At Flute, we respect your privacy. Please read this Privacy Policy carefully to learn how we collect, use, share, and otherwise process the personal information we receive when conducting our business (“Personal Information”), and to learn about your rights and choices regarding your Personal Information.

This Privacy Policy applies to Flute Commerce LLC (“Flute,” “we,” “our,” “us”) and explains how we collect, use, and share the Personal Information that we gather on the subdomains and websites on flute.com and risewithaurora.com (our “Sites”) and through our technology and services to facilitate purchases, accept payments, send payouts, and help individuals manage their businesses (our “Services”).

A reference to “Flute,” “we,” “us,” or “our” is a reference to Flute Commerce LLC and its relevant affiliates involved in the collection, use, sharing, or other processing of Personal Information.

Please click the following links to learn more about our Privacy Policy:

1. Whose Personal Information We Collect
2. Information We Collect
3. How We Use Your Information
4. How We Share Your Information
5. International Transfers of Data
6. Children’s Privacy
7. Change of Control
8. Data Security and Retention
9. Policy Updates
10. Contact Information

1. Whose Personal Information We Collect

We obtain Personal Information from various entities. These entities are defined below by what they are referred to in this Privacy Policy and when information is collected. Entities may overlap and are not exclusive categories.

• Website Visitors and/or Prospective Business Customers: When you visit our Sites or contact us for information before becoming a Business Customer.
• Business Customer(s): When a representative from your business contacts us or engages in a demonstration or paid version of our Services.
• End Users: When we collect and process information from individuals on behalf of a Business Customer.

This Privacy Policy does not apply to the extent we act as a processor or service provider to process the Personal Information of End Users on behalf of Business Customers to provide our Services. In those instances, we process the Personal Information of End Users pursuant to a written agreement with the relevant Business Customer, and if End Users have questions or concerns about how their Personal Information is being handled by Business Customers, End Users should contact the relevant Business Customer. We are not responsible for the privacy or data security practices of our Business Customers.

Third Party Links and Websites. Our Services and Sites may contain links to and from the websites or services of third parties. If you follow a link to any of these third-party websites or services, please note that these third-party websites or services have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any data to these websites.

2. Information We Collect

Our collection of Personal Information differs based on whether you are a Business Customer, Website Visitor, or Prospective Business Customer. For example, if you are a Business Customer, we may collect certain Personal Information to onboard your business for our Services. Similarly, if you are a Website Visitor or Prospective Business Customer, we will collect certain Personal Information depending on how you interact with our Sites or contact us directly for information about our Services.

2.1 Website Visitors and Prospective Business Customers

Information You Give Us. You may give us information by providing information through online forms on our Sites or contacting us for information about our Services.

Information We Automatically Collect. Like many website operators, we collect information that your browser or device sends whenever you visit our Sites. This can include log data, such as your computer’s IP address, browser type, browser version, the parts of our Sites that you visit or use, the time and date, the time spent on the Sites, and other statistics. This information may be collected via several technologies, including cookies, web beacons, clear GIFs, canvas fingerprinting and other means.

Information We Collect From Third Parties. If you access our Sites through third parties (e.g., Facebook or Google), or if you share content from our Sites to a third-party service, the third-party service may send us certain information about you if the third-party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third-party service.

2.2 Business Customers

Information You Give Us. When you register for a Services account, we will collect Personal Information to facilitate the creation and management of that account. This includes contact information, such as name, address, telephone number, email address, and other Personal Information to enable us to contact you.

Information We Automatically Collect. Like many online service providers, we collect information that your browser or device sends when you access or otherwise use our Services. This can include log data, such as IP address, browser type, browser version, and statistics regarding the use of our Services.

Transaction Data. In providing our Services to Business Customers, we will collect certain transaction data to facilitate our Services. This may include an End User’s name, email address, contact number, billing and shipping address, payment method information (like credit or debit card number, bank or payment method account details, etc.), the relevant Business Customer, amount and date of purchase, information about payment status, and in some instances, information about what was purchased, order fulfillment status, subscription status, applicable tax amounts, refund or chargeback information, and support interactions (collectively, “Transaction Data”).

Business Customers are responsible for ensuring that the privacy rights of their End Users are respected, including obtaining appropriate consents and making disclosures about the Personal Information collection and use associated with our Services on behalf of the Business Customer. If you are an End User, please refer to the privacy policy of the relevant Business Customer you are doing business with for its privacy practices, choices, and controls.

