Firepush - chosen by Shopify as a must-have app for driving BFCM sales! Learn more

Legal

Terms of Use

Introduction 

The FirePush software product, Firepush Ltd. (Company Registration No. 10732167) and/or its affiliated entities ("FirePush", "we" or "us") provide business owners with a selection of tools and resources that allow them to gather visitor and customer email addresses, FCM registration tokens, phone numbers, shopping data and other information to create, launch, and manage online browser push notification campaigns (the "Services").

The Services are provided subject to these terms and conditions, which also include our Anti-Spam Policy, our Privacy Policy, and any other guidelines, rules or operating policies that FirePush may establish and post on our website (the "Agreement").

These terms define the terms and conditions under which you're allowed to use FirePush, and how we'll manage your account while you're a Member. As a customer of the Service or a representative of any entity that's a customer of the Service, you're a "Member" according to this agreement (or "you").

1. Services and Support

1.1. The FirePush service is offered through the URLs firepush.io (the "Website").

1.2. An up to date browser such as Google Chrome 50+, Firefox 30+, or Opera is required in order to use the Services. A stable connection to the Internet is also required. The Services may work in a limited way on other web browsers, however they were not designed for use on web browsers other than those mentioned above.

1.3. Due to the wide variety of generation (viewing) tools available, FirePush can make no guarantee that messages will be rendered properly on all recipients' programs.

2. Account

2.1. To use FirePush, you must:

1) Be eighteen (18) years or older, and able to enter into contracts; 

2) Complete the registration process; 

3) Agree to the Terms, including our Anti-Spam Policy; 

4) Provide true, complete, and up to date legal and contact information. If you sign up for FirePush on behalf of a company or other entity, you confirm that you have the authority to accept these Terms on their behalf.

2.2. By using FirePush, you confirm that you are a business owner and/or represent a business enterprise and will use FirePush only for business purposes.

2.3. By using FirePush, you confirm that you meet all the requirements listed above, and that you won't use FirePush in a way that violates any laws or regulations. FirePush may refuse service, close user accounts, and change eligibility requirements at any time.

3. Term 

3.1. The Term begins when you sign up for FirePush and continues as long as you use the Service. Clicking the button and installing the application means that you've officially "signed" the Terms.

3.2. By installing the FirePush application you are consenting to allow Firepush to update your privacy policy page with its terms of use

4. Cancellations and Inactivity 

4.1. You or FirePush may terminate this Agreement at any time and for any reason by giving Notice to the other party. We may suspend our Service to you at any time, with or without cause.

4.2. At any time, we may terminate our Agreement with you if (a) you have breached any condition of these Terms (or have acted in a manner that clearly shows you do not intend to, or are unable to, comply with these Terms); (b) we are required to do so by law (for example, where the provision of the Services to you is, or becomes, unlawful); (c) the provision of the Services to you by us is, in our opinion, no longer commercially viable; or (d) we have decided to discontinue the Services (or any part thereof).

4.3. Once terminated, we may permanently delete your account and all the data associated with it from our Website.

4.4. If you don't log in to your account for 6 or more months, we may treat your account as "inactive" and permanently delete the account and all the data associated with it.

4.5. For all accounts, FirePush may charge an account reactivation fee should an account need to be re-activated after it has become deactivated due to breach of this Agreement and/or long period of inactivity.

4.6. If FirePush terminates this Agreement because you breached any condition in this Agreement or any applicable laws, no refund will be issued even if you have unused prepaid amounts for Services under this Agreement.

5. Account and Password 

5.1. You are responsible for keeping your account name and password confidential. You are also responsible for any account that you have access to, whether or not you authorized the use. You must notify us immediately of any unauthorized use of your account(s).

5.2. We are not responsible for any losses due to stolen or hacked passwords.

5.3. We do not have access to your current password, and for security reasons we can only reset your password.

6. Fees, Payments and Refunds 

6.1. All mandatory and optional charges for the Services ("Charges") are posted on the Website. You agree to pay FirePush according to these Terms and Charges. Monthly payments are due on the same date, or the closest date, to the day you signed up with us and made your first monthly payment. If you go over your sending limit and reach another pricing level, then you will have to upgrade your current plan or wait until push limit will be reset. Reset day can be found in Settings. 

6.2. FirePush is a month-to-month and usage charge based service, and you can cancel your premium subscription at any time. Your subscription fee is prepaid, so simply cancel prior to your monthly renewal date, otherwise you will be charged your next month's subscription fee. After you cancel, no further amounts will be charged to your credit card. However, you are responsible for any amounts already charged to your credit card. We do not issue refunds, even if you cancel immediately after your credit card is charged for the new billing period. In case of unsuccessful payment, we‘ll suspend paid features of your plan until a monthly payment can be processed.

6.3. We may introduce paid features at any time and change our pricing from time to time. All changes and updates for use of the Service are posted on our Website and/or sent by email.

6.4. All prices for Services are calculated in US dollars and your credit card will be charged in US dollars. Prices in other currencies are provided for information purposes only and might fluctuate depending on currency exchange rates.

6.5. As long as you are using paid Services and have an outstanding balance with us, you must provide FirePush’s Payment Gateway with valid credit card information and authorize us to deduct the monthly charges against that credit card. For any credit card nearing expiry, you need to update the information with a valid credit card. Anyone using a credit card represents and warrants that he or she is authorized to use that credit card, and that any and all charges may be billed to that credit card and won't be rejected. If, for any reason, we are unable to process your credit card order, we'll try to charge 3 more times in the next few days. Consecutive charge retries do not change and/or extend your monthly renewal date.

6.6. You are responsible for any taxes imposed on the Services provided under this Agreement except in cases where EU legislation requires us to collect the taxes.

6.7. As a company policy, we do not provide partial refunds for unused services, unless a system malfunction caused the problem. For instance, if you pay for our Service one month and fail to use it, we cannot give you a refund. We will give you a refund for a prepaid month if we stop providing our Services to you for a reason that is not laid out in these Terms. You will not be entitled to a refund from FirePush under any other circumstances.

6.8. We reserve the right to shut down campaigns at any time if we feel that you are abusing our system in any way. If we determine that you have abused the system in any way, and we shut down your account, we do not provide refunds for unused services.

6.9. Reselling of the Services to third parties is permitted only if you sign reseller agreement with FirePush.

7. Rights 

7.1 This is an Agreement for the Services, and you are not granted a license to any software under this Agreement (except to the extent required for you to use the Services). 

Except to the extent that applicable laws prevent FirePush from doing so, you will not, directly or indirectly: 

(i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of, or found at or through the Services or any software, documentation, or data related to the Services ("Software"); 

(ii) remove any proprietary notices or labels from the Services or any Software; reproduce or copy the Software or the Services or any part thereof; 

(iii) modify, translate, or create derivative works based on the Services or any Software; 

(iv) copy, distribute, pledge, assign, or otherwise transfer or encumber rights to the Services or any Software; 

(v) create any derivative product from any of the foregoing; 

(vi) without our express written permission, introduce software, automated agents or scripts to the Services so as to produce multiple accounts, generate automated searches, requests and queries, or to strip or mine data from the Services; 

(vii) perform or publish any performance or benchmark tests or analyses relating to the Services or the use thereof; or 

(viii) allow third parties to gain access to the Services or to otherwise use the Services in any manner other than as expressly permitted in this Agreement.

7.2. The Services shall be used for your internal business purposes only and you shall not use the Services or any Software for the benefit of a third party. If you intend to use the Services as an agency for the benefit of your client, please contact FirePush in advance to let us know.

