cookies that Uberflip uses on our Sites along with other relevant information in our Cookie Tables. Please note that the number and names of cookies, pixels and other technologies may change from time to time. Third-party cookies are limited to our Sites and are not used in our Services.
How are cookies used for advertising purposes?
Cookies and other tracking technology such as beacons, pixels, and tags help us market more effectively to users that may be interested in Uberflip. Advertising cookies may be used to conduct aggregated auditing, research, and reporting, and know when content has been shown to you. These cookies are limited to our Sites and are not used in our Services.
What can you do if you don’t want cookies to be set or want them to be removed, or if you want to opt out of interest-based targeting?
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis. You can disallow cookies from all sites except those that you trust. You may also change your cookie preferences and settings at any time by clicking on the Manage Your Settings button below.
MANAGE YOUR SETTINGS
Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (https://optout.aboutads.info/). In addition, on your iPhone, iPad or Android, you can change your device settings to control whether you see online interest-based ads.
If you limit the ability of websites and applications to set cookies, you may restrict your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings, such as login information.
Does Uberflip respond to Do Not Track Signals?
Our Sites and Services do not collect personal information about your online activities over time and across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such signal.
Collection & Use of Information
Information we maintain on behalf of our Customers
Uberflip helps marketers and other Customers create, manage and optimize the content experience on their websites by aggregating existing marketing content (blogs, social media, eBooks, videos and more), into an online content area that we call a “Hub”, and also provide content management solutions to Customers (collectively, the “Services”). We are a Business to Business (B2B) organization targeting our Services to companies and are not for individual consumers.
Our Customers choose what information to collect or make available through the Services we provide on their behalf, and the Customer’s end users interacting with the content or Services (“Audience Members”) may upload or post information to the Services (collectively, “User Content”). Depending on the Customer, User Content may contain personal information. We receive and maintain this information on behalf of our Customers in order to provide the Services, and we do not use such information for any other purpose except as set out herein or as otherwise required or permitted by applicable law. We rely on our Customers to comply with applicable privacy and related laws when collecting, using or disclosing personal information in connection with the Services.
Our Website and Services are not intended for use by children and should only be accessed by individuals who are at least 18 years of age and are using the Website and Services for business purposes.
If you have signed-up to receive marketing communications from one of our Customers and now wish to unsubscribe, please contact the Customer directly as we are not responsible for the sending of such communications.
To learn more about information we maintain on behalf of Customers, see also the sections entitled “Website Data and Analytics”, “Online Advertising” and “Social Media” below.
Information we collect and use
- Some of our Services require you to create an account. If you create an account, we may collect information such as name, company name and contact information (including email address, mailing address, telephone number), payment card information, as well as a username and password that you provide. We use this information in order to provide the Services you request and to process payments. We may also use this information to offer you tailored content within some of our Services.
- If you sign-up for a free trial, demo, event, webinar or other offer, we may collect your name, job title, and business contact information (including email address, phone number) and certain information about your company. We use this information to contact you and otherwise facilitate or provide you with your offer.
- If you sign-up to receive alerts to changes to our Sub-Processor List webpage, we may collect your business email address, which will be used to provide you with updates to our Sub-Processor List.
- If you sign-up to receive marketing communications from Uberflip, we collect your name and email address in order to send you mail or e-mail regarding products and services that we believe are of interest to you. Similarly, if you subscribe to receive email notifications regarding a discussion on our Website, we collect your email address in order to send you the notifications you request. You may also be added to our marketing list when you create an Uberflip account. If you do not want to continue to receive such marketing and promotional communications from us, you may “opt-out” at any time by using the unsubscribe mechanism in any of our emails or by contacting us as set out under “Contact Us” below http://mktg.uberflip.com/email-preferences.html). Please note that you may continue to receive certain transactional and account-related messages from us.
- If you apply for a job at Uberflip, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purpose of processing and responding to your application for current and future career opportunities.
- If you contact us with a question, comment or complaint, we may collect your name and business contact information (such as your email address or mailing address) in order for us to respond to your request. We may also keep a record of the correspondence in order to assist you in the future.
- If you post or otherwise provide us with comments, suggestions and other feedback, we may use your comments, suggestions or feedback to monitor and/or improve our products, Services and Website.
- We collect usage data from Customers who use our Services in order to assist them with making full use of our Services as well as service improvements. This data may include feature usage, time to complete actions, date and time of use, user ID, activity undertaken, session length, error rates, and number of forms created.
- We collect data such as IP addresses, login attempts, general geo-location, and configuration changes to ensure the safety and security of our Services and Websites.
Website Information and Analytics
In general, you can visit our Website or a Hub we maintain on behalf of one of our Customers without indicating who you are or submitting any personal information. However, we collect and/or maintain the IP (Internet protocol) addresses of all visitors to the Website or a Hub and other related information such as page requests, browser type, operating system and average time spent on the Website or Hub. We use this information to help us understand website activity and to monitor and improve the Website or Hubs. Our Customers (the Hub owner) may provide us additional information to associate with your browsing activity on the Hub that we manage; this may include marketing campaigns and personal information you may have provided to our Customers. Uberflip does not control this information and only uses it at the direction of our Customers. Inquiries about the type and exercising your data rights should be directed to the Hub owner.
Device Fingerprints: The Website and Hubs also use a technology called “device fingerprinting” or “fingerprinting”. Device fingerprinting is a way to combine certain attributes of a device — like what operating system it is on, the type and version of web browser being used, the browser’s language setting and the device’s IP address. This information is shared by a web-browser automatically and is not controllable by a user. However, in order to maintain a user’s privacy, Uberflip collects information that does not fall under the definition of Terminal Equipment under the ePrivacy Directive in the EU. This means that Uberflip only collects IP addresses (served by your ISP provider) and user-agent information (shared by the browser and not from your device). Additionally, when collecting this information, it is automatically hashed (pseudo-anonymized hash) and salted every 30 days at the maximum to ensure that Uberflip never knows who you are while being tracked through fingerprinting technology.
Tracer Tags & Web Beacons: The Website or Hubs may also use a technology called “tracer tags” or “Web Beacons”. This technology allows us to understand which pages you visit on the Website or Hubs. These tracer tags are used to help us optimize and tailor the Website or Hubs for you and other future visitors to the Website or Hubs.
Analytics: We collect information about the Services that you use and how you use them, which may include the pages most read, time spent, zoom pattern, search terms and other engagement data. We use this information in order to better understand and improve the Uberflip Website and our Services.
When you visit one of our Customer’s Hubs, we collect this information on behalf of our Customer and provide our Customer with reports in aggregate form regarding the usage of their Hub so that they can better understand the engagement of Audience Members who access and interact with their User Content. We may also combine this information with contact information you input on our Customer’s Hub or Website and data from third party providers, and provide it to the Customer so that they may better understand your preferences and tailor their communications to you. We provide our Customers with management features to allow you to enable or selectively select how much information we are permitted to collect from their Hub visitors.
We provide analytics to our Customers through our own proprietary dashboards. We may also use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the Customer Hubs in order to evaluate and improve the user experience and the convenience of the Hubs, and to help us evaluate some of the specific information related to your Hub visits on our Customer websites. For more information or to opt-out, see “How Google uses data when you use our partners’ sites or apps”. We provide our customers management features to allow you to set your preferences surrounding the use of third party analytic services.
Online Interest-Based Advertising
We also work with third-parties such as ad networks and other advertising companies that use their own tracking technologies (including cookies, tracer tags, web beacons and pixel tags) on our Website and other websites in order to provide you with tailored advertisements on our behalf across the Internet (including social media websites and apps). These companies may collect information about your activity across your different devices on our Website and third-party websites (such as web pages you visit and your interaction with our advertising) and use this information to deliver ads that are more relevant and tailored to you on our Website and third party websites. We provide you notice when arriving at our Website to accept or reject this activity.
We adhere to the Digital Advertising Alliance of Canada’s (DAAC) Self-Regulatory Principles for Online Behavioral Advertising. To learn more about this interest-based advertising practice and to understand your options, including how you can opt-out of receiving interest-based ads from participating third-party advertising companies, please visit the Digital Advertising Alliance website at http://www.aboutads.info/choices/ or the Digital Advertising Alliance of Canada website at www.youradchoices.ca/choices.
To successfully opt-out, you must have cookies enabled in your web browser. Please see your browser’s instructions for information on cookies and how to enable them. Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each device that you use. Once you opt out, if you delete your browser’s saved cookies, you may need to opt-out again.
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and may still see ads from us, but the ads will not be targeted based on behavioral information about you and may therefore be less relevant to you and your interests.
