LEGAL STUFF

PRIVACY POLICY & RESPONSIBLE BUSINESS DISCLOSURE

Updated August 1, 2024

Fullsteam Software Holdings LLC (DBA Flybook Software) is providing this service to help

ensure a safe and secure environment for all users.

If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please

help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to Flybook Software hosted applications and to any other subdomains or

services associated with products. Flybook Software does not accept reports for vulnerabilities

which solely affect marketing websites (https://www.theflybook.com, https://theflybook.com),

containing no sensitive data.

Security researchers must not:

• engage in physical testing of facilities or resources,

• engage in social engineering,

• send unsolicited electronic mail to Flybook Software users, including “phishing”

messages,

• execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,

• introduce malicious software,

• execute automated scans or tools that could disrupt services, such as password guessing

attacks, or be perceived as an attack by intrusion detection/prevention systems,

• test in a manner which could degrade the operation of Flybook Software systems; or

intentionally impair, disrupt, or disable Flybook Software systems,

• test third-party applications, websites, or services that integrate with or link to or from

Flybook Software systems,

• delete, alter, share, retain, or destroy Flybook Software data, or render Flybook

Software data inaccessible, or,

• use an exploit to exfiltrate data, establish command line access, establish a persistent

presence on Flybook Software systems, or “pivot” to other Flybook Software

systems.

Security researchers may:

• View or store Flybook Software nonpublic data only to the extent necessary to

document the presence of a potential vulnerability.

Security researchers must:

• cease testing and notify us immediately upon discovery of a vulnerability,

• cease testing and notify us immediately upon discovery of an exposure of nonpublic

data, and,

• purge any stored Flybook Software nonpublic data upon reporting a vulnerability.

Thank you for helping to keep Flybook Software and our users safe!

Information Collection and Use

We collect personally identifiable information only if specifically and knowingly provided by you. This Privacy Policy statement explains what information we gather, how we gather it and how we use it.

• What information we gather;

• How we gather information;

• How we use the information;

• With whom we may share information;

• Security of the information;

• Storage of the information;

• Your rights and choices; and

• Contact Information.

Please note that we may update this statement without notice from time to time by posting the updated terms on our websites. You are responsible for periodically reading this statement. If you use our websites after we have updated this statement, you acknowledge that you have read the updated terms and consent to our revised privacy practices.

By becoming a registered member or otherwise using our websites, you acknowledge that you have read this privacy policy statement and consent to our privacy practices as described in this statement, including our use and disclosure of personally identifiable information for the purposes described below.

If you or your customers are residents of a country in the European Union, Iceland, Lichtenstein, Norway or the United Kingdom, please read this Privacy Policy to understand additional rights you or your customers may have pursuant to the General Data Protection Regulation (GDPR).

If you are a resident of the State of California, please also read Your California Privacy Rights below to understand additional rights you may have pursuant to California Civil Code Section 1798.83 and the California Consumer Privacy Act of 2018.

Information we gather and track.

We may collect two types of information from you and other registered users of our websites: (1) "personally identifiable information" and (2) “non-personally identifiable information”.

"Personally identifiable information" is information that identifies you personally, such as your name, address, telephone number, email address, or company name.

"Non-personally identifiable information" can be technical information, such as aggregated tracking information derived mainly by tallying page views throughout our site, or it can be demographic information. Non-personally identifiable information does not identify you personally. If you do provide us with non-personally identifiable information, we may use it for the purposes described in this statement or for any other legal purpose.

We do not offer services directed to children. Should an individual whom we know to be a child under age 18 send personally identifiable information to us, we will take measures to remove that user's personal information from our databases. From time to time we may come into contact with persons under the age of 18 as may be necessary in the performance of our contractual obligations. In such instances we take reasonable efforts to not collect or store any personally identifiable data of such persons, but rather de-identify and anonymize such data of persons under the age of 18.

How we gather and track information.

Personally Identifiable Information.

As part of the registration process we collect your company and/or trade name, contact name, telephone number, principal address and email address.

As part of the utilization of the FBS services by you, we store in our databases certain information regarding your customers and prospective customers, including name, telephone number and/or email address. In some cases individual preferences and requirements will also be maintained as part of the customer or potential customer profile.

