address-card-duotoneapple-payarrow-right-to-bracket-duotonearrow-up-dotsbell-duotonebrowser-duotonebullhorncalendar-week-duotonecart-shopping-duotonecircle-check-duotonecircle-chevron-right-duotonecircle-info-duotonecredit-cardear-duotonefile-chart-pie-duotonefile-invoice-duotonefire-duotonehandshakekeyboard-duotonelayer-plus-duotonelist-duotonemap-duotonemenumoney-check-duotonemoney-uppaypalrepeat-duotonerobotrocketscreen-users-duotoneserver-duotonespiffy-logo-whitestripetags-duotonewand-magic-sparkles-duotonewindow-restore-duotone

Privacy & Data Policy

Updated: May 15, 2023 | Terms of Service

This Privacy Policy describes Spiffy’s practices regarding the collection, use and disclosure of the information we collect from and about you when you use Spiffy’s web-based and mobile applications (the “Service”). We take our obligations regarding your privacy seriously and have made every effort to draft this Privacy Policy in a manner that is clear and easy for you to understand. By accessing or using the Service, you agree to this Privacy Policy, our Terms of Service, and our Acceptable Use Policy.

Our Collection and Use of Information

Information You Provide to Us

We collect personal information, such as your name and email address, when you register for an account on the Service. You may also provide us with optional information such as a photograph. Your user name, email address and any optional profile information that you elect to associate with your account is referred to herein as your “Profile Information.”

We may use your email address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail). We may also use your email address to send you announcements and information about other products or services (including third-party services) that you may be interested in (together, the “Marketing Messages”). You may opt-out of receiving Marketing Messages at any time by following the instructions provided in the Marketing Message. Through your account interface, you may also opt-out of receiving categories of Service-related notices that are not deemed by Spiffy to be integral to your use of the Service.

Even if you are not a registered user of our Service, if you email us we may retain a record of such email communication, including your email address, the content of your email, and our response.

If you are a user of our paid premium service, we will utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address and phone number. We will share this payment information with the third-party processing company as detailed below in “How We Share Your Information: With Trusted Service Providers and Business Partners.” We do not store your payment information.

If you choose to use our invitation service to invite a friend to the Service, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. Spiffy stores the information you provide to send the invitation, to register your friend if your invitation is accepted, and to track the success of our invitation service.

Your Content

Your use of the Service will involve you uploading or inputting various content into the Service; including but not limited to: tasks, attachments, project names, team names, and conversations (together, the “Content”).

You control how your Content is shared with others via your settings on the Service.

Spiffy may view your Content only as necessary (i) to maintain, provide and improve the Service; (ii) to resolve a support request from you; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of our Acceptable Use Guidelines; (iv) as reasonably necessary to allow Spiffy to comply with or avoid the violation of applicable law or regulation; or (v) to comply with a valid legal subpoena or request that meets the requirements of our Law Enforcement Guidelines. We may also analyze the Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.

Information We Collect Automatically

We use technologies like cookies and pixel tags to provide, monitor, analyze, promote and improve the Service. For example, a cookie is used to remember your user name when you return to the Service and to improve our understanding of how you interact with the Service. You can block cookies on your web browser; however please be aware that some features of the Service may not function properly if the ability to accept cookies is disabled.

Log Files

When you use the Service, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, mobile carrier, and other such information. Log files help us to monitor, analyze, improve and maintain the Service and to diagnose and fix any Service-related issues.

Device Identifiers

When you access the Service using a mobile device, we collect specific device information contained in your mobile device’s “device identifier.” This device identifier includes information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your Service account and will use data associated with your device identifier to customize our Services to your device and to analyze any device-related issues.

Location Information

We may collect and process information about the location of the device from which you are accessing the Service. Location data may convey information about how you browse the Service and may be used in conjunction with personally identifiable information. You can disable location-based services in settings associated with the Service; however please be aware that some features of the Service may not function properly if location services are turned off.

PCI Compliance

We are current with all PCI compliance requirements for how our system operates. Our Service does not store, relay, pass, or handle sensitive credit card data. All sensitive credit card data is stored directly our third-party payment gateways and merchant processors. Please review your payment gateway’s Terms and Privacy Policy for more information on how your customer’s credit card data is handled.

KYC & AML

We have designed our system to ensure a history of all records is maintained. You are not allowed to delete customer records, or order records in our system. An identifiable history of all transactions and customers is needed to ensure you have a proper history of transactions and customers for all Know Your Customer (KYC) and Anti-Money Laundering (AML) laws and regulations.

How We Share Your Information

We may share the information we collect from you with third parties as detailed below.

As Directed By You

We will display your Profile information on your profile page and elsewhere on the Service in accordance with the preferences you set in your account. You can review and revise your Profile information at any time.

We will display your Content within the Service as directed by you, including but not limited to your checkouts, portals, and customer-facing emails.

If you elect to use a third-party application to access the Service, then we may share or disclose your account and Profile information and your Content with that third-party application as directed by you. Please remember that we are not responsible for the privacy practices of such third parties so you should make sure you trust the application and that it has a privacy policy acceptable to you.

With Trusted Service Providers and Business Partners

We may utilize trusted third-party service providers to assist us in delivering our Service. For example, we may use third parties to help host our Service, send out email updates, or process payments. These service providers may have access to your information) for the limited purpose of providing the service we have contracted with them to provide. They are required to have a privacy policy and security standards in place that are at least as protective of your information as is this Privacy Policy. We may also store personal information in locations outside the direct control of Spiffy (for instance, on servers or databases co-located with hosting providers).

With Law Enforcement or In Order to Protect Our Rights

We may disclose your information (including your personally identifiable information) if required to do so by law or subpoena and if the relevant request meets our law enforcement guidelines. We may also disclose your information to our legal counsel, governmental authorities or law enforcement if we believe that it is reasonably necessary to do so in order to comply with a law or regulation; to protect the safety of any person; to address fraud, security or technical issues; or to protect Spiffy’s rights or property.

In an Aggregate and Non-Personally Identifiable Manner

We may disclose aggregate non-personally identifiable information (such as aggregate and anonymous usage data, platform types, etc.) about the overall use of our Service publicly or with interested third parties to help them understand or to help us improve the Service.

In Connection With a Sale or Change of Control. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Service can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you.

How We Protect Your Information

The security of your information is important to us. When you enter sensitive information (such as a credit card number) as part of our service, we encrypt the transmission of that information using industry-standard encryption.

Spiffy uses commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information. For example, we continuously and regularly back up your data to help prevent data loss and aid in data recovery. We also guard against common web attack vectors, host data in secure SAS 70 audited data centers, require multi-factor authentication, and implement firewalls and access restrictions on our servers to secure our network and better protect your information.

If you have any questions about security on our Service contact us at support@spiffy.co

Risks Inherent in Sharing Information

Although we allow you control over where you share your Content and what information is included in your Profile and take reasonable steps to maintain the security of the information associated with your account, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you share your Content and we are not responsible for third-party circumvention of any privacy settings or security measures on the Service.

Additionally, we provide you and your team the ability to secure your access to the Service with multi-factor authentication to limit the viability of common personal security attack vectors (such as phishing, weak passwords, and brute forcing). Although, it’s solely your responsibility to ensure the security of your login credentials and device access.