For instructions on how to opt-out of Uberflip specific advertising, please visit https://www.uberflip.com/legal/#cookie-policy
We may offer our Customers and their Audience Members with the opportunity to engage with content or Hubs on or through third-party social networking websites, plug-ins and applications. When Audience Members engage with content on or through third-party social networking websites, plug-ins and applications, they may allow us to have access to certain information associated with their social media account (e.g., name, username, email address, profile picture, gender) to deliver the content or as part of the operation of the website, plug-in or application. When these Audience Members provide information from their social media account, we may use this information to personalize their experience on the Customer Hub and on the third-party social networking websites, plug-ins and applications, and to provide other products or services the Audience Member may request on behalf of our Customer.
Audience Members to Uberflip’s own Websites may engage with us through third-party social networking websites, plug-ins and applications and permit us to have access to information associated with their social media account (e.g., name, username, email address, profile picture, gender) to deliver content or information. We may use this information to personalize their experience on our own Websites and provide information that they may have requested.
In addition to the procedure for access and deletion outlined in this Policy, you may also revoke access to data via the Google security settings page at https://security.google.com/settings/security/permissions.
Location and Device Information
If you use a location-enabled service, we may obtain your consent to collect information about your device’s physical location in order to provide you with relevant content and to better understand our Customers and Audience Members. We may collect this information based on IP address or nearby WiFi access points and cell towers. You can change your device settings to allow or block the collection of location information. Please note that if you turn off the collection of location information, we may not be able to provide all services to you.
Transfers and Disclosures of Personal Information
Hubs: Hubs are website pages that we are hosting on behalf of our Customers. If you interact with a Hub, we collect information you provide as postings (such as any comments you may post). Please remember that any information that you provide in these comment areas is accessible to the public, and you should exercise caution when deciding to disclose any personal information about yourself or anyone else.
Data Sub-processors (Service Providers): In connection with our Website or the Services we provide to our Customers, we may transfer personal information to data sub-processors who provide services on our behalf in Canada, the United States or other jurisdictions. Our data sub-processors are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own purposes. For example, we may use data sub-processors to host the Website or Hubs, send email or other communications, generate leads, process payments, provide analytics and advertising services, moderate online discussions, and run our contests and surveys. To view our current Data Sub-processor List, please go to https://www.uberflip.com/legal/sub-processors. For additional information about the way in which our data sub-processors treat personal information, please contact us as set out in the “Contact Us” section below.
Sale of Business: We may disclose or transfer personal information to a third party as an asset in connection with prospective or completed merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Uberflip, or as part of a corporate reorganization or stock sale or other change in corporate control.
Legal obligations: We, our affiliates and our Canadian, U.S. and other data sub-processors may provide your personal information in response to a search warrant or other legally valid inquiry or order, in the case of a breach of an agreement or contravention of law, for the purposes of detecting, preventing or suppressing fraud, or as otherwise required or permitted by applicable Canadian, US or other law (which may include lawful access requests by courts, law enforcement and government institutions in such foreign jurisdictions). Where disclosure of our Customer’s information is required by applicable law, we promptly notify our Customer prior to complying with such requirements (to the extent we are not prohibited from doing so).
We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspect loss or harm to persons or property.
Aggregate Data: We may share aggregated, non-personally identifiable information publicly or to potential Customers, such as to show trends about the general use and effectiveness of our services. We use aggregate usage data such as login activity (amount, success, failures), time to complete actions, feature usage for purposes including in order to assist Customers using and improving our services.
Sale or Sharing of Personal Information with 3rd parties: We do not engage in the selling of the personal information of our Customers or Prospects. We may share information about our Customers to other third parties for direct business development purposes. Customers can opt-out of data sharing at any time. We do not sell or share personal information that has been provided to us through the use of the Services to third parties.
Uberflip understands and takes data security and protection of personal information seriously. We implement and maintain reasonable administrative, technical and physical safeguards in an effort to protect personal information in our custody and/or under our control against unauthorized access, use, modification and disclosure.
Uberflip provides its Customers abilities to protect personal information through security features such as account password protection and role-based access permissions.
Additionally, Uberflip maintains strict access control internally to prevent unauthorized access to personal information.
Uberflip also continues to monitor, evaluate and respond to privacy incidents affecting our Customers and/or visitors of our Website and Services. In the event Uberflip determines an incident qualifying as a breach of our data protection safeguards, we will provide timely notification and information, to the extent permitted by law, to affected Customers and/or individuals directly impacted by the incident.
Data Storage and Retention
Any personal information collected by Uberflip on behalf of our Customers or by Uberflip directly is stored in servers hosted by our cloud service providers. We take reasonable steps to ensure our service providers adhere to Uberflip’s security standards applicable to personal information. As an Uberflip Customer, where you have chosen a password to protect your personal information or to gain access to certain Services, you are responsible to keep your password confidential. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages).
Uberflip’s Services are primarily hosted in our service providers’ Canadian or United States hosting regions and backed up in regions in the United States. We may use other service providers and data sub-processors that may be located outside of Canada and the United States.
We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes for which it was collected or provided to us or to otherwise meet legal requirements.
You may request to have your personal information removed from Uberflip, however it may not be possible to completely delete all your personal information due to technological and legal constraints. Uberflip takes reasonable steps to ensure data is destroyed securely or is de-identified and/or anonymized as necessary.
Exercising Individual Rights
Uberflip acts as a data processor / supplier for its customers. The information we collect is based on their instructions by purchasing our Services. If we receive a request from an individual to exercise their rights under applicable law we maintain on behalf of a Customer, we will direct that individual to the relevant Customer. We provide features allowing our Customers to fulfill these requests directly and we will provide assistance when necessary in responding to individual rights requests.
Subject to limited exceptions prescribed by law, you may otherwise request to exercise your rights as given under applicable laws pertaining to your personal information under our control by submitting a written request and satisfactory identification to Uberflip at the contact information set out under Contact Us below.
As part of Uberflip’s ongoing commitment to the privacy and protection of our customers’ personal data, please click here for the lists of sub-processors that we work with currently.
Last Updated: Aug 15, 2023
Uberflip maintains technical, organizational and procedural measures and controls to protect and maintain the confidentiality, integrity, and availability of Customer Data (“Security Practices”). These measures take into account the sensitivity of the information Uberflip collects, processes and stores; the current state of technology; the costs of implementation; and the nature, scope, context, and purposes of the data processing Uberflip engages in. ). Any capitalized terms used but not defined herein shall have the meaning set forth in the Uberflip Services Agreement or similar agreement entered into between Flyp Technologies Inc. d.b.a Uberflip and Customer where referenced therein (the “Agreement”). Uberflip’s Security Practices include the following listed below.
1. Awareness and Training
Uberflip maintains a comprehensive security program. Uberflip recognizes the importance of implementing appropriate technical and organizational security measures and security controls to prevent any unauthorized access, disclosure, alteration, or destruction of Customer Data.
- All employees are bound by terms regarding the confidential treatment of Customer Data. Uberflip employees receive security and policy training upon hire and on an ongoing basis at least annually thereafter. Uberflip requires its developers and engineers to periodically attend additional role-based security training such as secure code development training.
- Uberflip conducts appropriate pre-employment screenings applicable with the nature of the role, which may include background checks for particularly sensitive positions, solely as, where permitted under applicable law.
2. Security Certifications and Attestations.
- Service Organization Control (SOC) Reports: Uberflip engages accredited third parties to perform annual Soc 2 Type II audits and SOC 2 Type I attestations. A copy of Uberflip’s most recent report is available upon request for existing customers or for prospective customers who agree to our confidentiality terms under a non-disclosure agreement. Uberflip
- Penetration Testing: Uberflip’s Services is subject to annual penetration testing performed by an independent third party.
3. Product Security
3.1 Product Development Practices.
Uberflip follows a secure Software Development Lifecycle (SDLC) for developing products, services and features. The secure SDLC process includes code reviews and quality assurance testing, security assessments such as static code analysis, quarterly vulnerability scanning and annual penetration testing.
Prior to implementation, system and application changes must meet the defined product acceptance criteria. System and application changes go through a review process which includes conducting tests on the systems and applications and the relevant security controls, as applicable.
3.2 Cryptographic Controls
Uberflip leverages cryptographic controls and industry standard encryption algorithms available within Uberflip’s cloud service provider’s infrastructure to ensure that Customer Data is encrypted at rest. Customer Data transmitted over public networks or via unsecure channels are protected using TLS 1.2 or greater encryption. Cryptographic controls are present on production and staging environments. All Uberflip internal service components leverage encryption to protect data transmitted across the Services.
