nectarflow™ privacy notice

nectarflow™ Privacy Notice

Last Update: February 2023

1. General Information

1.1 Scope

This Privacy Notice (“Privacy Notice”) describes how we collect, process, and disclose information related to you as a natural person (“Personal Data”), and what rights you have with respect to the processing of your Personal Data.

Under the prerequisite that we act as Controller, this Privacy Notice applies when you:

  • visit any of our websites or social media pages, or access any online resources provided by inMultifamily;
  • access or use any of our cloud applications or platforms, such as inMultifamily and inMultifamily Partner Portal;
  • register and/or attend to any events hosted or attended by inMultifamily, including webinars;
  • contact our customer support;
  • do business with us or;
  • otherwise interact or communicate with us.

These services are hereinafter collectively referred to as the “Services”.  If you decline to provide your Personal Data or ask us to delete it, you may not be able to access or use the Services.

1.2 Name of Controller

When we refer to “nectarflow” in this Privacy Notice, we mean the entity that is responsible for the means and purposes of the processing and therefore acts as the Controller of your Personal Data, as follows:

nectarflow, LLC.

Address: 7720 E Gelding Drive Suite 100 Scottsdale, Arizona 85260

Legal representative:

Contact details: info@nectarflow.com.

Any requests or questions related to data protection may be addressed to privacy@nectarflow.com.

1.3 Update of the Privacy Notice

We may change or substitute this Privacy Notice at any time in our sole discretion. You should check back regularly for the most up-to-date version of this Privacy Notice and whenever you access one of our Services.

2. Data categories

The categories of data we process depend on your interactions with us and may include one or more of the following data categories.

"Apps" (App’s) use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy

Use of Google Workspace Data for AI/ML Purposes: nectarflow does not use, store, or retain any user data obtained through integration with Google Workspace APIs—including but not limited to Gmail, Drive, Calendar, or other Workspace services—to develop, improve, or train generalized artificial intelligence or machine learning models. Any data accessed from Google Workspace is used solely for the direct purpose of providing and enhancing the requested features and functionalities of nectarflow’s services, and is not repurposed for any form of AI/ML model training outside of the user’s immediate transactional needs.

Use of Google Workspace APIs and User Data

Scope of Data Access:
We access user data through Google Workspace APIs (including but not limited to Gmail, Drive, and Chat) only to provide or improve features that are clearly prominent and beneficial to the user within our application. We do not request access to data that is not directly needed for these functionalities.

Approved Use Cases:
We request Google Workspace API permissions solely for use cases approved by Google’s policies, such as:

  • Enhancing the email experience (e.g., processing messages to help manage workflows, automatically organizing messages, or providing requested summaries).
  • Automatically backing up relevant Drive files if our service offers that functionality.
  • Providing productivity features that interact with Chat messages or Drive files in a manner consistent with Google’s approved scenarios.
    We do not request access for any prohibited uses such as bulk commercial spam, cryptocurrency mining, broad video distribution, or circumventing Drive storage limits.

Transparency and Consent

Clear and In-Context Consent:
Before requesting access to your Google data, we will clearly explain within our application interface:

  • The specific types of data requested and the reasons for needing it.
  • How this data will be used to provide or improve user-facing features.
    We do not begin collecting Google Workspace user data until we have obtained your explicit, affirmative consent. We do not rely on passive actions like navigation away from the screen as consent.

User Control and Data Management:
We provide documentation and support to help you understand how to manage, access, or delete your data from our service. You have the right to revoke the application’s access to your Google Workspace data at any time through your Google Account settings and can request deletion of any data we hold in accordance with applicable law.

Limited Use of Data

Strict Adherence to Limited Use Restrictions:
The information we access via Google Workspace APIs is used strictly to provide or improve user-requested features within our application. We do not use this data for:

  • Selling to third parties.
  • Serving ads or personalized advertising.
  • Determining credit-worthiness or any similar lending purposes.
  • Training or improving machine learning models outside of the specific user-facing features that the user has explicitly chosen to enable.

Human Review and Data Handling:
We do not allow humans to read your Google Workspace data except under the following circumstances:

  • With your explicit and documented consent for a specific purpose (e.g., technical support to recover lost access).
  • When the data is aggregated, anonymized, and used solely for internal operations (and in compliance with applicable laws).
  • For security purposes (e.g., investigating abuse or security incidents).
  • To comply with applicable laws or regulations.

No Unauthorized Transfers:
We do not transfer, sell, or otherwise share your Google Workspace data to unauthorized third parties. We only transfer data if it is necessary to provide or improve an approved user-facing feature, with the user’s consent, or as required by law, regulation, or in the event of a merger, acquisition, or sale of assets after obtaining explicit prior consent.

Compliance With the Google User Data Policy:
Our use of information received from Google Workspace APIs adheres to the Google User Data Policy, including the Limited Use requirements. We review these policies periodically to ensure ongoing compliance.

Security Measures

Data Protection and Encryption:
We use industry-standard encryption protocols (such as HTTPS and encryption at rest) to protect all user data, including that obtained from Google Workspace APIs, both in transit and at rest. We maintain appropriate access controls, key management, and monitoring to prevent unauthorized access, disclosure, or destruction of user data.