7.3 You acknowledge and agree that the Services, the Software, the FirePush company names, logos, and all related product and service names, design marks and slogans, and all other material comprising the Software or the Services, are the property of FirePush or its affiliates or suppliers (collectively, the "Marks"). Unless stated otherwise, all Marks are protected by the copyright, trade dress, trademarks and/or other intellectual properties are owned by FirePush or by other parties that have licensed their material to FirePush. You are not authorized to use any of the Marks in any advertising, publicity or any other commercial manner without the prior written consent of FirePush. Your use of the Services confers no title or ownership on the Services, the Software or the Marks and is not a sale of any rights on the Services, the Software or the Marks. All ownership rights remain with FirePush or its third party suppliers, as the case may be.

7.4. You represent and warrant that you either own or have permission to use all of the material in your emails. You retain ownership of any materials you upload to the Service. We may use or disclose your materials only as we describe in these Terms and our Privacy Policy.

7.5. You are solely responsible for any content and other material that you submit, publish, transmit, or display on, through, or with our Services ("Content"). You grant us a non-exclusive, worldwide, royalty-free and fully paid license to use the Content, as necessary, for the purposes of providing the Services to you and other users of the Services. All rights in and to the Content not expressly granted to us in this Agreement are reserved by you.

7.6. You acknowledge and agree that any comments, ideas and/or reports provided to FirePush ("Feedback") shall be the property of FirePush and you hereby irrevocably transfer and assign to FirePush such Feedback, and all associated intellectual property rights, provided however that you shall be free to use such Feedback in the ordinary conduct of your business.

8. Privacy Policy 

8.1. In using the varied features of the Services, you may provide information (such as name, contact information, or other registration information) to FirePush. FirePush may use this information and any technical information about your use of the Services to tailor its presentations to you, facilitate your movement through the Services, or to communicate separately with you.

8.2 We may use and disclose your information according to our Privacy Policy. Our Privacy Policy will be treated as a part of these Terms.

8.3. We may view, copy, and internally distribute content from your emails and account to create algorithms and programs ("Tools") that help us spot problem accounts. We use these Tools to find Members who violate these Terms or laws.

8.4. FirePush will not use any of your subscriber lists or any other customer information for any other purposes than those related to the Services. Your customer information will not be shared with any other parties.

8.5. In order to improve our Services and understand what our customers want, we track some information. 

i) Shop data from Shopify

  • Shopify domain: required to send web push messages
  • Domain name: required to send web push messages
  • Shopify shop ID: required for identification purposes
  • Shop owner name: required for identification purposes
  • Shop email: required to contact shop owner
  • Shop support email: required to contact shop support
  • Shop currency: required to provide statistical information to shop owner
  • Shop currency format: required to provide statistical information to shop owner
  • Shop time-zone: required to send web push messages
  • Shop https enabled: required to send web push messages
  • Shopify shop plan name: required for statistical purposes 
  • Shop owner review about FirePush app: required for statistical purposes 
  • Shop password enabled: required to send web push messages
  • Shop country code: required for statistical purposes
  • Shop single random product title: required to provide a preview inside the dashboard
  • Shop single random product image and image size: required to provide a preview inside the dashboard
  • Shop single random product price: required to provide a preview inside the dashboard

ii) Shop data filled in by shop owner:

  • Subscribers: required to send web push messages
  • Push notifications information: required to send web push messages
  • Push campaigns: statistics, for support purposes
  • Selected plan: statistics, for support purposes
  • Firebase API key: required to send web push messages
  • Firebase sender ID: required to send web push messages
  • Firebase project name: required to send web push messages
  • Facebook pixel: required to track and send Facebook events to Facebook platform
  • Facebook catalogue URL: required so shop owner can import shop products inside Facebook ads platform 

iii) Shop subscribers data:

  • Reg_ID: required to send web push messages
  • Time-zone: required for statistical purposes 
  • Platform (Windows, iOS, etc...): required to send web push messages
  • Browser (Chrome, Opera, Firefox): required to send web push messages
  • Device type (tablet, desktop, mobile): required to send web push messages
  • Device model (iPhone, Samsung, etc...): required to send web push messages
  • IP address: required to send web push messages
  • Email address: required to send email campaigns
  • Phone number: required to send SMS campaigns
  • Country code: required to send web push messages

9. Compliance 

9.1. You must not use the Services to distribute illegal contests, pyramid schemes, chain letters, multi-level marketing campaigns, or any other prohibited material.

9.2. You must not use the Services to send browser push notification campaigns that link to or display nudity, obscene content, gambling related content, illegal software, viruses, or to distribute any other content that we deem inappropriate.

9.3. You must not use the Services to send unsolicited browser push notifications (sometimes called "spam"). See our Anti-Spam Policy (which forms part of this Agreement) for further information.

9.4. The Services may only be used for lawful purposes. Transmission or solicitation of any material that violates EU laws, or other laws that may apply in your local area, is prohibited. This may include material that is obscene, threatening, harassing, libellous, or in any way a violation of intellectual property laws or a third party's intellectual property rights. If you violate any of these rules, then we may suspend or terminate your Account.

9.5. You may only use our bandwidth for your FirePush browser push notifications. We provide image hosting only for your browser push notification campaigns, so you must not host images on our servers for anything other than your browser push notification campaigns (like a website). We may stop your sending or connection through our API at our discretion.

9.6. You represent and warrant that your use of FirePush will comply with all applicable laws and regulations. You are responsible for determining whether our Services are suitable for you to use in light of any regulations like HIPAA, GLB, EU Data Privacy Laws, or other laws. If you are subject to regulations (like HIPAA) and you use our Service, then we won't be liable if our Services don’t meet those requirements.

9.7. If you are located in the European Economic Area (EEA) or send to anyone in the EEA, you represent and warrant that in creating your email distribution list, sending emails and browser push notifications via FirePush, and collecting information as a result of sending emails, you: 

a) Will clearly describe in writing how you plan to use any data collected, including for your use of FirePush. You will get express consent to transfer data to FirePush as part of this process, and you will otherwise comply with whatever privacy policy you have posted. 

b) Have complied, and will comply, with all regulations, as well as data protection, electronic communication, and privacy laws that apply to the countries where you are sending any form of browser push notification through FirePush. 

c) Have collected, stored, used, and transferred all data relating to any individual in compliance with all data protection laws and regulations. You have the necessary permission to allow FirePush to receive and process data and send communications to that individual on your behalf.

d) Agree to indemnify and hold us harmless from any losses, including attorney fees that result from your breach of any part of these warranties.

10. Limitation of Liability 

10.1. To the maximum extent permitted by law, you assume full responsibility for any loss that results from your use of the Website and the Services, including any downloads from the Website. We and our Team are not liable for any indirect, punitive, special, or consequential damages under any circumstances, even if they're based on negligence or we've been advised of the possibility of those damages. Our total liability for all claims made about the Service in any month will be no more than what you paid us for the Service the month before.

11. No Warranties

11.1. To the maximum extent permitted by law, we provide the material on the Website and the Service as is. That means we don't provide warranties of any kind, either express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose.

11.2. From time to time, down-time, either scheduled or unscheduled, may occur. FirePush will work within reason to ensure this amount of down-time is limited. FirePush will not be held liable for the consequences of any down-time.

11.3. FirePush cannot guarantee that any file or program available for download and/or execution from or via the Services is free from viruses or other conditions which could damage or interfere with data, hardware or software with which it might be used. You assume all risk of use of all files associated with the Services, and you release FirePush entirely of all responsibility for any consequences of its use.