3.3. Network Security and Operations
All web services within the Services are TLS-enabled (for TLS 1.2+).
Uberflip leverages edge load balancers with autoscaling, security groups and throttling rules to protect Uberflip’s network infrastructure supporting the Services. Uberflip has separate development, staging and production environments where staging and production environments are configured with the same controls to protect network infrastructure. Regular backups of essential business information are maintained through cloud service providers for the Services.. Uberflip uses a backup cycle which is regularly reviewed and includes event logs, recordings of user activities, exceptions, faults, and information security events.
3.4 Customer Data Controls
Uberflip has built-in Customer Data controls which are utilized to provision and deprovision access, segregate data, allow certain data sharing and to backup Customer Data.
Access to Customer Data
Unless otherwise agreed, Uberflip shall restrict third-party access to Customer Data. Uberflip personnel may have access to Customer Data solely for the purpose of supporting the Customer as requested or as outlined per Uberflip’s obligations under the Agreement. Appropriate controls are in place to allow role-based access to the Customer Data via the Services and to restrict access to Customer Data by anyone who should not have access to it. Activity conducted while accessing Customer Data is logged. At any given time, the Customer may block access to Uberflip personnel by enabling the “Block Support/Management Access” setting using the security tab of their account settings.
Customer Data Segregation
Customer Data at rest is logically segregated. Uberflip provides the necessary mechanisms to enable Customers to allow access and authorization controls for Users within the Services.
Customer Data Sharing
Uberflip may use third-party service providers in the provision of the Services. Those that may have access to Customer Data are listed as Uberflip’s sub-processors located here. The data uploaded by the Customer in the Services will be hosted in the region(s) as stated in the Sub-Processor List.
Customer Data Back-ups
Regular back-ups of Customer Data are performed automatically by Uberflip’s underlying infrastructure as a service/platform as a service (IaaS/PaaS) provider. Customer Data is backed up across multiple availability zones and may be backed up across multiple regions.
Backups of Customer Data are continuous and incremental, ensuring data is available for restore at any point during Uberflip’s backup retention period. Uberflip does not back up Customer Data for a single Customer and cannot restore a single Customer’s Customer Data. The backups are encrypted in the same way as live production data. Uberflip’s default backup retention period is 14 days.
3.5 Logging and Monitoring
Logging capabilities are built into the Services which captures informational events, errors and warning messages relevant to the Services, as well as audit trails for actions performed.
Uberflip leverages monitoring tools and services to log activity within its network and infrastructure. Operational logs are used for monitoring uptime and availability of infrastructure and the Services. Security logs are used for identifying security incidents, fraudulent activity, auditing and forensic analysis, supporting investigations, establishing baselines and identifying trends and potential long-term problems.
3.6 Personal Information Protection
Uberflip encourages Customers to minimize the import of Personal Information into the Services, including within Customer’s material uploaded within the Services. Uberflip’s protection of Personal Information is governed by the Data Protection Agreements (the “DPA”) executed between the Parties in accordance with any applicable legislation such as PIPEDA or GDPR.
Personal Health Information (PHI)
Uberflip’s Services do not require the use and processing of Personal Health Information. Uberflip encourages Customers to avoid the import of Personal Health Information into the Services.
3.7 Antivirus and Malware
Uberflip performs regular testing of first-party and third-party code included in the Services.
Uberflip deploys, maintains, and updates anti-malware protection within its operating environment and on corporate computing resources.
3.8 Vulnerabilities Management
Vulnerabilities identified in the Services are mapped to industry-standard Common Vulnerability Scoring System (CVSS) methodology (i.e., critical, high, medium, and low). Identified vulnerabilities are remediated in a timely manner within internally defined timeframes.
Uberflip shall perform annual penetration testing for the Services that process Customer Data, including after significant system and application changes.
Technical vulnerabilities of information systems used are assessed in a timely fashion, and appropriate measures are taken to address the associated risk and the organization’s exposure to such vulnerabilities.
3.9 Service Availability
Uberflip provides the Services in accordance with the Service Level Agreement. The current status of the Services can be viewed at https://www.uberflip-status.com. Customers can subscribe to the application status page for real-time updates.
4. Internal Security
4.1 Access Controls
Uberflip employees are granted logical access to business resources in order to conduct their duties in accordance with the nature of their role.
Uberflip employs a password policy, along with single sign-on on all enterprise applications and systems.
Uberflip users’ logical access to business applications is controlled and logged. Uberflip has logging enabled for log-on activities on systems and generates alerts for unusual log-on behavior.
Uberflip enforces the principles of “least privilege” and “need to know”.
4.2 Risk Management
Uberflip has a risk management process in place designed to reduce the risks to an acceptable level. Risk assessments are conducted at least annually and identified risks are mitigated according to severity and business priorities.
4.3 Physical Security
Physical security measures are implemented by Uberflip’s infrastructure vendors and cloud service providers to prevent unauthorized physical access, damage caused by physical and environment threats and interruptions to Uberflip.
Uberflip reviews security reports provided by its cloud service provider to ensure adequate physical security controls are used such as:
- Visitor management, including tracking and monitoring physical access.
- Physical access points to server locations that are managed by electronic access control devices.
- Monitor and alarm response procedures.
- Use of CCTV cameras at facilities.
- Video capturing devices in data centers with 90 days of image retention.
4.4 Asset Management
Uberflip has asset management processes to ensure that assets are procured, inventoried and managed in a way to protect Uberflip employees and applicable information. Assets are tracked and monitored throughout their life cycle to ensure up-keep, maintenance and to prevent vulnerabilities or exposure to threats that could compromise the asset or the information it contains. Employees are required to return all equipment upon termination of employment.
4.5 Data Disposal and Destruction
Uberflip has controls in place to mitigate the risk of improper and unsecure disposal or destruction of data, technology equipment and components owned by Uberflip. This includes mitigating the risks of over-writing, erasing and physically destroying removable media/mobile devices, or securely erasing storage space allocated by cloud services according to the cloud service provider’s methodology.
Uberflip restricts the storage of Customer Data locally, on employees’ devices and on removable media.
4.6 Vendor Risk Management
Uberflip maintains a vendor risk management program through which it assesses and manages the risks associated with each vendor. Uberflip takes into account the type and amount of Uberflip and/or Customer Data that vendors receive, store, process, host or have access to via Uberflip network and systems.
Uberflip ensures that all vendor agreements maintain the same level of confidentiality and security as offered by Uberflip, depending on the purpose and risks associated with the vendor.
5. Incident Management and Business Continuity
Uberflip maintains security incident management policies and procedures in which Uberflip notifies impacted customers without undue delay of any unauthorized or unlawful access, disclosure, loss, alteration and destruction of Customer Data, to the extent permitted by law
Uberflip annually tests and reviews business continuity plans (BCP) and disaster recovery plans (DRP) to validate the ability to timely restore the availability and access to Customer Data in the event of a service outage or data breach. The business continuity and disaster recovery plans include: (a) availability requirements for the Customer, specifying critical systems; (b) Uberflip’s agreed upon recovery point objective (RPO) and recovery time objective (RTO); (c) clearly defined roles and responsibilities; (d) provisions for a geographically separate site subject to physical and environmental controls; and (e) backup and restoration procedures that include sanitation, disposal, or destruction of data stored at the alternate site.
6. Policy Monitoring, Testing and Review
Uberflip reviews policies at least annually and updates as needed to ensure that policies comply with changes in law, common industry standards, organizational practices, and contractual obligations that are applicable to the risks faced by Uberflip.
Uberflip Services Agreement
Last Updated: February 28, 2021
This services agreement (the “Agreement”) is between Flyp Technologies Inc. d.b.a. Uberflip (“Uberflip”) and Customer as of the Effective Date (as defined in Section 1 below) and governs Customer’s use of the Platform and Services as specified in the applicable ordering documents signed by the parties, including any exhibits thereto (each, an “Order Form”, which are incorporated by reference herein). In the event of a conflict between this Agreement and an Order Form, the terms of the Order Form shall control. Uberflip reserves the right from time to time, to update the Agreement in its sole discretion. If Uberflip does so, it will post the modified Agreement at https://uberflip.com.com/legal/services-agreement.
(a) “Agreement” has the meaning set out in the introductory paragraph of this Agreement.
(b) “Billing Period” means the date as set out in the Order Form.
(c) “Customer Data” has the meaning ascribed to it in Section 4(b), and includes Personal Information (if any).
(d) “Effective Date” means the last date on which both Parties have signed the applicable Order Form.