From time to time visitors to our websites who are not registered users may request information about our sites and services and provide their name and email address. We collect and retain that information.

Non-Personally Identifiable Information.

Cookies. We may place a text file called a “cookie” in the browser files of your computer (if you or your browser accept the cookie) to collect information about your activity on our websites. The cookie itself does not contain personally identifiable information. A cookie can’t read data off your hard disk or read cookie files created by other sites. You can refuse cookies by turning them off in your browser but if you do, you may not have access to some areas of our websites, or to the personalized features of our websites. You may also set your browser to warn you before accepting cookies.

Log Files. As is true of most web sites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.

How we use Information we gather and track.

Personally Identifiable Information.

We use personally identifiable information that we gather from registered users and store in our databases (whether the personally identifiable information relates to the registered user or any customers or potential customers of the registered user) solely to provide the service and functionality for which registered users subscribe. Under no circumstances do we divulge any personally identifiable information to any other registered user or to any third party. So, for example, we use your personally identifiable information:

To authorize your access to appropriate services, pages, screens and data in our system;

To send promotional materials to your customers and potential customers that you have requested that we send on your behalf;

To communicate with you regarding our sites and services, new services and changes to our sites and services that we may make from time to time;

To provide customer and technical service to you;

To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, including our rights and property and our websites, or act in urgent circumstances to protect the personal safety of you and our other visitors; and

To protect against fraud or potential fraud.

We use name and email addresses provided by visitors to our websites who expressly request information from us in order to provide the requested information to them.

Non-Personally Identifiable Information.

We use non-personally identifiable information that we gather and track to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

We do not link this automatically collected data to personally identifiable information.

We may create aggregate reports on user demographics and traffic patterns for advertisers, sponsors, and partners. This allows our partners to be more effective and allows our users to receive information that is pertinent to their needs.

We will not divulge or share any financial or accounting-related data input by our registered users and stored in our databases to any other registered user or to any third party at any time.

With whom we may share information

We may share, as controller or as processor providing services at the direction of our clients, your personal data to third parties who perform services on our behalf, including our technology providers, payment card processor, administrative personnel and providers and professional advisors.

FBS uses a limited number of third-party service providers to assist us in providing our services to customers. These third party providers assist with the transmission of data and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. FBS maintains contracts with these third parties restricting their access, use and disclosure of personal data.

FBS does not receive or store credit card information from registered users or their customers. We use either an outside payment (credit/debit card and ACH) processing company or our parent company, Fullsteam Operations LLC for subscription services and for point of sale functionality. The payment processing company does not retain, share, store or use your personally identifiable information for any other purposes, however, we cannot guarantee that there will not be a security breach of the payment processing company.

We may disclose information if we have a good faith belief that disclosure is necessary by law or the legal process, to protect and defend our or others’ interests or property, or to enforce agreements you or our clients enter into with us. FBS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may obtain your written consent from time to time in electronic form by using online agreements or other acknowledgements through our application, including for any other contemplated uses of your personal data not addressed in this Privacy Policy. Please read all online agreements carefully before accepting them.

In the event FBS goes through a business transition, such as a merger, acquisition by another company, or sale of all or substantial portion of its assets, your personally identifiable information will likely be among the assets transferred.

Security of the information.

We follow generally accepted industry standards to protect the personally identifiable information as well as the financial data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

If we learn of a breach of our security system or processes, we may attempt to notify you electronically so that you can take appropriate protective steps. By using our websites, or providing personally identifiable information to us through them, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our websites. In the event of a breach, we may post a notice on our websites and/or send you an email at the email address you provided.

YOU MAY HAVE ADDITIONAL RIGHTS TO RECEIVE WRITTEN NOTICE OF SECURITY BREACHES UNDER APPLICABLE LAW OF YOUR JURISDICTION.

Storage of Information

We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims.

Legal Basis for Processing

We rely on the following legal grounds to process your personal information:

Consent. We may use your personal data as described in this Privacy Policy subject to your consent.

Performance of a contract. We may need to collect and use your personal information and the personal information of your customers, as applicable, to perform our contractual obligations. When we process personal data on behalf of third parties, we do so pursuant to agreements with such third parties.