12. Indemnity 

You agree to indemnify and hold us and our Team harmless from any losses (including attorney fees) that result from any claims you make that aren't allowed under these Terms due to a "Limitation of Liability" or other provision. You also agree to indemnify and hold us harmless from any losses (including attorney fees) that result from third-party claims that you or someone using your password did something that, if true, would violate any of these Terms.

13. Liquidated Damages 

In some cases, a breach of these Terms could cause damages, but proving the actual damages may be impossible. These cases will result in corresponding liquidated damages, which are a reasonable pre-estimate of the damages:

a) If you send messages that violate Anti-Spam laws and/or our Anti-Spam Policy, then the liquidated damages will be 1000 EUR. 

b) If you send messages with inappropriate content as listed in this Terms, then the liquidated damages will be 800 EUR. 

c) If you host images for anything other than your emails, or use our resources in any way that is not permitted by these Terms, then the liquidated damages will be 500 EUR.

14. Equitable Relief 

If you violate these Terms then we may seek injunctive relief (meaning we may request a court order to stop you) or other equitable relief.

15. Disclaimers 

We and our Team are not responsible for the behaviour of any advertisers, linked websites, or other Members.

16. Assignments 

You may not assign any of your Rights under this Agreement to anyone else. We may assign our Rights to any other individual or entity at our discretion.

17. Choice of Law 

Republic of Lithuania's laws will apply to any dispute related to these Terms or the Service. Any dispute related to the Terms, the Privacy Policy, or the Service itself will be decided by the State and Federal Courts in Lithuania, and each party will be subject to the jurisdiction of those courts.

18. Force Majeure

We won't be held liable for any delays or failure in performance of any part of the Service, from any cause beyond our control. This includes, but is not limited to changes to laws or regulations, embargoes, war, terrorist acts, riots, fires, earthquakes, nuclear accidents, zombie apocalypse, floods, strikes, power blackouts, volcanic action, unusually severe weather conditions, and acts of hackers or third-party internet service providers.

19. Survivability 

Even if this Agreement is terminated, the following sections will continue to apply: Rights, Compliance, Limitation of Liability, No Warranties, Indemnity, Choice of Law, Severability, and Entire Agreement.

20. Severability 

If it turns out that a section of this Agreement isn't enforceable, then that section will be removed or edited as necessary, and the rest of the Terms will still be valid.

21. Interpretation 

The headers are provided only to make this agreement easier to read and understand.

22. Amendments and Waiver

22.1. Amendments or changes to these Terms won't be effective until we post revised Terms on the Website. That aside, additional terms may apply to certain features of the Service ("Additional Terms"). The Additional Terms will be considered incorporated into these Terms when you activate the feature. Where there's a conflict between these Terms and the Additional Terms, the Additional Terms will control. If we don't immediately take action on a violation of these Terms, we are not giving up any rights under the Terms, and we may still take action at some point.

22.2. If you have written agreement (the “Written Agreement“) with us or our authorized reseller to use FirePush and there‘s a conflict between these Terms and the Written Agreement, the Written Agreement will control. You are bound by these Terms in all matters that are not covered in the Written Agreement.

23. Notification of Security Breach 

In the event of a security breach that may affect you or anyone on your email distribution lists ("List"), we'll notify you of the breach and provide a description of what happened. If we determine, and notify you, that you need to forward all or part of that information to anyone on your Lists, you must promptly do it.

24. Notices 

Any notice to you will be effective when we send it to the last email or physical address you gave us or posted on our Website. Any notice to us will be effective when delivered to us along with a copy to our legal counsel: Attn. Legal Department, Firepush Ltd, 93 Fernside road, Poole, United Kingdom, or any addresses as we may later post on the Website.

25. Entire Agreement 

These Terms, our Privacy Policy, API Guidelines (all of which are incorporated into these Terms by reference), and any Additional Terms you've agreed to, make up the entire agreement and supersede all prior agreements, representations, and understandings.

 

Last updated: 22nd May 2018

Privacy Policy

Firepush Ltd. (the "Company") is committed to protecting the privacy of individuals who visit the Company's Web sites and individuals who register to use the Services as defined below.

This Privacy Policy describes the Company's privacy practices in relation to the use of the Company's Web sites and the related applications and services offered by Firepush Ltd. under various brands, and which applications and services are accessible via the Company Web sites listed below (the "Services").

1. Websites Covered This Privacy Policy covers the information practices of Web sites that link to this Privacy Policy, including www.firepush.io, www.getfirepush.io, www.fpu.sh and local variations (collectively referred to as "the Company's Web sites"). The Company's Web sites may contain links to other Web sites. The information practices or the content of such other Web sites are governed by the privacy statements of such other Web sites.

2. Information collected The Company collects individually identifiable information ("Personal Information") from individuals who visit the Company's Web site ("Web Site Visitors") and individuals who register to use the Services ("Customers"). When expressing an interest in obtaining additional information about the Services or registering to use the Services, the Company requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address ("Required Contact Information"). When purchasing the Services, the Company may require you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services ("Billing Information"). Required Contact Information, Billing Information, and optional information about Customers are referred to collectively as "Data About Customers". As you navigate the Company's Web sites, Company may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons ("Web Site Navigational Information"). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol ("IP") address, geolocation and the actions you take on the Company's Web sites (such as the Web pages viewed and the links clicked). When Customer uploads or creates an email distribution list or put together an email campaign via Company's Services, the Company has access to the data on your list and the information in your campaign. When Customer sends emails to his recipients, the Company always tracks who opened the emails and who clicked on any of the hyperlinks included. This information is used to measure and report the performance of email campaigns, and to improve Services. The Company may obtain additional information about Customer's e-mail recipients by using recipient's email address, or other information, to directly, or through one or more services, search over the internet, or elsewhere. The Company thereby obtain information that appears to be related to such email address or other information, such as a name, age and participation in social media websites ("Supplemental Member Information").

3. Subscriber lists, Campaign content and Campaign reports The Company ensures that all subscriber lists, email content and reports remain private and confidential. The Company may scan the content of your campaigns to ensure it complies with the Company's Terms of Use. The Company will not sell, rent, loan or invite external access to a customer's contact lists. Nor will Company themselves use customer's contact lists for any purpose.

4. Use of information collected The Company uses Data About Customers to perform the services requested. For example, if you fill out a "Contact Me" Web form, the Company will use the information provided to contact you about your interest in the Services. The Company may also use Data About Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events. The Company may use Data About Customers to send System Alert Messages to let you know about temporary or permanent changes to our Services including planned outages, new features offered, version updates, point releases, major releases, abuse warnings, changes to our Terms of Use and Privacy Policy and possibly other documents and agreements. The Company may use Data About Customers to help enforce compliance with our Terms of Use, Anti-Spam Policy and applicable law including, but not limited to, helping to create white lists and black lists, to develop and test algorithms, heuristics and other methods and tools for detecting violations and to apply those methods and tools. The Company uses Data About Customers to provide customer support and obtain feedback. The Company uses Billing Information solely to check the financial qualifications and collect payment for the Services. The Company uses Web Site Navigational Information to operate and improve the Company's Web sites. The Company may also use Web Site Navigational Information alone or in combination with Data About Customers to provide personalized information about the Company and the Services. Company may use both Data About Customers and Web Site Navigational Information to enforce the Company's Web site policies, or to protect the Company's rights and intellectual property or the rights of others using the Company's Web sites or the Services.