(e) “Feedback” means any suggestions, enhancement requests, recommendations or other feedback provided by Customer to Uberflip relating to the Uberflip Offering or the operation of the Services.
(f) “Fees” means the fees and other charges that apply to Customer’s initial setup and ongoing access to and use of the Services, payable based on Customer’s then-current Subscription Package in the amounts and frequency indicated in the Order Forms or as otherwise communicated by Uberflip to Customer from time to time.
(g) “Initial Term” means the period of time indicated in the Order Form.
(h) “Offering” means, collectively, the Platform and the Services.
(i) “Personal Information” means information about an identifiable individual transferred by Customer or its permitted agents to Uberflip hereunder, and any personal information derived or otherwise create by Uberflip in connection therewith.
(j) “Platform” means, collectively, the Website and all systems of Uberflip and Uberflip’s third-party suppliers that are used in the provision of the Services.
(k) “Services” has the meaning set out in the Order Form.
(l) “Subscription Package” means the products and services package that Customer subscribes for. The initial Subscription Package as of the Effective Date is indicated in the Order Form. During the Term, Customer may upgrade (but not downgrade) that initial Subscription Package using any then-available interfaces of the Platform.
(m) “Term” means the duration of this Agreement.
(n) “Website” means, collectively, the Uberflip websites, including the website located at: http://uberflip.com.
(b) Subcontractors. Customer acknowledges and agrees that Uberflip may use subcontractors in the performance of the Services, provided that the use of a subcontractor will not release Uberflip from any of its obligations pursuant to this Agreement.
(c) Provisioning of the Platform. Uberflip will: (i) provide to Customer basic support through the Website as described more fully in Section 8 (Customer Support); and (ii) use commercially reasonable efforts to make the Platform reasonably available with minimal downtime; except for: (A) downtime and scheduled upgrades (as described more fully below); and (B) unavailability caused by circumstances beyond Uberflip’s reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labour problems, Internet service provider failures or delays, or the unavailability of any third-party provided goods or services.
(d) Platform Updates and Scheduled Downtime. Uberflip may update the functionality and user interface of the Platform from time to time in its sole discretion as part of its ongoing mission to improve the Offering and the use of the Offering by Uberflip’s other customers. Uberflip may from time to time schedule downtime for maintenance and upgrades. Uberflip will provide advance notice for scheduled downtime, except for scheduled downtime during the hours of Sunday at 5:00 am ET to 11:00 am ET (the “Maintenance Window”), or where such downtime is required, in Uberflip’s sole discretion, in order to conduct urgent maintenance or upgrades.
(e) No Responsibility for Data Storage and Backup. Uberflip cannot guarantee that the Platform will provide regular data backups of any Customer Data stored on it. It is Customer’s responsibility to backup onto Customer’s own local system all Customer Data, including all data, files and records that Customer submits to Uberflip.
3. License Grants.
(a) License Grants by Uberflip. Subject to the terms and conditions of this Agreement and Customer’s compliance therewith, Uberflip grants to Customer a revocable, non-exclusive, non-transferable license during the Term to access and use the Platform over the Internet and through the then available standard interface for the Platform in connection with receiving the Services in accordance with this Agreement.
(b) License Grant by Customer. Subject to the terms and conditions of this Agreement, including Uberflip’s confidentiality obligations, Customer grants to Uberflip a transferrable, sublicenseable, royalty-free, fully paid-up, worldwide license to copy, use, reproduce, modify, develop, access, collect and store the Customer Data solely for the purpose of providing the Services.
4. Reservation of Rights.
(a) Rights Reserved by Uberflip. Uberflip expressly reserves all rights in the Services, the Platform and all materials (other than Personal Information) provided by Uberflip hereunder and not specifically granted to Customer (“Uberflip Property”). All right, title and interest in the Uberflip Property, as well as any update, modification, adaptation, translation, customization or derivative work thereof, and all intellectual property rights therein will remain with Uberflip (or Uberflip’s third party suppliers, as applicable). The Uberflip Property is licensed on a subscription basis on the terms and conditions of this Agreement and not “sold” to Customer.
(b) Rights Reserved by Customer. Customer expressly reserves all rights in any data, information, records and files that Customer (or any User) loads, transmits to or enters into the Platform, including data that the Platform is configured to obtain from Customer’s servers or systems or from third parties on Customer’s behalf (the “Customer Data”), subject to the license that Customer grants Uberflip in accordance with the provisions of this Agreement, and provided that Customer does not acquire any intellectual property rights in the Services, the Platform or any elements of any of the foregoing.
(b) Internet Security Disclaimer. As between Uberflip and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Customer understands that the technical processing and transmission of Customer Data is fundamentally necessary to use of the Services. Therefore, Customer expressly consents to Uberflip’s storage of Customer Data, which will involve transmission over the Internet, and over various networks, only part of which may be owned and/or operated by Uberflip. Customer acknowledges and understands that Customer Data may be accessed by unauthorized persons when communicated across the Internet, network communications facilities, telephone or other electronic means. Uberflip is not responsible for any Customer Data which is delayed, lost, altered, intercepted or stored during the transmission of any data whatsoever across public networks not owned or operated by Uberflip, including, the Internet, third party websites, and Customer’s local network. Customer agrees that Uberflip is not in any way responsible for any interference with Customer’s use of or access to the Services or security breaches arising from or attributable to the Internet, and Customer waives any and all claims against Uberflip in connection therewith.
(c) Limitation, Suspension or Termination of Access. In addition to any other suspension or termination rights of Uberflip pursuant to this Agreement, certain extraordinary circumstances may require Uberflip to suspend, terminate or limit (as appropriate and as determined in Uberflip’s sole discretion) Customer’s access to or use of the Platform or the Services, or any component thereof, without notice in order to: (i) prevent any misuse or abuse of the Offering; (ii) prevent any damage to, or degradation of the integrity of Uberflip’s systems or Uberflip Offering; (iii) comply with any law, regulation, court order, or other governmental request or order; or (iv) otherwise protect Uberflip from potential legal liability or harm to its reputation or business. Uberflip also reserves the right to approve, reject, cancel or remove any Customer Data or other content that is posted on, provided or uploaded to, or transmitted through the Platform or the Services at any time and for any reason in Uberflip’s sole discretion, and Uberflip will not be liable or responsible for exercising this right. Uberflip will use commercially reasonable efforts to notify Customer of the reasons for such limitation, suspension or termination action as soon as reasonably practicable. In the event of a limitation or suspension, Uberflip will promptly restore Customer’s access to the Offering as soon as the event giving rise to the limitation or suspension has been resolved, as determined in Uberflip’s sole discretion. Nothing contained in this Agreement will be construed so as to limit Uberflip’s ability to take action or invoke remedies, or act as a waiver of Uberflip’s rights in any way with respect to any of the foregoing activities. Uberflip will not be responsible for any loss or damages incurred by Customer as a result of any limitation, termination or suspension of access to or use of the Platform or the Services under this Section.
6. Customer Responsibilities and Restrictions.
(a) Customer ID. Upon Customer’s request, but subject to any applicable limitations associated with Customer’s Subscription Package, Uberflip will issue user identification and password (“User ID”) to Customer for each individual Customer wishes to have access to and use of the Offering (each, a “User”). Customer may only identify its partners, shareholders, employees and contractors who, in each case, are bound by confidentiality restrictions at least as restrictive as this Agreement as Users. Users may only access and use the Platform and the Services through a User ID issued to Customer. Customer will not allow Users to share their User ID with any other person. Customer is responsible for any and all activity occurring under the User IDs associated with Users. Customer is responsible for all use of the Offering by Users and for maintaining the confidentiality of their User ID and will promptly notify Uberflip of any actual or suspected unauthorized use of the Offering. Uberflip reserves the right to replace any User ID if it determines it may have been used for an unauthorized purpose.