Legitimate Interests. We may use your personal information for our legitimate interests to provide our services and to improve our services and the content on our application. We process information on behalf of third parties who have legitimate interests in operating their businesses. We may use technical information as described in this Privacy Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.

Your rights and choices

We communicate with our registered users on a regular basis via email. For example, we may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Users can opt-out of all email communications from Company. You may opt-out of receiving such emails by clicking on the "unsubscribe" link within the text of the applicable email. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive a few more messages until your request is processed.

You may contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, which requests we will do our best to honor subject to any legal and contractual obligations.

Our Director for Compliance is responsible for our privacy programs.

For information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, please email compliance.pc22@fullsteam.com or request by mail addressed to:

Fullsteam Operations LLC

Attn. Compliance

540 Devall Drive, Suite 301

Auburn, AL 36832

Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority.

Data processed: Company provides online tools that our customers use to operate their services businesses, including by providing access to certain of those tools to their own customers. In providing these tools, Company processes data our customers and our customers’ customers submit to our web services or instruct us to process on their behaves. While Company’s customers and their customers’ customers decide what data to submit, it typically includes information about their customers, sales prospects, point of sale services, inventory management, and goods ordering.

Purposes of data processing: Company processes data submitted by our customers and our customers’ customers for the purpose of providing Company’s online services to them. To fulfill these purposes, Company may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the customer who submitted the data, or in response to contractual requirements.

Inquiries and complaints: If you believe Company maintains your personal data in the Company web services within the scope of the GDPR or applicable law of another jurisdiction, you may direct any inquiries or complaints concerning our compliance to our address noted above. Company will respond within 45 days. We are committed to respond to complaints and to provide appropriate recourse at no cost to you.

Third parties who may receive personal data: Company uses a limited number of third-party service providers to assist us in providing our services to customers. These third- party providers assist with the transmission of data and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. Company maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our obligations, and Company may be liable if they fail to meet those obligations and we are responsible for the event giving rise to the damage.

Your rights to access, to limit use, and to limit disclosure: Residents of the EU, Iceland, Lichtenstein and Norway and certain other jurisdictions have rights to access personal data about them, and to limit use and disclosure of their personal data. Company has committed to respect those rights. Because Company personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Company customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.

Compelled disclosure: Company may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Third-Party Websites and Advertisers

Our websites may contain links to third-party websites. While we endeavor to work with third-parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third-parties. We may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our websites. Such third parties may gather information about your visit to our websites or other websites, monitor your access to or market products or services to you, monitor the ads you view, click-on, or interact with, when they were delivered, and the screens and pages that they are on.

We do not endorse these parties, their content, or any products and services they offer. You are responsible for knowing when you are leaving our website to visit a third-party website, and for reading and understanding the terms of use and privacy policy statements for each such third party.

California Consumer Additional Information under California Consumer Privacy Act of 2018 (“CCPA”)

You will not receive discriminatory treatment by us for exercising your privacy rights conferred on you by the CCPA.

You have certain additional rights regarding your personal information, pursuant to California law. These include the rights to:

• receive a list of the categories of personal information we have collected about you;

• receive a list of the categories of sources from which your personal information was collected;

• receive a list of the categories of your personal information that we have disclosed for a business purpose;

• receive a list of the categories of third parties to whom your personal information was disclosed for a business purpose;

• know the business or commercial purpose for collecting your personal information;

• receive a list of specific personal information we collected and for what purposes;

• have your personal information deleted by us and direct our service providers to delete your information. However, it may be retained pursuant to an allowed exception if applicable;

• know if personal information was collected from sources other than from you and the categories of sources from which the information was obtained; and

• receive your personal information in a useable electronic format and transmit it to a third party (right to data portability).

Please submit your request for information or deletion of information concerning you as noted below. In order to provide you with your requested information or to delete the information which we have concerning you, we must be able to verify that you are the person requesting the information or deletion. With your request please provide at least two items of information which you have previously provided to us for us to use for verification of your identity. If this is not sufficient, we will contact you for additional means of verification.

You may designate an authorized agent to make a request for you. If your agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, please provide proof to the same. If your agent does not have a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will require you to provide the authorized agent written permission to make the request, verify your own identity directly with us and require your agent to submit proof that they are authorized by you to act on your behalf.