5. Sharing of information collected The Company may share Data About Customers with the Company's contracted service providers so that these service providers can provide services on the Company's behalf. Company may also share Data About Customers with the Company's service providers to ensure the quality of information provided. Unless described in this Privacy Policy, Company does not share, sell, rent, or trade any information with third parties for their promotional purposes. The Company may use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company's behalf. The Company reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company's rights and/or to comply with a judicial proceeding, court order, or legal process.

6. Correcting and updating you information The Company does it's best to keep Customer's data accurate and up-to-date to the extent that Customer provides the Company with the information the Company require to do that. If Customer's data changes (including, but not limited to, a change in Customer's email address) then Customer is responsible for notifying Company of those changes so that Company can keep Customer's records up-to-date. The Company will give Customer access to any of his Personal Information that the Company holds about him/her within 30 days of any request Customer makes for such information. The Company may charge for providing this information to Customer, as permitted by applicable law. Customers may update or change their registration information by editing their user or organization record. To update a user profile, please login to the applicable Services with your TK Digital Connect username and password and edit your user settings, or send your request to tom@firepush.io. To update an organization's information, please send your request to tom@firepush.io.

7. Security The Company takes precautions, including administrative, technical, and physical measures – to help safeguard Data About Customers against loss, theft, and misuse as well as unauthorized access, disclosure, alteration, and destruction. Service users are solely responsible for protecting their passwords, limiting access to their computers, and signing out of the Services after their sessions. The Company will notify Customer, as soon as possible, if a breach in security results in an unauthorized intrusion into Company's system which materially affects Customer or people on Customer's databases, and will subsequently report the corrective action taken in response to the intrusion.

8. Changes to this Privacy Policy The Company reserves the right to change this Privacy Policy. The Company will provide notification of the material changes to this Privacy Statement through the Company's Web sites and via e-mail if permission is given by Customer to be e-mailed at least thirty (30) days prior to the change taking effect.

9. In order to improve our Services and understand what our customers want, we track some information. 

9.1.) Shop data from Shopify

  • Shopify domain: required to send web push messages
  • Domain name: required to send web push messages
  • Shopify shop ID: required for identification purposes
  • Shop owner name: required for identification purposes
  • Shop email: required to contact shop owner
  • Shop support email: required to contact shop support
  • Shop currency: required to provide statistical information to shop owner
  • Shop currency format: required to provide statistical information to shop owner
  • Shop time-zone: required to send web push messages
  • Shop https enabled: required to send web push messages
  • Shopify shop plan name: required for statistical purposes 
  • Shop owner review about FirePush app: required for statistical purposes 
  • Shop password enabled: required to send web push messages
  • Shop country code: required for statistical purposes
  • Shop single random product title: required to provide a preview inside the dashboard
  • Shop single random product image and image size: required to provide a preview inside the dashboard
  • Shop single random product price: required to provide a preview inside the dashboard

9.2.) Shop data filled in by shop owner:

  • Subscribers: required to send web push messages
  • Push notifications information: required to send web push messages
  • Push campaigns: statistics, for support purposes
  • Selected plan: statistics, for support purposes
  • Firebase API key: required to send web push messages
  • Firebase sender ID: required to send web push messages
  • Firebase project name: required to send web push messages
  • Facebook pixel: required to track and send Facebook events to Facebook platform
  • Facebook catalogue URL: required so shop owner can import shop products inside Facebook ads platform 

9.3.) Shop subscribers data:

  • Reg_ID: required to send web push messages
  • Time-zone: required for statistical purposes 
  • Platform (Windows, iOS, etc...): required to send web push messages
  • Browser (Chrome, Opera, Firefox): required to send web push messages
  • Device type (tablet, desktop, mobile): required to send web push messages
  • Device model (iPhone, Samsung, etc...): required to send web push messages
  • IP address: required to send web push messages
  • Email address: required to send email campaigns
  • Phone number: required to send SMS campaigns
  • Country code: required to send web push messages

10. Contacts If you have any questions about our Privacy Policy, or if you want to report privacy abuse, please contact us: Firepush Ltd, 93 Fernside road, Poole, United Kingdom Phone +447449874447 info@firepush.io

AntiSpam Policy

Effective starting: November 1, 2016 (view archive)

By using Firepush You (You or User) agree to Terms of use (Terms) and this Anti-Spam Policy which is integral part of Terms.

Basic overview
User may not use a Firepush to directly or indirectly send, transmit, handle, distribute or deliver: (a) unsolicited email (“spam” or “spamming”); (b) email to an address obtained via internet harvesting methods or any impermissible electronic collection of address or other information; or (c) email to an address that is incomplete, inaccurate and/or not updated for all applicable opt-out notifications.

Spam is any email you send to someone who has not given you their direct permission to contact them on the topic of the email.

Firepush reserves the right to supplement, modify, amend or supersede this Anti-Spam Policy, notifying User via e-mail or user portal, or by posting a revised copy on the Firepush website. User agrees to review the Anti-Spam Policy on a regular basis and remain in compliance at all times.

2. Permission gathering

To send email, SMS message, web push message to anyone using Firepush, you must have clearly obtained their permission. This could be done through:

A. An email, phone, web push newsletter subscribe form on your web site.
B. An opt-in checkbox on a form. This checkbox must not be checked by default, the person completing the form must willingly select the checkbox to indicate they want to hear from you.
C. Customers who have purchased from you within the last 12 months or have an ongoing contract with you.
D. If someone completes an offline form like a survey or enters a competition, you can only contact them if it was explained to them that you would be contacting them by email AND they ticked a box indicating they would like you to contact them.
3. Inappropriate addresses

By using Firepush, you agree not to import or send to any email address which:

A. You do not have explicit, provable permission to contact in relation to the topic of the email, SMS text or web push message you’re sending.
B. You bought, loaned, rented or in any way acquired from a third party, no matter what they claim about quality or permission. You need to obtain permission yourself.
C. You haven’t contacted via email in the last 12 months.
D. You scraped or copy and pasted from the web
4. Opt-out policy

Every message you send using Firepush must include the following:

A. Recipient’s email address subscribed to the list.
B. The name and physical address of the sender as well as current and accurate full legal entity name. If you’re sending an email for your client, you’ll need to include your client’s details instead.
C. An advisement that the recipient may unsubscribe, opt-out or otherwise demand that use of its information cease for unsolicited or otherwise impermissible and/or inappropriate communication(s) as described herein.
D. Information on one or more methods by which the recipient may notify User of its election to unsubscribe, opt out or otherwise demand that use of its information cease for unsolicited or otherwise impermissible and/or inappropriate communication(s) as described herein.
E. A single-click unsubscribe link that instantly removes the subscriber from your list. No input from the user, other than confirmation, should be required. Once they unsubscribe, you can never email them again, other than sending final confirmation/reminder regarding successful unsubscribing.
User warrants it shall comply promptly with all opt out, unsubscribe, “do not call” and “do not send” requests.

Those recipients whose email addresses bounce multiple of time will be unsubscribed from your list automatically.