(b) Customer Responsibilities and Restrictions. Customer agrees that Customer is responsible for the compliance by the Users with this Agreement and for the Users’ use of the Offering, as well as for ensuring that the Users maintain the confidentiality of their User IDs. Customer agrees that Customer is responsible for all charges incurred by the Users in connection with access to or use of the Offering and generally for any activity occurring through a User ID. Without limiting the generality of any of the foregoing, Customer agrees that Customer will not, and will not permit any person to:
(i) use the Offering other than as permitted by this Agreement;
(ii) use the Offering to send, store, publish, post, upload or otherwise transmit any Customer Data in violation of any warranty, representation or obligation of Customer under this Agreement;
(iii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Offering (in whole or in part) available to any third party, other than to the Users, or as otherwise expressly contemplated in accordance with this Agreement;
(iv) use the Offering to upload, collect, transmit, store, use or process, or ask Uberflip to obtain from third parties, any Customer Data: (A) that Customer does not have the lawful right to copy, transmit, distribute, and display (including any Customer Data that would violate any confidentiality or fiduciary obligations that Customer might have with respect to the Customer Data); (B) for which Customer does not have the authority, consent or permission from the individual(s) to whom the Personal Information relates in accordance with applicable privacy legislation; (C) that infringes, misappropriates or otherwise violates any intellectual property or other proprietary rights of any third party (including any copyright, trademark, patent, trade secret, or other intellectual property right, or moral right or right of publicity); (D) that is tortious, defamatory, obscene, or offensive; or (E) that violates, or encourages any conduct that would violate, any applicable law or regulation (including applicable privacy and anti-spam legislation) or would give rise to civil or criminal liability.
(v) use the Offering to send, store, publish, post, upload or otherwise transmit any viruses, Trojan horses, worms, time bombs, corrupted files or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any systems, data, personal information or property of another;
(vi) continue to use the Offering in a manner that interferes with or disrupts the integrity or performance of the Offering following a notice from Uberflip of such use;
(vii) attempt to gain unauthorized access to the Offering or its related systems or networks;
(viii) use or knowingly permit the use of any security testing tools in order to probe, scan or attempt to penetrate or ascertain the security of the Offering;
(ix) use any data mining, robots or similar data gathering or extraction methods (including electronic address harvesting);
(x) access the Offering for the purpose of building a similar or competitive product or service or for the purpose of obtaining unauthorized access to the Offering; or
(xi) copy, translate, create a derivative work of, reverse engineer, reverse assemble, disassemble, or decompile the Offering or any part thereof or otherwise attempt to discover any source code or modify the Offering, except as expressly provided for in this Agreement.
(c) Customer Responsibility for Customer Data. Customer has sole responsibility for providing all notices, making all disclosures and otherwise obtaining all necessary consent and authority required by and in accordance with applicable laws regarding Customer Data (including any Personal Information). Uberflip will use the Customer Data it is provided by Customer or third parties in performing the Services “as is”, and is not responsible for reviewing, validating or otherwise confirming the accuracy, appropriateness or completeness of Customer Data.
(d) Removal of Customer Data on Request by Customer. Customer may control the Customer Data stored by the Services, including (subject to Section 10(b)) by deleting or requiring Uberflip to delete all or part of the Customer Data (including Personal Information) at any time.
(a) This Agreement will commence on the Effective Date and continue in effect until the earlier of: (i) the expiration or termination of the last Order Form; and (ii) termination of this Agreement in accordance with the terms hereof.
(b) Any Services shall commence on the Effective Date as specified in the applicable Order Form and shall be valid thereafter for the Initial Term specified in the Order Form unless earlier terminated in accordance with this Agreement. Unless either Party gives the other written notice to the contrary at least 60 days prior to the expiry of the Initial Term or the applicable Renewal Term, the Services will automatically renew on the terms and conditions set out herein for successive renewal terms, each of the same length as the Initial Term, or as otherwise set out in the Order Form (each such renewal term, a “Renewal Term”).
(c) After the Initial Term for Services under an Order Form, Uberflip reserves the right to increase the Fees up to 10% for each new or successive Renewal Term period. Uberflip will provide written notice to Customer of any Fee increases before the Renewal Date.
8. Customer Support.
Uberflip will provide the following support to Customer:
(a) Web and Email Support. Customer will have access to Uberflip’s technical support part of the Website and may use the available interfaces, including any customer support email addresses posted thereon, to submit service requests.
(b) Incident Management. Uberflip will use commercially reasonable efforts to correct any reproducible failure of the Offering to substantially conform to its expected operation; provided that Uberflip will not have an obligation to provide a correction for all such nonconformities.
9. Fees and Payment.
(a) Fees. Customer will pay to Uberflip the Fees in the manner, amounts and frequencies indicated on the Order Form.
(b) Payment. Unless otherwise set out in the Order Form or agreed by the Parties (i) Fees are payable in advance on or after the first day of the applicable Billing Period, and (ii) One-time fees (including any fees for add-ons) are charged at the time in which the applicable Order Form is approved.
(c) Invoices. From time to time, Uberflip may prepare and send to Customer, at the then-current contact information on file with Uberflip, invoices for any Fees and other amounts that have become due and payable under this Agreement. Unless otherwise expressly stipulated in an invoice, Customer agrees to pay all invoiced amounts by: 1) the Additional Payment Terms section set out in the Order Form; or 2) if there no due date specified in the Order Form, the date Customer is in receipt of the invoice.
(d) No Set-Off and Late Payment Charge. Customer may not withhold or “set-off” any amounts due under this Agreement. Unless otherwise indicated in this Agreement, all Fees are non-refundable and Uberflip will provide no full or partial credits or refunds, including in respect of Services that are paid for but not used by Customer. Uberflip reserves the right to suspend Customer’s access to the Offering until all due amounts are paid in full. Any late payment will be increased by the costs of collection (including reasonable legal fees) and will incur interest at the rate of one and a half percent (1.5%) compounded monthly (19.56% annually), or the maximum legal rate (if less) per month or fraction thereof until fully paid.
(e) Certain Taxes. Fees and charges quoted in this Agreement do not include, and Customer will pay, indemnify and hold Uberflip harmless, from all sales, use, gross receipts, value-added, GST/HST, personal property or other taxes, and all applicable duties, tariffs, assessments, export and import fees or similar charges (including interest and penalties imposed thereon) on the transactions contemplated in connection with this Agreement, other than taxes based on the net income or profits of Uberflip.
10. Confidential & Proprietary Information.
(a) Definitions. For purposes of this section, a Party receiving Confidential & Proprietary Information (as defined below) will be the “Recipient” and the Party disclosing such information will be the “Discloser”, and “Confidential & Proprietary Information” includes all information disclosed by Discloser to Recipient during the Term of this Agreement and marked as “confidential” or “proprietary” or which a reasonable person would understand to be confidential or proprietary; provided that: (a) the terms and conditions of this Agreement and all parts of the Offering, whether marked as “confidential” or “proprietary” or not, will be considered to be Uberflip Confidential & Proprietary Information; and (b) all Customer Data , whether marked as “confidential” or “proprietary” or not, will be considered Customer’s Confidential & Proprietary Information; and further provided that Discloser’s Confidential & Proprietary Information (other than Personal Information) does not include: (i) information already known or independently developed by Recipient outside the scope of this relationship by personnel not having access to any Discloser’s Confidential & Proprietary Information; (ii) information that is publicly available through no wrongful act of Recipient; or (iii) information received by Recipient from a third party who was free to disclose it without confidentiality obligations.
(b) Covenant. Recipient hereby agrees that during the Term and at all times thereafter it will not: (i) disclose such Confidential & Proprietary Information of the Discloser to any person or entity, except to its own personnel, affiliates or contractors having a “need to know”, to its accountants, auditors or other professional advisors relating to its business, to Uberflip’s subcontractors having a “need to know” for purposes relating to the provision of the Services to Customer, and to such other recipients as the Discloser may approve in writing; (ii) use Confidential & Proprietary Information of the Discloser except to exercise its license rights or perform its obligations under this Agreement; or (iii) alter or remove from any Confidential & Proprietary Information of the Discloser any proprietary legend. Recipient will use at least the same degree of care in safeguarding the Confidential & Proprietary Information of the Discloser as it uses in safeguarding its own confidential information of a similar nature, but in no event will less than due diligence and reasonable care be exercised. Each party will be deemed to have fulfilled its confidentiality obligations under this Section 10, if it affords the other party’s Confidential & Proprietary Information at least the same degree of care it takes in protecting its own confidential information from unauthorized disclosure (but in no event using less than a reasonable degree of care). Upon the earlier of: (A) Discloser’s written request; and (B) the termination or expiration of this Agreement, regardless of whether a dispute may exist, Recipient will return or destroy (as instructed by Discloser) all Confidential & Proprietary Information of Discloser in its possession or control and cease all further use thereof. Uberflip may retain a copy of such Confidential & Proprietary Information for the sole purpose of and to the extent necessary for it to comply with applicable and legal, regulatory, or reasonable internal back-up or archival policies and requirements. Notwithstanding the foregoing, Recipient may disclose Discloser’s Confidential & Proprietary Information to the extent that such disclosure is necessary for the Recipient to enforce its rights under this Agreement or is required by law or by the order of a court or similar judicial or administrative body, provided that the Recipient promptly notifies the Discloser in writing of such required disclosure and cooperates with the Discloser to seek an appropriate protective order.