Incident Response:
In the event of a security incident involving Google Workspace data, we will notify Google at security@google.com and any affected users as required by applicable law. We will cooperate fully with Google in investigating and resolving any such incidents, and will not make public statements about the incident before consulting with Google.

Restricted Scopes and Verification

Compliance with Restricted Scopes Requirements:
If our application requests access to Restricted Scopes (such as those for Gmail or Drive that allow reading or modifying message bodies, file content, or metadata), we maintain a robust security posture aligned with industry standards (e.g., ISO/IEC 27001 and OWASP Top 10). We also comply with all relevant OAuth 2.0 policies and guidelines and, if required, undergo periodic security assessments by a Google-designated third party.

Periodic Policy Updates:
We continually monitor Google’s policies and will update our practices and this Privacy Policy as necessary to maintain compliance. We encourage you to review this Privacy Policy periodically for changes. If at any time we cannot meet the requirements of these policies, we will cease using the relevant Google services and notify users accordingly.

Contact Us:
If you have any questions about how we handle your Google Workspace data, please reach out to support.

Affirmative Acknowledgment:
By using our services and granting the requested permissions, you acknowledge that our use of your Google Workspace data complies with Google’s User Data Policy, including the Limited Use requirements.

2.1 Contact and business data

For the use of certain Services, contact data may be processed. Contact Data consists of last name, first name, email address, physical address, phone number, country of origin and similar contact information, including in some circumstances usernames and passwords. These may be supplemented by business data such as position, company name and other similar information.

2.2 Communication and transaction data

Communication data refers to the data resulting from your interaction with us, e.g., emails, chat messages, webinars visited, files downloaded, and product interest information. We may also collect registration information related to your attendance at one of our events, including travel information, scheduling information, food preferences or allergies, and accessibility requests.

2.3 Application-related usage data

As is true of most hosted services providers, we automatically gather and analyze information on how and whether specific features of our Services are used, such as details about which of our applications and versions are being used, user interactions with the Services (including searches and other actions taken by users), the pages and files viewed, which online trainings are attended, the types of data sources queried, the types of visualizations built, system configuration information, the number and types of steps in a workflow, the type(s) of operations used and the queries submitted, as well as hardware properties such as CPU type and amount of RAM, logfile data, and date and time stamps associated with use of the Services.

2.4 Device and browser data

When you visit our websites or application, online and technical information from your computer or mobile device may be collected, such as: device type, location, information about the browser type and version, the operating system and version, the ISP or mobile carrier, the IP Address (or proxy server) and geographic areas derived from your IP address, time and date of access, duration of access, referring URL (if any), and identifiers that help us recognize your device and validate that you are a licensed user.

3. Origin of the data

In most cases, you provide the Personal Data directly to us by accessing our websites or by registering and/or using the Services. We may also obtain Personal Data from your employer in the context of providing the Services or from third party suppliers, social networks, or partners.

To enable collection of data we might use cookies, web beacons or similar technologies.

4. Purposes for processing

We use the Personal Data collected as described in this Privacy Notice, as specified in any agreement that incorporates this Privacy Notice, or as disclosed to you in connection with the Services. We do not carry out any automated decisions (incl. profiling) in the sense of Art. 22 Para. 1 and Para. 4 GDPR and Art. 6 Para. 1(b) GDPR.

4.1 Providing the requested service

We process your Personal Data to fulfill our contractual obligations to you, including to:

  • Provide and deliver products and services (including updates thereto);
  • Operate and improve our operations, systems, products and services;  
  • Understand your preferences to enhance your experience; and
  • Provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts and administrative messages and providing customer support and troubleshooting.
4.2 Comments and questions

If you contact us via our website, via email or in any other way, we process your Personal Data to understand and respond to your request and to provide customer service. In such circumstances, your request might be internally forwarded to the responsible department at inMultifamily.

4.3 Sales & Marketing activities

We may use your email address for direct advertising, to communicate news about upcoming events, products, and services, and for surveys. We also use your email address, which we receive in connection with the sale of a product or service, for direct advertising of products or services similar to the ones you ordered.

Our marketing emails permit you to opt-out of receiving further communications by selecting the “unsubscribe” link. In addition, you may opt-out from marketing communication at any time by contacting privacy@inMultifamily.com.

4.4 Statistics

To improve performance of the Services, to assess and improve the customer and user experience, to identify future opportunities for development of the Services, and to assess capacity requirements, we may analyze aggregated, anonymized or statistical information based on Personal Data.

4.5 Security & compliance

We may analyze your Personal Data to maintain the security of the Services and facilities, to enforce our terms and conditions; to protect against, investigate and deter fraudulent, unauthorized, or illegal activity; and to avoid and detect attacks on our website or applications or misuse of our Services.