5. Verification procedures

Firepush has various layers of approval and monitoring to ensure you comply with our anti-spam policy:

A. Firepush is integrated into 3rd party spam reporting systems used by some of the biggest ISP’s and e-mail service providers like Outlook and AOL. If you don’t have permission and someone marks your campaign as spam, we’ll know about it the moment that button is pressed. If you receive a complaint rate greater than 0.1% of all recipients (that’s 10 complaints for every 10,000 recipients), bounce rate greater than 4% of all delivered emails, unsubscribe rate greater than 2%, or “removed” rate greater than 5% you will receive a warning email requesting an explanation and giving you advice. “Removed” rate is a sum of bounce, complaint and unsubscribe rate. Higher levels of complaints and/or bounces will result in accounts being marked as spamming and locked or terminated. Getting two or more warnings (related to poor performance of your campaign) during the period of 3 months will result in your account being locked or terminated and all special bonuses like discounts or extra features being removed.
B. Our team might verify selected large lists imported into our system.
C. We monitor blacklists and our abuse accounts all day every day. We can pinpoint who is causing us delivery problems or attracting complaints very easily.
D. If we notice that your mailing list contains one or multiple spam traps, you’ll be asked to clean your list. If you do not clean your mailing list within given period of time, your account will be locked or terminated. A spam trap is an email address traditionally used to expose illegitimate senders who add email addresses to their lists without permission. But they are also set up to identify email marketers with poor permission and list management practices. Firepush will assist you in cleaning your mailing list with instructions, personal advice from support team and, in some occasions, paid service of list cleaning.
If we discover that you’re emailing people without their permission and/or massively using inaccurate email addresses, we will terminate your account with Firepush immediately.

6. Contacts

If you have any questions about our Anti-Spam Policy, or if you want to report spamming activity by one of our customers, please contact us

SMS Terms of Service & Anti Spam Policy

SMS TERMS OF SERVICE 

The following is a legal agreement between yourself (individual, company or any other entity) and Firepush Ltd (Firepush), including any services or software products developed by Firepush Ltd. 

Firepush services include products and services sold via getfirepush.com. tobi.ai and the Shopify App store. 

By using any of the Firepush services or registering for these services, you agree that you have read, understood and accepted the terms and conditions listed within these Terms of Service. 

If you do not accept this agreement or agree to all terms within these Terms of Service, you are not authorised to use any Firepush services. 

We may amend the terms of these Terms of Service at our discretion. When we do this, we will post the changes on our website, including the date of any amendment. 

Your use of any Firepush service implies that you accept any amendments we have made. It is your responsibility to review these Terms of Service for any changes. 

1. Account

1.1.You must be 18 years or older to use Firepush services.

1.2.In order to access and use Firepush services, you must create an account. You will need to provide a valid email address and telephone number in order to do this.

Any virtual or third-party phone number or landline number will be flagged up and delay the registration process.

Firepush may cancel your account or reject your registration at our discretion.

1.3.You agree that we can use your email address and/or phone number for communication purposes.

1.4.You are responsible for any content you send using our services, including text, images, links, promotions, automations etc.

1.5. Firepush may terminate your account and stop your services should you violate any of the points within these Terms of Service. 

2. Payments

2.1.Payments made via the Shopify App store are processed by Shopify Payment Processor.

If you pay for the service as your employer, rather than yourself, your employer is bound to the service. If you sign up for any of our plans or activate the auto-recharge option, you will be charged for our services on a recurring basis. Any plan you purchase from us will automatically renew unless you cancel your plan. 

3. Acceptable Use

3.1. You may only use our services to contact recipients who expect your messages.

3.2.You may only contact recipients whose contact details you have lawfully gathered.

Check our Best Practice post for more information on how to gather contact details using opt-in forms and subscribing.

3.3.You may only use our services for transnational purposes, to notify your users of the status of their order or information about its shipping, packing, and payment.

3.4.You may only use our services for marketing purposes, following local requirements and best practices, including obtaining consent from users that they agree to receiving your messages, including your business or brand name, a brief offer, and links for customers to find out more.

3.5.You may only use our services if you include a way for users to opt-out and unsubscribe if they no longer wish to receive messages from you (USA and Canada). 

4. Prohibited use of service

4.1.You may not use the service with purchased, leased, transferred, rented or stolen numbers that do not have customer consent for receiving marketing.

4.2.You may not use the service in connection with child exploitation, harassment, hateful content, threats, illegal activities, malicious or deceptive practices, scams, spam, terrorism, indecent content, pornographic content, sexual content, or any content intended to cause distress, annoyance, inconvenience, worry or upset to the recipient.

4.3.You may not use your account to represent yourself as a third-party or bypass any legitimate identification systems.

4.4.You may not test or reverse-engineer the services in order to find limitations or vulnerabilities, or to evade any filtering systems.

4.5.You may not use copyright trademarks or other intellectual property without the written permission of the holder of these rights.

4.6.You may not bring the Firepush brand into disrepute. 

Should any prohibited messages be transmitted using our SMS messaging service, Firepush may temporarily suspend your account at its discretion until the matter is resolved to Firepush’s satisfaction. In extreme cases, Firepush may terminate your account and any agreement. 

In the instance of any fines being levied against Firepush as a result of prohibited messages being sent using the Firepush SMS service, the user responsible for those messages, or the user whose account has sent those messages will be held liable to pay the fines in their entirety. 

5. Limitation of Liability

To the maximum extent permitted by law, you assume full responsibility for any loss resulting from your use of Firepush Services. Firepush will not be liable for any indirect, punitive, special or consequential damages under any circumstances, including if these are due to negligence or Firepush has been advised of the possibility of those damages. Firepush’s liability for all claims against the service in any month will be no more than what you have paid for the service in the previous month. 

6. No warranty

6.1.To the maximum extent permitted by law, Firepush provides the material on the E-commerce App website. This means Firepush does not provide warranties of any kind, either express or implied, included but not limited to warranties of merchantability or fitness to any particular purpose. Since people use Firepush for a variety of reasons, we cannot guarantee that Firepush services will meet your specific needs.

6.2.Firepush cannot guarantee the services will be uninterrupted, timely or free of errors.

6.3.Firepush cannot guarantee that the quality of the services will meet your expectations. 

7. Suspension of Services and Refunds

7.1.Should you wish to cancel your service and have not used the service at all (i.e. if you haven’t sent any messages), you are eligible for a refund of what you have paid. You must comply with the terms of Acceptable Use in order to be eligible for a refund.

7.2.Should you wish to cancel your account via Shopify or any other app, you must uninstall the application.

7.3.Should you use the service along with any of the points in 4. Prohibited Use of Service, Firepush reserves the right to terminate your account immediately and you will not be eligible for any refunds.

ANTI SPAM POLICY

Effective starting: November 1, 2016 (view archive)

By using Firepush You (You or User) agree to Terms of use (Terms) and this Anti-Spam Policy which is integral part of Terms.

Basic overview
User may not use a Firepush to directly or indirectly send, transmit, handle, distribute or deliver: (a) unsolicited email (“spam” or “spamming”); (b) email to an address obtained via internet harvesting methods or any impermissible electronic collection of address or other information; or (c) email to an address that is incomplete, inaccurate and/or not updated for all applicable opt-out notifications.

Spam is any email you send to someone who has not given you their direct permission to contact them on the topic of the email.

Firepush reserves the right to supplement, modify, amend or supersede this Anti-Spam Policy, notifying User via e-mail or user portal, or by posting a revised copy on the Firepush website. User agrees to review the Anti-Spam Policy on a regular basis and remain in compliance at all times.