(c) Injunctive Relief. Recipient acknowledges that violation of the provisions of this section would cause irreparable harm to Discloser not adequately compensable by monetary damages. In addition to other relief, it is agreed that injunctive relief will be available without necessity of posting bond to prevent any actual or threatened violation of such provisions.
(d) Analytics. Uberflip its subcontractors, agents and third party service providers shall be permitted to access, collect, analyze and use the Customer Data and other information relating to the Services and the Platform to improve and enhance the Services and the Platform and for other development, diagnostic and corrective purposes and disclose such data solely in aggregate or other de-identified form in connection with its business.
11. Customer Warranty; Disclaimer; Indemnity.
(b) Disclaimer. EXCEPT AS SPECIFICALLY PROVIDED IN THIS AGREEMENT, THE OFFERING AND ANY OTHER PRODUCTS AND SERVICES PROVIDED BY UBERFLIP TO CUSTOMER ARE PROVIDED “AS IS”, “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT ANY WARRANTIES, REPRESENTATIONS OR CONDITIONS OF ANY KIND. EXCEPT AS SPECIFICALLY PROVIDED IN THIS AGREEMENT, UBERFLIP HEREBY DISCLAIMS ALL EXPRESS, IMPLIED, COLLATERAL OR STATUTORY WARRANTIES, REPRESENTATIONS OR CONDITIONS, WHETHER WRITTEN OR ORAL, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NONINFRINGEMENT, SECURITY, RELIABILITY, COMPLETENESS, QUIET ENJOYMENT, ACCURACY, QUALITY, INTEGRATION OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS SPECIFICALLY PROVIDED IN THIS AGREEMENT, UBERFLIP DOES NOT WARRANT THAT THE OFFERING WILL OPERATE WITHOUT INTERRUPTION OR BE ERROR FREE. WITHOUT LIMITING THE GENERALITY OF ANY OF THE FOREGOING, UBERFLIP EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY THAT ANY DATA OR INFORMATION PROVIDED TO CUSTOMER IN CONNECTION WITH CUSTOMER’S USE OF THE OFFERING WILL BE ACCURATE, OR CAN OR SHOULD BE RELIED UPON BY CUSTOMER FOR ANY PURPOSE WHATSOEVER.
(i) Uberflip agrees to defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party alleging that the use of the Services as permitted hereunder infringes or misappropriates the Intellectual Property Rights of a third party under the laws of the United States, Canada or England and Wales (an “Infringement Claim”), and shall indemnify Customer for any damages and attorney fees and costs finally awarded against Customer as a result of, and for amounts paid by Customer under a court-approved settlement of, an Infringement Claim; provided that Customer (a) promptly gives Uberflip written notice of the Infringement Claim; (b) gives Uberflip sole control of the defense and settlement of the Infringement Claim (provided that Uberflip may not settle any Infringement Claim unless the settlement unconditionally releases Customer of all liability); and (c) provides to Uberflip all reasonable assistance, at Uberflip’ expense. In the event of an Infringement Claim, or if Uberflip reasonably believes the Services may infringe or misappropriate, Uberflip may in its discretion and at no cost to Customer (i) modify the Services so that they no longer infringe or misappropriate, (ii) obtain a license for Customer’s continued use of the Services in accordance with this Agreement, or (iii) terminate the applicable Order Form for such Services upon written notice and refund to Customer any prepaid Fees covering the remainder of the term of such Order Forms after the effective date of termination. For greater clarity, this indemnity does not apply to Infringement Claims resulting from or arising out of Customer Data, third party content or third party webpages.
(ii) Customer agrees to defend Uberflip and its affiliates against any claim, demand, suit, or proceeding made or brought against Uberflip or any Uberflip affiliate by a third party arising out of or in connection with Customer Data or any use of the Services in violation of this Agreement, and shall indemnify Uberflip and its affiliates for any damages, attorney fees and costs finally awarded against Uberflip or any of its affiliates as a result of, and for amounts paid by Uberflip or any affiliate under a court-approved settlement of, such claim, demand, suit or proceeding; provided that Uberflip (a) promptly gives Customer written notice of the claim, demand, suit or proceeding; (b) gives Customer sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that Customer may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases Uberflip and its affiliates of all liability); and (c) provides to Customer all reasonable assistance, at Customer’s expense.
12. Limitation of Liabilities.
The Parties acknowledge that the following provisions have been negotiated by them and reflect a fair allocation of risk and form an essential basis of the bargain and will survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy:
(a) NEITHER UBERFLIP NOR ITS AFFILIATES SHALL BE LIABLE IN ANY WAY FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES, PUNITIVE DAMAGES OR PENALTIES (EVEN IF UBERFLIP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR PENALTIES), ARISING OUT OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO, LOSS OF REVENUE, CHANGE IN SHARE PRICE, LOSS OF ANTICIPATED PROFITS OR LOST BUSINESS. THIS LIMITATION OF LIABILITY APPLIES TO ANY DAMAGES OR PENALTIES, INCLUDING WITHOUT LIMITATION THOSE CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELAY IN OPERATION OR TRANSMISSION, WHETHER FOR BREACH OF CONTRACT, TORTIOUS CONDUCT, ACTS OR OMISSIONS, NEGLIGENCE, OR UNDER ANY OTHER CLAIM OR CAUSE OF ACTION.
(b) IN NO EVENT SHALL UBERFLIP’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICES, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE AMOUNTS ACTUALLY PAID BY AND DUE FROM CUSTOMER HEREUNDER IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO THE LIABILITY.
Notices sent to either Party will be effective when delivered in person or by email, one day after being sent by overnight courier, or two days after being sent by first class mail postage prepaid to the official contact designated in the Order Form and immediately after being received by the other party’s server. Notices must be in writing and sent to the respective email or postal address set out in the Order Form. Uberflip may change its contact information by posting the new contact information on the Website or by giving notice thereof to Customer. Customer may change its contact information by giving notice to Uberflip and Customer is solely responsible for keeping its contact information on file with Uberflip current at all times during the Term.
(a) Generally. Either Party may, in addition to other relief, suspend or terminate this Agreement if the other Party: (i) commits a material breach of this Agreement, and either: (A) fails within 30 days after receipt of notice of such breach to correct such material breach or to commence corrective action reasonably acceptable to the aggrieved Party and proceed with due diligence to completion; or (B) such material breach is incapable of being cured; or (C) becomes insolvent, makes an assignment for the benefit of its creditors, a receiver is appointed, or a petition in bankruptcy is filed with respect to the Party and is not dismissed within 30 days.
(b) Survival. Upon termination or expiration of this Agreement for any reason: (a) all rights and obligations of both Parties (except for Customer’s payment of all Fees and other amounts then owing in accordance herewith), including all licenses granted hereunder, will immediately terminate except as provided below; (b) within 30 days after the effective date of termination, each Party will comply with the obligations to return or destroy all Confidential Information of the other Party, as set forth Section 10 (Confidential & Proprietary Information). The following Sections will survive expiration or termination of this Agreement for any reason: Section 4 (Reservation of Rights), Section 6 (Customer Responsibilities and Restrictions), Section 10 (Confidential & Proprietary Information), Section 11 (Customer Warranty; Disclaimer; Indemnity), Section 12 (Limitation of Liabilities), Section 14(b) (Survival), and Section 15 (General Provisions).
15. General Provisions.
(a) Assignment. Customer may not assign this Agreement to any third party without Uberflip’s prior written consent, except that Customer may assign its rights (but not obligations) hereunder to an affiliate of Customer. Uberflip may assign this Agreement, in whole or in part, without Customer’s consent to: (i) any affiliate of Uberflip; or (ii) any third party that purchases all or substantially all of Uberflip’s assets related to the provision of the Services. Any assignment in violation of this Section will be void. The terms of this Agreement will be binding upon and inure to the benefit of the Parties’ successors and permitted assignees.
(b) Choice of Law. This Agreement and any action related thereto will be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflicts of law principles. The Parties hereby irrevocably attorn to the exclusive personal jurisdiction and venue of the courts sitting in Toronto, Ontario. The U.N. Convention on Contracts for the International Sale of Goods will not apply to this Agreement.
(c) Right to List as a Customer. Customer agrees that Uberflip may utilize Customer’s name in listings of current customers. Use of Customer’s name in any other marketing materials or press announcements will be submitted to Customer in advance for approval, provided that such approval will not be unreasonably withheld.