For information concerning you or for deletion of information concerning you, please email compliance.pc22@fullsteam.com or request by mail addressed to:

Fullsteam Operations LLC

Attn. Compliance CCPA

540 Devall Drive, Suite 301

Auburn, AL 36832

Jurisdiction and Contact Information

Flybook Software, LLC is a Delaware limited liability company. Our websites are controlled and operated from the United States. If you are an individual from the European Union, Iceland, Lichtenstein, Norway or any other jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that we may store the information we collect in the United States or in other countries where we or our third-party service providers have operations. Personal data may also be transferred from the country of your residence to other countries, including the United States

VeraSafe has been appointed as Flybook Software LLC's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of compliance.pc22@fullsteam.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003. Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.

37 Albert Embankment

London SE1 7TL

United Kingdom

VeraSafe has been appointed as Flybook Software LLC’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to compliance.pc22@fullsteam.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact- data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

RESPONSIBLE BUSINESS DISCLOSURE

The Flybook is providing this service to help ensure a safe and secure environment for all users. If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to The Flybook hosted applications and to any other subdomains or services associated with products. The Flybook does not accept reports for vulnerabilities which solely affect marketing website (theflybook.com), containing no sensitive data. Security researchers must not:

engage in physical testing of facilities or resources,
engage in social engineering,
send unsolicited electronic mail to The Flybook users, including “phishing” messages,
execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,
introduce malicious software,
execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems,
test in a manner which could degrade the operation of The Flybook systems; or intentionally impair, disrupt, or disable The Flybooksystems,
test third-party applications, websites, or services that integrate with or link to or from The Flybook systems,
delete, alter, share, retain, or destroy The Flybook data, or render The Flybook data inaccessible, or,
use an exploit to exfiltrate data, establish command line access, establish a persistent presence on The Flybook systems, or “pivot” to other The Flybook systems.

Security researchers may:

View or store The Flybook nonpublic data only to the extent necessary to document the presence of a potential vulnerability.

Security researchers must:

cease testing and notify us immediately upon discovery of a vulnerability,
cease testing and notify us immediately upon discovery of an exposure of nonpublic data, and, purge any stored The Flybook nonpublic data upon reporting a vulnerability.

Thank you for helping to keep The Flybook and our users safe!

Contact Information

If you have any questions or suggestions regarding our Privacy Policy, please contact us:

By email: info@theflybook.com

Address: Flybook Software, LLC.

141 Greenwood #103

Bend, OR 97703

Phone: (855) 909-2665

https://www.theflybook.com/

New Paragraph

PRIVACY POLICY & RESPONSIBLE BUSINESS DISCLOSURE

Information Collection and Use

Information we gather and track.

How we gather and track information.

How we use Information we gather and track.

With whom we may share information

Security of the information.

Storage of Information

Legal Basis for Processing

Your rights and choices

Third-Party Websites and Advertisers

California Consumer Additional Information under California Consumer Privacy Act of 2018 (“CCPA”)

Jurisdiction and Contact Information

RESPONSIBLE BUSINESS DISCLOSURE

Contact Information

855.909.2665

info@theflybook.com

Handcrafted software
built in Bend, Oregon

2300 NE 4th street #6119 Bend, OR 97701

Legal Stuff Contact Us

© 2022 The Flybook All Rights Reserved

PRIVACY POLICY & RESPONSIBLE BUSINESS DISCLOSURE

Information Collection and Use

Information we gather and track.

How we gather and track information.

How we use Information we gather and track.

With whom we may share information

Security of the information.

Storage of Information

Legal Basis for Processing

Your rights and choices

Third-Party Websites and Advertisers

California Consumer Additional Information under California Consumer Privacy Act of 2018 (“CCPA”)

Jurisdiction and Contact Information

RESPONSIBLE BUSINESS DISCLOSURE

Contact Information

855.909.2665

info@theflybook.com

Handcrafted software built in Bend, Oregon

2300 NE 4th street #6119 Bend, OR 97701

Legal Stuff Contact Us

© 2022 The Flybook All Rights Reserved

Handcrafted software
built in Bend, Oregon