2. Permission gathering

To send email, SMS message, web push message to anyone using Firepush, you must have clearly obtained their permission. This could be done through:

A. An email, phone, web push newsletter subscribe form on your web site.
B. An opt-in checkbox on a form. This checkbox must not be checked by default, the person completing the form must willingly select the checkbox to indicate they want to hear from you.
C. Customers who have purchased from you within the last 12 months or have an ongoing contract with you.
D. If someone completes an offline form like a survey or enters a competition, you can only contact them if it was explained to them that you would be contacting them by email AND they ticked a box indicating they would like you to contact them.
3. Inappropriate addresses

By using Firepush, you agree not to import or send to any email address which:

A. You do not have explicit, provable permission to contact in relation to the topic of the email, SMS text or web push message you’re sending.
B. You bought, loaned, rented or in any way acquired from a third party, no matter what they claim about quality or permission. You need to obtain permission yourself.
C. You haven’t contacted via email in the last 12 months.
D. You scraped or copy and pasted from the web
4. Opt-out policy

Every message you send using Firepush must include the following:

A. Recipient’s email address subscribed to the list.
B. The name and physical address of the sender as well as current and accurate full legal entity name. If you’re sending an email for your client, you’ll need to include your client’s details instead.
C. An advisement that the recipient may unsubscribe, opt-out or otherwise demand that use of its information cease for unsolicited or otherwise impermissible and/or inappropriate communication(s) as described herein.
D. Information on one or more methods by which the recipient may notify User of its election to unsubscribe, opt out or otherwise demand that use of its information cease for unsolicited or otherwise impermissible and/or inappropriate communication(s) as described herein.
E. A single-click unsubscribe link that instantly removes the subscriber from your list. No input from the user, other than confirmation, should be required. Once they unsubscribe, you can never email them again, other than sending final confirmation/reminder regarding successful unsubscribing.
User warrants it shall comply promptly with all opt out, unsubscribe, “do not call” and “do not send” requests.

Those recipients whose email addresses bounce multiple of time will be unsubscribed from your list automatically.

5. Verification procedures

Firepush has various layers of approval and monitoring to ensure you comply with our anti-spam policy:

A. Firepush is integrated into 3rd party spam reporting systems used by some of the biggest ISP’s and e-mail service providers like Outlook and AOL. If you don’t have permission and someone marks your campaign as spam, we’ll know about it the moment that button is pressed. If you receive a complaint rate greater than 0.1% of all recipients (that’s 10 complaints for every 10,000 recipients), bounce rate greater than 4% of all delivered emails, unsubscribe rate greater than 2%, or “removed” rate greater than 5% you will receive a warning email requesting an explanation and giving you advice. “Removed” rate is a sum of bounce, complaint and unsubscribe rate. Higher levels of complaints and/or bounces will result in accounts being marked as spamming and locked or terminated. Getting two or more warnings (related to poor performance of your campaign) during the period of 3 months will result in your account being locked or terminated and all special bonuses like discounts or extra features being removed.
B. Our team might verify selected large lists imported into our system.
C. We monitor blacklists and our abuse accounts all day every day. We can pinpoint who is causing us delivery problems or attracting complaints very easily.
D. If we notice that your mailing list contains one or multiple spam traps, you’ll be asked to clean your list. If you do not clean your mailing list within given period of time, your account will be locked or terminated. A spam trap is an email address traditionally used to expose illegitimate senders who add email addresses to their lists without permission. But they are also set up to identify email marketers with poor permission and list management practices. Firepush will assist you in cleaning your mailing list with instructions, personal advice from support team and, in some occasions, paid service of list cleaning.
If we discover that you’re emailing people without their permission and/or massively using inaccurate email addresses, we will terminate your account with Firepush immediately.

6. Contacts

If you have any questions about our Anti-Spam Policy, or if you want to report spamming activity by one of our customers, please contact us

EU Data Protection Addendum - FirePush

The customer who agrees to these terms (“Customer”) enters into an agreement with FirePush Ltd (“FirePush”) under which FirePush agrees to provide services to the Customer (services can be amended from time to time, the “Agreement“).

This Data Protection Addendum, including attachments (“Addendum”), is effective and replaces any previously applicable data processing and security terms as of the Addendum Effective Date (defined below). This Addendum forms part of the Agreement and consists of (a) the main body of the Addendum; (b) Subject Matter and Detail of Data Processing (Attachment 1); (c) Security Measures (Attachment 2); 

1. Definitions

For purposes of this Addendum, the terms below shall have the detail the meanings as below.  Capitalized terms that are used but not otherwise defined in this Addendum shall detail the meanings in the Agreement.

1.1 “Addendum Effective Date” means, as applicable, (a) 25 May 2018, if the parties agreed to this Addendum prior to or on that date; or (b) the date on which the parties agreed to this Addendum, if that date is after 25 May 2018.

1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.

1.3 “Audit Reports” - refer to meaning given in Section 5.4.4.

1.4 “Customer Personal Data” refers to any personal data contained within the data provided to or accessed by FirePush by or on behalf of the Customer or the Customer’s end users in connection with the Services.

1.5 “EEA” refers to the European Economic Area.

1.6 “EU” refers to the European Union.

1.7 “European Data Protection Legislation” means the GDPR and other data protection laws of the EU, its Member States, and the United Kingdom, applicable to the processing of Customer Personal Data under the Agreement.

1.8 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.9 “Information Security Incident” means a breach of FirePush’s security, leading to the accidental or unlawful loss, alteration, destruction, unauthorized disclosure of, or access to, Customer Personal Data in FirePush’s possession, custody or control. “Information Security Incidents” do not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

1.10 “Model Contract Clauses” or “MCCs” refer to the standard data protection clauses for the transfer of personal data to processors established in countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.

1.11 “Security Documentation” refers to all documents and information made available by FirePush under Section 5.4.1 (Reviews of Security Documentation).

1.12 “Security Measures” - see Section 5.1.1 (FirePush’s Security Measures).

1.13 “Services” means the services and/or products provided by FirePush to the Customer under the Agreement.

1.14 “Sub Processors” refers to the third parties authorized under this Addendum to process Customer Personal Data related to the Services.

1.15 “Term” means the period from the Addendum Effective Date until the end of FirePush’s provision of the Services.

1.16 “Third Party Sub Processors” - see Section 9 (Sub Processors).

1.17 “Transfer Solution” means the Model Contract Clauses or another solution that enables the lawful transfer of personal data to a third party in accordance with Article 45 or 46 of the GDPR (for example, the EU-U.S. Privacy Shield).

1.18 The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Addendum have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses.

2. Duration of Addendum

This Addendum will take effect on the Addendum Effective Date (25th May 2018) and, notwithstanding the expiration of the Term, will remain effective until, and automatically expire upon, FirePush’s deletion of all Customer Personal Data as described in this Addendum.

3. Processing of Data

3.1 Roles & Regulatory Compliance; Authorization.

3.1.1 Processor and Controller Responsibilities. 

If the European Data Protection Legislation applies to the processing of Customer Personal Data, the parties acknowledge and agree that:

(a) The subject matter and details of processing are described in Attachment 1;

(b) FirePush is a processor of that Customer Personal Data under the European Data Protection Legislation;

(c) The Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Legislation; and

(d) Each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.

3.1.2 Authorization by Third Party Controller. 

If the European Data Protection Legislation applies to the processing of Customer Personal Data and the Customer is a processor, the Customer warrants to FirePush that the Customer’s instructions and actions with respect to that Customer Personal Data, including its appointment of FirePush as another processor, have been authorized by the relevant controller.

3.2 Scope of Processing.

3.2.1 Customer’s Instructions. 

By entering into this Addendum, the Customer instructs FirePush to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services; (b) as authorized by the Agreement, including this Addendum; and (c) as further documented in any other written instructions given by the Customer and acknowledged in writing by FirePush as constituting instructions for purposes of this Addendum.

3.2.2 FirePush’s Compliance with Instructions. 

FirePush will only process Customer Personal Data in accordance with the Customer’s instructions, as defined in Section 3.2.1 (including data transfers) unless European Data Protection Legislation to which FirePush is subject requires other processing of Customer Personal Data by FirePush, in which case FirePush will notify the Customer (unless law prohibits FirePush from doing so on the grounds of public interest).