(d) Feedback. Uberflip shall be free to use, disclose, reproduce, license or otherwise distribute, make available and exploit the Feedback as it sees fit, entirely without obligation or restriction on account of any intellectual property rights or otherwise.
(e) Compliance with Export Regulations. Customer has or will obtain in a timely manner all necessary or appropriate licenses, permits or other governmental authorizations or approvals; will indemnify and hold Uberflip harmless from, and bear all expense of, complying with all foreign or domestic laws, regulations or requirements pertaining to the importation, exportation, or use of the Offering. Customer will not directly or indirectly export or re-export (including by transmission) any regulated technology to any country to which such activity is restricted by regulation or statute, without the prior written consent, if required, of the administrator of export laws.
(f) Construction. Except as otherwise provided herein, the Parties rights and remedies under this Agreement are cumulative. The term “including” means “including without limitation.” The headings of sections of this Agreement are for reference purposes only and have no substantive effect. The terms “consent” or “discretion”, when used in respect of Uberflip herein mean the right of Uberflip to withhold such consent or exercise such discretion (as applicable) arbitrarily and without any implied obligation to act reasonably or explain its decision to Customer. Unless otherwise indicated in the Order Form, all dollar amounts are in United States Dollars.
(g) Force Majeure. Neither Party will be liable for delays caused by events beyond its reasonable control, except non-payment of amounts due hereunder will not be excused by this provision.
(h) Severable. Any provision hereof found by a tribunal of competent jurisdiction to be illegal or unenforceable will be automatically conformed to the minimum requirements of law and all other provisions will remain in full force and effect.
(i) No Waiver. Waiver of any provision hereof in one instance will not preclude enforcement thereof on future occasions. Any waiver by one Party of any default by the other Party will not affect or impair any rights of the first Party arising from any subsequent default by that other Party.
(j) Independent Contractors. Customer’s relationship to Uberflip is that of an independent contractor, and neither Party is an agent or partner of the other. Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of Uberflip.
(k) Entire Agreement. This Agreement, together with any Order Forms, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all other communications, whether written or oral. This Agreement may be executed in one or more counterparts, each of which will be deemed an original and all of which will be taken together and deemed to be one instrument.
(l) Amendments. No amendment, supplement, modification, waiver or termination of this Agreement and, unless otherwise specified, no consent or approval by any Party, will be binding unless executed in writing by the Party or Parties to be bound thereby. Notwithstanding the preceding sentence, Uberflip may amend this Agreement, in whole or in part by posting notice of such amendment at https://www.uberflip.com/legal/services-agreement and become effective as of the date posted, unless otherwise indicated by Uberflip.
(m) English Language. It is the express wish of the parties that this Agreement and all related documents be drawn up in English. C’est la volonté expresse des parties que la présente convention ainsi que les documents qui s’y rattachent soient rédigés en anglais.
Data Security Policy
Last updated August 16, 2023
This Uberflip Data Security Policy (“Security Policy”) outlines the technical and procedural measures that Uberflip undertakes to protect the confidentiality, integrity, and availability of Customer Data. Uberflip has a written information security plan to implement the terms of this Security Policy that is reviewed and approved annually by its senior management team.
This Security Policy forms part of the Uberflip Services Agreement or similar agreement entered into between Flyp Technologies Inc. d.b.a. Uberflip and Customer where referenced therein (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Security Policy, this Security Policy shall govern with respect to the subject matter in question. This Security Policy may be updated from time to time upon notice to Customer (which may be provided through the Service or by publishing the updated Security Policy to Uberflip’s website) to reflect process improvements or changing practices, but any such modifications will not materially diminish either party’s obligations as compared to those reflected below.
As used in this Security Policy: “Cloud Provider” means the third-party cloud provider, such as Amazon Web Services, Inc. (AWS) that hosts the Service; and “Uberflip Personnel” means Uberflip employees and contractors.
- Customer Data Access and Management
- Customers are able to control access to the Uberflip Platform via account management controls built in the Platform and authentication methods configured by the Customer upon initial setup.
- Customers understand that by default, designated and authorized Uberflip Personnel have access to a Customer’s hub in order to support the Customer with support requests, configuration, and other troubleshooting activities. Customers may block access to Uberflip Personnel by enabling the “Block Support/Management Access” setting using the security tab of their account settings.
- Uberflip Personnel are prohibited from storing Customer Data on local desktops, laptops, mobile devices, shared drives, removable media such as USB drives, or on public facing systems that do not fall under the administrative control or compliance monitoring processes of Uberflip.
- Passwords are hashed with SHA-256 and cannot be decrypted.
- Uberflip uses Customer Data (in its original form) only as necessary to provide the Service to Customer including any ancillary services such as customer support, as provided in the Agreement.
- Customer Data is stored only in the Service production environment.
- Customer Data for Uberflip’s Content Experience Platform, including encrypted backups, is stored by Uberflip’s Cloud Provider, AWS, in Canada and the United States.
- Uberflip creates and maintains flow diagram(s) indicating how Customer Data flows through the Service (“Flow Diagrams”) and can provide Flow Diagrams upon Customer’s reasonable request. Flow Diagrams are Uberflip Confidential Information.
- Uberflip may transfer Customer Data to one of its sub-processors for specific purposes. Those sub-processors are listed on https://www.uberflip.com/legal/sub-processors/. The Customer may subscribe to the list to be notified by email of any changes as soon as they occur.
- Uberflip will vet all sub-processors prior to allowing sub-processors to process any Customer Data and require that all sub-processors adhere to similar standards as in this agreement.
- Encryption and Separation of Customer Data
- Uberflip will take all reasonable measures to ensure that the Services made available to Customers protect Customer Data at rest through industry standard encryption methods such as AES256-bit encryption.
- The Uberflip Services made available to Customers are designed to protect Customer Data in transit using industry standard encryption methods such as TLS 1.2 or greater.
- Customers may enable TLS communication between their Service and the end-user by either providing a certificate, or requesting Uberflip obtain a TLS certificate on their behalf.
- Service Infrastructure Access Management
- Access to the systems and infrastructure that support the Service is restricted to Uberflip Personnel who require such access as part of their job responsibilities.
- Role-based accounts are used by Uberflip Personnel requiring access to the Uberflip servers that support the Service.
- Uberflip systems and infrastructure is only accessible via an SSL VPN with multi-factor authentication (“MFA”), and individual SSH keys.
- Unauthorized access attempts against the VPN server (“Brute force attacks”) are mitigated with an auto-lockout policy, which requires a set amount of time to pass before the account is able to login – even with the correct password.
- Access privileges of departed Uberflip Personnel are disabled promptly. Access privileges of persons transferring to roles requiring reduced privileges are adjusted accordingly.
- User access to the systems and infrastructure that support the Service is reviewed annually.
- Compute instances within the Cloud Provider network have security groups with deny-all default policies and only enable required network protocols between all networks and instances.
- Uberflip uses principles of least privilege, and segregation of duties when designing access controls.
- Workstation Security
- Uberflip Personnel are required to use company supplied and managed workstations when connecting to any production or development system.
- All workstations are centrally managed, have anti-virus which detects threats real-time, and updates its signatures daily.
- Passwords are required on all workstations, with auto-lock when the computer sleeps, or the screen saver is engaged.
- All Uberflip-issued workstations are configured with full-disk encryption.
- Data Classification
- All data under Uberflip’s management is classified as to its sensitivity and handled appropriately in accordance with its classification or any applicable laws.
- Risk Management
- Uberflip conducts risk assessments of various kinds throughout the year, including self and third-party assessments and tests, automated scans, and manual reviews.
- Results of assessments are reported to the Data Privacy Manager.
- Changes to controls and threat mitigation strategies are evaluated and prioritized for implementation on a risk-adjusted basis.
- Threats are monitored through various means, including threat intelligence services, vendor notifications, and trusted public sources.
- Vulnerability Scanning and Penetration Testing
- Uberflip conducts annual penetration testing and quarterly vulnerability scans by an independent third party to confirm the security of its Content Experience Platform.
- Subject to Uberflip’s approval, Customers may also perform their own penetration testing and security scans. Customers are required to provide the results of the scans to Uberflip.
- Scans that detect vulnerabilities are evaluated by employees using Uberflip Vulnerability Management Policy.
- Vulnerabilities are prioritized based on potential impact to the Service, with “critical” and “high” vulnerabilities typically being addressed within 30 days of discovery and “medium” vulnerabilities typically being addressed within 90 days of discovery.
- Security management monitors or subscribes to trusted sources of vulnerability reports and threat intelligence.