5. Lawfulness of processing

When we collect and use your Personal Data, we will only do so where at least one of the following applies:

  • We need to process your Personal Data to perform our responsibilities under our contract with you and to provide you with tools and services. [see Art.6 Para 1(b) GDPR]
  • We have a legitimate interest to process your personal information. [see Art.6 Para 1(f) GDPR]
  • You have given consent to process Personal Data. [see Art.6 Para. 1(a) GDPR]
  • It is necessary for us to process your Personal Data to comply with a legal obligation. [see Art.6 Para. 1(c) GDPR]

6. Cookies and other tracking technologies

We use session-based and persistent “cookies” and similar technologies such as web beacons to increase user-friendliness and compile information about the usage of our websites and applications. Cookies are created either by us (first-party cookies) or by third-party providers determined by us (third-party cookies).

The following describes the types of further cookies we utilize:

  • Necessary Cookies. Some cookies are required for the purposes of delivering basic website functionality, including for security & authentication purposes. These cookies are strictly necessary for the operation of the website.
  • Functional Cookies. Functional Cookies enhance the functions and services on the website. Although such cookies are not entirely necessary; some website functionality may become unavailable (such as interactive content, web chat, video, personalized content, etc).
  • Performance cookies. Performance cookies collect website usage data and are aggregated to provide useful information that will be used to help us improve the performance and contents of our websites.
  • Marketing Cookies. Marketing Cookies are used to ensure that advertising and content is relevant for you and to track activity across websites in order to improve the quality of advertising targeted to you. Marketing cookies also include those provided by social media and other third party websites, which may also be used for advertising purposes.

Please find detailed information on cookies in our Cookie Notice.

7. Recipients

Your Personal Data may be transferred to affiliates and partners of the Controller as well as to a limited number of service providers (Processors) that perform processing operations such as database monitoring, hosting services, ticketing or provisioning of software tools. These service providers process Personal Data on our instructions only and have implemented state-of-the-art technical and organizational measures to safeguard the processed data. All Processors have been selected carefully and are closely monitored.

When we ask third parties to host or present at certain events like webinars or training, we may forward your Personal Data to the respective third party who may use this data to provide access to the event or may contact you for related marketing purposes.

If Personal Data is transferred to subsidiaries, partners service providers or third parties located outside the European Economic Area (EEA) which are not subject to an adequacy decision by the European Commission we will ensure that such recipient offers an adequate level of data protection, for instance by entering into EU Standard Contractual Clauses (SCCs) and implementing additional safeguards in accordance with legal requirements, or we will ask you for your prior individual consent to such international data transfers.

We may disclose your Personal Data to comply with legal requirements, such as in response to a court order or a subpoena.  In such an event, we will use all reasonable and lawfully available measures to object to overbroad, unclear or otherwise inappropriate requests for information, and will cooperate with those seeking a protective order unless we are legally prohibited from doing so. We may also share Personal Data with our auditors, attorneys or other advisors under professional obligations of confidentiality in connection with corporate functions.

8. Duration of data storage

Your Personal Data will be deleted upon your request or as soon as it is no longer required to achieve the purpose for which the Personal Data has been collected, namely, to provide the requested Services. If legal regulations (e.g., by fiscal, commercial, or contractual law) apply that require longer storage of your Personal Data, or if we need your Personal Data to assert legal claims or defend against legal claims, we will store your Personal Data until the expiration of the corresponding storage period or until the settlement of the claims.

Any user account and its related data in applications where we act as Controller will be deleted upon your request.

9. Your Rights

9.1 GDPR

Upon request, we will inform you whether and which data we have stored about you. Insofar as the legal requirements are met, you have the right to have this data corrected, blocked or deleted. You also have the right to receive Personal Data which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller under conditions and in accordance with the Regulation.

Insofar as we process your data on the basis of the balancing of interests, you have a right of objection if the legal requirements are met.

Where we are relying on consent to process your Personal Data you may withdraw your consent at any time for the future. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

You may exercise your rights by contacting us in writing, with a proof of your identity, at privacy@inMultifamily.com.

If you are resident of the EU, you also have the right to direct questions or complaints to the lead supervisory authority.

9.2 California Privacy Rights

This section provides additional details about the Personal Data we collect about California residents and the rights afforded to them under the California Consumer Privacy Act or “CCPA.” We are extending the same rights to all residents of the U.S. For purposes of the CCPA, the defined term “Personal Data” is the same as the term “Personal Information” as such term is defined in the CCPA.

For more details about the Personal Data, we have collected over the last 12 months, including the categories of sources, please see respective sections above. We collect this information for the business and commercial purposes described above. We share this information with the categories of third parties described above. We do not sell, as such term is defined in the CCPA, the Personal Data we collect and will not sell use it without providing a right to opt out. However, we do use third-party cookies for our advertising purposes as further described in our Cookie Notice. Further, we sometimes share Personal Data with our partners, or they share your Personal Data with us, but only if you have consented to have such information be shared.

Subject to certain limitations, the CCPA provides you the right to request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this information), to delete your Personal Data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

You may make a request pursuant to your rights under the CCPA by contacting us at privacy@inMultifamily.com. We will verify your request using the information associated with your account (if any), including email address. Government identification may be required. You can also designate an authorized agent to exercise these rights on your behalf.

Join Our Newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Open New Possibilities
for your Business.