4 Data Deletion

4.1 Deletion on Termination. 

When the Term expires, the Customer instructs FirePush to delete all Customer Personal Data (including copies) from FirePush’s systems in accordance with applicable law as soon as reasonably practicable but no later than 180 days from the date of request, unless applicable law states otherwise.

5 Data Security

5.1 FirePush’s Security Measures, Controls and Assistance.

5.1.1 FirePush’s Security Measures. 

FirePush will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or unlawful alteration, loss, destruction, unauthorized disclosure of or access to Customer Personal Data as described in Attachment 2 (the “Security Measures“). FirePush may update or modify the Security Measures occasionally, provided that such updates and modifications do not decrease the overall security of the Services.

5.1.2 Security Compliance by FirePush Staff. 

FirePush will only grant access to Customer Personal Data to employees, contractors and Sub Processors who need this access for the scope of their tasks, and are subject to appropriate confidentiality arrangements.

5.1.3 FirePush’s Security Assistance. 

FirePush will (taking into account the nature of the processing of Customer Personal Data and the information available to FirePush) provide the Customer with the necessary assistance to help the Customer comply with its obligations in respect of Customer Personal Data under European Data Protection Legislation, including Articles 32 to 34 (inclusive) of the GDPR, by:

(a) implementing and maintaining the Security Measures in accordance with Section 5.1.1 (FirePush’s Security Measures);

(b) complying with the terms of Section 5.2 (“Information Security Incidents”); and

(c) providing the Customer with the Security Documentation in accordance with Section 5.4.1 (“Reviews of Security Documentation”) and the Agreement, including this Addendum.

5.2 Information Security Incidents

5.2.1 Information Security Incident Notification. 

If FirePush becomes aware of an Information Security Incident, FirePush will: (a) notify the Customer of the Information Security Incident without delay after becoming aware of the Information Security Incident; and (b) take reasonable steps to identify the cause of such Information Security Incident, minimize potential harm and prevent the incident for recurring.

5.2.2 Details of Information Security Incident. 

Notifications made pursuant to this Section 5.2 (“Information Security Incidents”) will describe, to the possible extent, details of the Information Security Incident, including steps taken to mitigate potential risks and steps FirePush recommends the Customer take to address the Information Security Incident.

5.2.3 Notification. 

The Customer is solely responsible for complying with incident notification laws applicable to the Customer and fulfilling any third party notification obligations related to any Information Security Incident(s).

5.2.4 No Acknowledgement of Fault by FirePush. 

FirePush’s notification of or response to an Information Security Incident under this Section 5.2 (“Information Security Incidents”) will not be construed as an acknowledgement by FirePush of any fault or liability with respect to the Information Security Incident.

5.3 Customer’s Security Responsibilities and Assessment.

5.3.1 Customer’s Security Responsibilities. 

The Customer agrees that, without prejudice to FirePush’s obligations under Section 5.1 (“FirePush’s Security Measures, Controls and Assistance”) and Section 5.2 (“Information Security Incidents”):

(a) The Customer is solely responsible for its use of the Services, including:

(i) Making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Personal Data;

(ii) Protecting the account authentication credentials, systems and devices the Customer uses to access the Services;

(iii) Securing the Customer’s systems and devices FirePush uses to provide the Services; 

(iv) Backing up its Customer Personal Data; and

(b) FirePush has no obligation to protect Customer Personal Data that the Customer stores or transfers outside of FirePush’s and its Sub Processes’ systems (for example, offline or on-premises storage).

5.3.2 Customer’s Security Assessment.

(a) The Customer is solely responsible for reviewing the Security Documentation and evaluating whether the Services, the Security Measures and FirePush’s commitments under this Section 5 (“Data Security”) meet the Customer’s needs, including relating to any of the Customer’s security obligations under the European Data Protection Legislation.

(b) The Customer acknowledges and agrees that (taking into account the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by FirePush as set out in Section 5.1.1 (“FirePush’s Security Measures”) provide a level of security appropriate to the risk in respect of Customer Personal Data.

5.4 Reviews and Audits of Compliance

5.4.1 The Customer may audit FirePush’s compliance with its obligations under this Addendum up to once per year. In addition, to the extent required by European Data Protection Legislation, including where mandated by the Customer’s supervisory authority, the Customer or Customer’s supervisory authority may perform audits (or inspections) more frequently. FirePush will contribute to such audits by providing the Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of processing activities, where applicable to the Services.

5.4.2 If a third party conducts the audit, FirePush may object to the auditor if the auditor is, in FirePush’s reasonable opinion, not suitably qualified or independent, a competitor of FirePush, or otherwise manifestly unsuitable. Such objection by FirePush will require the Customer to appoint a different auditor or to conduct the audit itself.

5.4.3 To request an audit, the Customer must submit a detailed proposed audit plan to tom@firepush.io at least two weeks before the proposed audit date. The proposed audit plan must describe the audit’s proposed scope, duration, and start date. FirePush will review the proposed audit plan and provide the Customer with any concerns or questions (for example, any request for information that could compromise FirePush security, privacy, employment or other relevant policies). FirePush will work cooperatively with the Customer to agree on a final audit plan. Nothing in this Section 5.4 shall require FirePush to breach any duties of confidentiality.

5.4.4 If the requested audit scope is addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third-party auditor (“Audit Reports”) within twelve (12) months of Customer’s audit request and FirePush confirms there are no known material changes in the controls audited, the Customer agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.

5.4.5 The audit must be conducted during regular business hours at the applicable facility, subject to the agreed final audit plan and FirePush’s Health and Safety policy, or other relevant policies, and must not unreasonably interfere with FirePush’s business activities.

5.4.6 The Customer will promptly notify FirePush of any non-compliance discovered during the course of an audit and provide FirePush any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by European Data Protection Legislation or otherwise instructed by a supervisory authority. The Customer may use the audit reports only for the purposes of meeting the Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum. The audit reports are the parties’ Confidential Information under the terms of the Agreement.

5.4.7 Any audits are carried out at the Customer’s expense. The Customer shall reimburse FirePush for any time expended by FirePush or its Third Party Sub Processors in connection with any audits or inspections under this Section 5.4 at FirePush’s then-current professional services rates, which shall be made available to the Customer upon request. The Customer will be responsible for any fees charged by any auditor appointed by the Customer to execute any such audit.

5.4.8 The parties agree that this Section 5.4 shall satisfy FirePush’s obligations under the audit requirements of the Model Contractual Clauses applied to Data Importer under Clause 5(f) and to any Sub-processors under Clause 11 and Clause 12(2).

6 Impact Assessments and Consultations

FirePush will (taking into account the nature of the processing and the information available to FirePush) reasonably assist the Customer to comply with its obligations under European Data Protection Legislation in respect of data protection impact assessments and prior consultation, including, if applicable, the Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by:

6.1 Making available for review copies of the Audit Reports or other documentation describing relevant aspects of FirePush’s information security program and the security measures applied in connection therewith; and

6.2 Providing the information contained in the Agreement, including this Addendum.

7 Data Subject Rights

7.1 Customer’s Responsibility for Requests. 

During the Term, if FirePush receives any request from a data subject in relation to Customer Personal Data, FirePush will advise the data subject to submit their request to the Customer and the Customer will be responsible for responding to this request.

7.2 FirePush’s Data Subject Request Assistance. 

FirePush will (taking into account the nature of the processing of Customer Personal Data) provide the Customer with self-service functionality through the Services or other reasonable assistance as necessary for the Customer to fulfil its obligation under European Data Protection Legislation to respond to requests by data subjects, including, if applicable, the Customer’s obligation to respond to requests for exercising the data subject’s rights set out in in Chapter III of the GDPR. The Customer shall reimburse FirePush for any such assistance beyond providing self-service features included as part of the Services at FirePush’s then-current professional services rates, details of which shall be made available to the Customer upon request.