- Remote Access & Wireless Network
- All access by Uberflip Personnel to the VPC requires successful authentication through a secure connection via SSL VPN. For Uberflip’s Content Experience Platform this is via multi-factor authentication (“MFA”).
- System Event Logging, Monitoring & Alerting
- Monitoring tools and services are used to monitor systems including network, server events, and Cloud Provider API security events, availability events, and resource utilization.
- Uberflip infrastructure security event logs are collected in a central system and protected from tampering. Logs are stored for a minimum of 12 months.
- All VPCs leverage advanced threat detection tools to monitor and alert for suspicious activities and potential malware.
- System Administration and Patch Management
- Uberflip maintains system administration procedures for systems that access Customer Data that meet or exceed industry standards, including system hardening, system and device patching (operating system and applications) and threat detection software as well as daily signature updates of the same.
- Uberflip Security reviews new vulnerabilities announcements and assesses their impact to Uberflip based on Uberflip’s Vulnerability Management Policy, including applicability and severity.
- Applicable security updates rated as “high” or “critical” are typically addressed within 30 days of the patch release and those rated as “medium” are typically addressed within 90 days of the patch release.
- Uberflip Security Training and Uberflip Personnel
- Uberflip maintains a security awareness program for Uberflip Personnel, which provides education, ongoing awareness and training to all Uberflip Personnel on a frequent basis. New hires sign a non-disclosure agreement, and accept that they have read and understood the Uberflip Information Security Policies.
- All Uberflip Personnel acknowledge they are responsible for reporting actual or suspected security incidents or concerns, thefts, breaches, losses, and unauthorized disclosures of or access to Customer Data.
- Uberflip performs criminal background screening as part of the Uberflip hiring process, to the extent legally permissible.
- Uberflip uses secure SDLC practices which include code reviews, secure data access, and centralized logging.
- Uberflip will take measures to ensure that its subcontractors, vendors, and other third parties (if any) that have direct access to the Customer Data in connection with the services adhere to data security standards consistent with this policy.
- Physical Security
- The Service is hosted with Cloud Providers and all physical security controls are managed by the Cloud Provider. Uberflip reviews the Cloud Provider’s security report to ensure appropriate physical security controls, including:
- Visitor management including tracking and monitoring physical access.
- Physical access points to server locations are managed by electronic access control devices.
- Monitor and alarm response procedures.
- Use of CCTV cameras at facilities.
- Video capturing devices in data centers with 90 days of image retention.
- The Service is hosted with Cloud Providers and all physical security controls are managed by the Cloud Provider. Uberflip reviews the Cloud Provider’s security report to ensure appropriate physical security controls, including:
- Service and Data Availability
- Uberflip will take all reasonable precautions to provide the service in accordance with the service level terms of the Agreement.
- Current status of the Service can be viewed at https://www.uberflip-status.com
- Customers can subscribe to the application status page for real-time updates as incidents occur.
- Uberflip uses DDoS protection supplied by its Cloud Provider on all production networks.
- Disaster Recovery & Business Continuity
- Uberflip maintains a Disaster Recovery Plan (“DRP”) for the Service. The DRP is tested annually.
- Following a declared disaster, Uberflip in its sole discretion will re-deploy all infrastructure into another region within North America and restore the latest viable backups. As part of this deployment, the customer may be required to update IPs on their firewalls in order to access the new infrastructure. These IPs will be provided at the time of the disaster.
- Uberflip maintains a Business Continuity Plan (“BCP”). The BCP is assessed annually.
- Notification of Security Breach
- A “Security Breach” is (a) the unauthorized access to or disclosure of Customer Data, except where access was obtained via the customer’s credentials; or (b) the unauthorized access to the backend Uberflip platform.
- Uberflip will notify Customer in writing within forty-eight (48) hours of a confirmed Security Breach, which will include a description of the Security Breach and the status of Uberflip’s investigation.
- Uberflip will take appropriate actions to contain, investigate, and mitigate the Security Breach.
- Uberflip Security Compliance, Certifications, and Third-party Attestations
- Uberflip hires accredited third parties to perform audits and to attest to various compliance and certifications annually including SOC 2 Type 2 Attestation Report.
- Uberflip is a Canadian company and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA).
- Uberflip provides the Customer with the controls required to adhere to its requirements under the GDPR.
- Customer Responsibilities
- Without detracting from Uberflip’s security obligations in this Security Policy, security of Customer Data is a shared responsibility between Uberflip and Customer. Uberflip provides the Customer with numerous tools to mitigate against brute force attacks against their account, set up SSO, define password and session policies, and IP restrictions on their accounts. Customer is responsible for configuring and maintaining these settings.
- Customer acknowledges that Uberflip does not assess the contents of Customer Data and that Customer is responsible for making appropriate use of the Service to ensure a level of security and compliance appropriate for the Customer, managing and protecting its accounts, roles and credentials.
- Customer will promptly notify Uberflip if a user credential has been compromised or if Customer suspects possible suspicious activities that could negatively impact security of the Service or Customer’s account.
- Customers are responsible to backup and maintain copies of their Customer Data. Uberflip’s backups are “Infrastructure level”, which can not be used to restore a single-customer’s data.
Community Acceptable Use Policy
Last Update: November 18 , 2021
Uberflip Community (hosted on Slack)
The Uberflip Community is in place to enhance connections and collaboration between our rich, diverse customer base. Uberflip encourages our customers to network with other users and grow their use of the platform through conversations and the customer community.
We hope for this to be a place where you can share your knowledge and expand your networks. Please do not share any content that may not be welcome in any of the channels or direct messages that you are a member of. If you are unsure about the content you wish to share, please reach out to an administrator before posting.
- AM: Uberflip Account Managers
- CSM: Uberflip Customer Success Managers
- Customer Marketers: Uberflip Customer Marketing team
This policy covers any and all engagements with the Uberflip Community hosted on discussion boards and collaboration services such as the Slack platform. This includes all public and private conversations, including through channels and direct messages.
Use of information
- Networking and connecting with other Uberflip customers in a professional respectful manner. There is zero-tolerance for profanity, abusive or obscene language or harassment in any form.
- Asking questions about use cases and how to further leverage the platform
- Giving product feedback in a professional and respectful manner
- Chatting about events with other customers
- Connecting with Uberflip personnel (i.e. AMs, CSMs, Customer Marketers or other relevant individuals) when appropriate
- Connecting with other users of Uberflip to exchange best practices
- Participating in networking events and other activities organized by Uberflip.
- Sharing sensitive personal information about oneself or another customer
- Sharing information that is confidential between customer and Uberflip such as (but not limited to), detailed contract terms or financial information.
- Sharing confidential information about Uberflip’s products outside of the Uberflip Community without permission.
- Engaging in any unwanted communication with other customers
- Advertising or soliciting information to sell or prospect to other customers. We encourage networking however this community is intended to be a safe space for our clients to discuss their uses of Uberflip.
- Pulling customer contact information to solicit them or their company offline unless directly invited to do so by the individual.
- Threatening to expose private information or incentivizing others to do so.
- Users may not engage in any of the following:
- Threatening violence against an individual or group of people
- Threatening or promotion terrorism or extremism
- Contribute sexual or graphic content of any kind ( e.g. text, verbal, graphic).
- Abuse or harassment of any kind
- Hateful conduct
- Promotion of suicide or self-harm
- Soliciting of illegal or certain regulated goods or services
- Knowingly introducing any form of computer virus to any channels.
Uberflip reserves the right to monitor and remove any content without warning, remove you from a discussion group and if necessary remove you from the Uberflip Community. Uberflip will not be actively monitoring direct messaging between customers, however Uberflip will have ongoing access and the ability to investigate and intervene should any issue arise.
CUSTOMER USES THE UBERFLIP CUSTOMER COMMUNITY AT ITS OWN RISK. UBERFLIP HEREBY DISCLAIMS ANY AND ALL LIABILITY FOR LOSS OR DAMAGE, REGARDLESS OF CAUSE OF ACTION, ARISING FROM OR RELATED TO THE USE OF THE CUSTOMER COMMUNITY OR THE PRODUCTS AND SERVICES SUPPORTING THE UBERFLIP CUSTOMER COMMUNITY. UBERFLIP IS NOT RESPONSIBLE FOR THE CONTENT OR SECURITY OF ANY WEBSITES POSTED TO THE UBERFLIP COMMUNITY FROM CUSTOMERS.
If you have any immediate issues with any of the content or would like to on the workspace or have any questions you can contact one of the Administrators at firstname.lastname@example.org.
New to slack? Here are some tips to help you get started! Talk soon!