8 Data Transfers

8.1 Data Storage and Processing Facilities. 

FirePush may, subject to Section 8.2 (“Transfers of Data Out of the EEA”), store and process Customer Personal Data anywhere FirePush or its Subprocessors maintains facilities.

8.2 Transfers of Data Out of the EEA.

8.2.1 FirePush’s Transfer Obligations. 

If the storage and/or processing of Customer Personal Data (as set out in Section 8.1 (“Data Storage and Processing Facilities”) involves transfers of Customer Personal Data out of the EEA or Switzerland, and the European Data Protection Legislation applies to the transfers of such data (“Transferred Personal Data”), FirePush will make such transfers in accordance with a Transfer Solution, and make information available to the Customer about such Transfer Solution upon request.

8.2.2 Customer’s Transfer Obligations. 

In respect of Transferred Personal Data, the Customer agrees that if under European Data Protection Legislation FirePush reasonably requires the Customer to enter into Model Contract Clauses or use another Transfer Solution offered by FirePush, and reasonably requests that the Customer take any action (which may include execution of documents) required to give full effect to such solution, the Customer will do so.

8.3 Disclosure of Confidential Information Containing Personal Data. 

If the Customer has entered into Model Contract Clauses as described in Section 8.2 (“Transfers of Data Out of the EEA”), FirePush will, notwithstanding any term to the contrary in the Agreement, make any disclosure of Customer’s Confidential Information containing personal data, and any notifications relating to any such disclosures, in accordance with such Model Contract Clauses. For the purposes of the Model Contract Clauses, the Customer and FirePush agree that (i) the Customer will act as the data exporter on the Customer’s own behalf and on behalf of any of the Customer’s entities and (ii) FirePush or its relevant Affiliate will act on its own behalf and/or on behalf of FirePush’s Affiliates as the data importers.

9 Subprocessors

9.1 Consent to Subprocessor Engagement. 

The Customer specifically authorizes the engagement of FirePush’s Affiliates as Sub Processors, as well as the engagement of any other third parties as Sub Processors (“Third Party Sub Processors”). If the Customer has entered into Model Contract Clauses as described in Section 9.2 (“Transfers of Data Out of the EEA”), the above authorizations will constitute Customer’s prior written consent to FirePush’s subcontracting of the processing of Customer Personal Data if such consent is required under the Model Contract Clauses.

9.2 Information about Subprocessors. 

Information about Sub Processors, including their functions and locations, is available here (and may be occasionally updated by FirePush in accordance with this Addendum).

9.3 Requirements for Subprocessor Engagement. 

When engaging any Subprocessor, FirePush will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in the Agreement (including this Addendum) with respect to the protection of Customer Personal Data to the extent applicable to the nature of the Services provided by such Subprocessor. FirePush shall be liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

9.4 Opportunity to Object to Subprocessor Changes.

When any new Third Party Subprocessor is engaged during the Term, FirePush will, at least 30 days before the new Third Party Subprocessor processes any Customer Personal Data, notify the Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform).

The Customer may object to any new Third Party Subprocessor by providing written notice to FirePush within ten (10) business days of being informed of the engagement of the Third Party Subprocessor, as described above. In the event the Customer objects to a new Third Party Subprocessor, the Customer and FirePush will work together to find a mutually acceptable resolution to address the objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, the Customer may, as its sole and exclusive remedy, terminate the Agreement by providing written notice to FirePush.

10 Processing Records

10.1 FirePush’s Processing Records. 

The Customer acknowledges that FirePush is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which FirePush is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, if the GDPR applies to the processing of Customer Personal Data, the Customer will, where requested, provide such information to FirePush, and will ensure that all information provided is accurate and up-to-date.

11 Liability

11.1 Liability Cap. 

The total combined liability of either party and its Affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with the Agreement, this Addendum, and the Model Contract Clauses if entered into as described in Section 8.2 (“Transfers of Data Out of the EEA”), will be limited to limitations on liability or other liability caps agreed to by the parties in the Agreement, subject to Section 11.2 (Liability Cap Exclusions).

11.2 Liability Cap Exclusions. 

Nothing in Section 11.1 (“Liability Cap”) will affect any party’s liability to data subjects under the third party beneficiary provisions of the Model Contract Clauses to the extent limitation of such rights is prohibited by the European Data Protection Legislation.

12 Third Party Beneficiary

Notwithstanding anything to the contrary in the Agreement, where FirePush is not a party to the Agreement, FirePush will be a third party beneficiary of Section 5.4 (“Reviews and Audits of Compliance”), Section 9.1 (“Consent to Subprocessor Engagement”) and Section 11 (“Liability”) of this Addendum.

13 Analytics

The Customer acknowledges and agrees that FirePush may create and derive from processing related to the Services anonymized and/or aggregated data that does not identify the Customer or any natural person, and use, publicize or share with third parties such data to improve FirePush’s products and services and for its other legitimate business purposes.

14 Notices

Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by FirePush to the Customer may be given (a) in accordance with the notice clause of the Agreement; (b) to FirePush’s primary points of contact with the Customer; and/or (c) to any email provided by Customer for the purpose of providing it with Service-related communications or alerts. The Customer is solely responsible for ensuring that such email addresses are valid.

15 Effect of These Terms

Notwithstanding anything to the contrary in the Agreement, to the extent of any conflict or inconsistency between this Addendum and the remaining terms of the Agreement, this Addendum will govern.

Attachment 1

Subject Matter and Details of the Data Processing

Subject Matter: 

FirePush’s provision of the Services to the Customer.

Duration of the Processing: 

The Term plus the period from the expiry of the Term until deletion of all Customer Personal Data by FirePush in accordance with the Addendum.

Nature and Purpose of the Processing: 

FirePush will process Customer Personal Data for the purposes of providing the Services to the Customer in accordance with the Addendum.

Categories of Data: 

Data relating to individuals provided to FirePush in connection with the Services, by (or at the direction of) the Customer.

Attachment 2

Security Measures

As from the Addendum Effective Date, FirPush will implement and maintain the security measures set out in this Attachment 2. FirePush may occasionally update or modify such Security Measures provided that such updates and modifications do not materially decrease the overall security of the Services.

1) Organizational management and dedicated staff responsible for the development, implementation and maintenance of FirePush’s information security program.

2) Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to FirePush’s organization, monitoring and maintaining compliance with FirePush’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.

3) Data security controls which include as a minimum, but may not be limited to, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:

a) Transmitted over public networks (i.e. the Internet) or transmitted wirelessly; or

b) At rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).

4) Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access rights promptly when employment terminates or changes in job functions occur).

5) Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that FirePush’s passwords assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on FirePush’s computer systems; (iii) must be changed every ninety (90) days; must have defined complexity; (v) must have a history threshold to prevent reuse of recent passwords; and (vi) newly issued passwords must be changed after the first use.

6) System audit or event logging and related monitoring procedures to proactively record user access and system activity for regular review.

7) Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of FirePush’s facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.

8) Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from FirePush’s possession.

9) Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to FirePush’s technology and information assets.

10) Incident and problem management procedures designed to allow FirePush to investigate, respond to, mitigate and notify of events related to FirePush’s technology and information assets.

11) Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, intrusion detection systems, and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.

12) Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.

13) Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recover from foreseeable emergency situations or disasters.

Ready to drive more sales?
Get Firepush today!