3. How We Use Your Information

Our use of Personal Information differs based on whether you are a Business Customer, a Website Visitor, or a Prospective Business Customer. For example, if you are a Business Customer, we may use certain Personal Information to verify End User information and fulfill transactions on your behalf. At the same time, if you are a Website Visitor or Prospective Business Customer, we may use certain Personal Information to provide you with advertising and marketing regarding our Services.

3.1 Website Visitors or Prospective Business Customers

We use your Personal Information for the following purposes:

• To provide you with our Sites, which includes providing you with customer service and advertising or marketing services.
• To provide analytic services, such as analyzing customer usage and improving services offered.
• To conduct market research and project planning.
• To detect security incidents, protect against fraudulent or other criminal activity, debug and repair errors, and maintain the overall quality and safety of our Sites.
• To share your Website Visitor activity, through website cookies, with third-party marketing partners to market our Services on our Sites and other websites that you may visit.
• To fulfill our legal and financial obligations.
• To provide you with employment opportunities.

Marketing. We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact Information” section below. You will still continue to receive service-related messages concerning products and services you have purchased, unless we have indicated otherwise.

3.2 Business Customers

We use your Personal Information for the following purposes:

• To provide you with the Services, which includes maintaining and servicing accounts, providing customer service, processing and fulfilling orders and transactions, verifying End User information, and processing payments.
• To provide analytic services, such as analyzing customer usage and improving our Services.
• To conduct market research and project planning.
• To detect security incidents, protect against fraudulent or other criminal activity, debug and repair errors, and maintain the overall quality and safety of our Services.
• To fulfill our legal and financial obligations.

Marketing. We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact Information” section below. You will still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).

Transaction Data. We may use Personal Information, including the Personal Information of End Users, to detect fraud and prevent financial losses for Business Customers, End Users, and ourselves.  In addition, please see Section 4.2 below for how Jaris uses Personal Information that we share with Jaris in order for you to utilize Jaris-powered features.

4. How We Share Your Information 

Our disclosures of Personal Information differ based on whether you are a Business Customer, a Website Visitor, or a Prospective Business Customer. For example, if you are a Business Customer, we will disclose certain Personal Information to our subcontractors to provide our Services. Alternatively, if you are a Website Visitor or Prospective Business Customer, we may use cookies to disclose certain Personal Information to analyze the use of our Sites.

4.1 Website Visitors or Prospective Business Customers

Affiliates, Subcontractors, and Service Providers. We share Personal Information with our third-party service providers, affiliates, and any subcontractors as required to offer you our Sites. These entities help us accomplish the following activities:

• Run, operate, and maintain our Sites through third-party platforms and software tools.
• Perform crash analytics.
• Run email campaigns.
• Perform marketing analytics.
• Provide measurement and analytics services.
• Provide technical and customer support.

How we respond to ‘Do Not Track’ Signals. For individuals visiting our Sites, some browsers may provide you with a way to signal that you do not want your browsing activity to be tracked. However, our Sites may not currently respond to all Do Not Track (“DNT”) or similar signals, as we are awaiting consensus from the Internet policy and legal community on the meaning of DNT and the best way to respond to these signals.

Cookies. To make our Sites work properly, we sometimes place small data files called cookies on your device. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, shopping cart, or other preferences) over a given period, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.

Google Analytics. We may use Google Analytics. We use the information we get from Google Analytics only to improve the Sites. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Please refer to Google’s Privacy Policy for more information. You may also choose to download the Google Analytics opt-out browser add-on.

You may wish to restrict the use of cookies. Please be aware that some of the features of our Sites may not function correctly if you disable cookies. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful:

• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Microsoft Edge
• Cookie settings in Safari web and iOS

Personalized Advertising. We may also use targeted advertising cookies, such as Google Ads, to deliver tailored advertising on our Sites and other websites that you may visit. You can learn more about how to control advertising cookies by visiting the Network Advertising Initiative’s Consumer Opt-Out link, the DAA’s Consumer Opt-Out link for browsers, or the DAA’s opt-out link for mobile devices. Please note that electing to opt-out will not stop advertising from appearing in your browser or applications and may make the ads you see less relevant to your interests.

Third Party Direct Marketing. California Civil Code Section 1798.83 may permit you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes.

Aggregated or De-identified Data. We may also aggregate or otherwise strip Personal Information of all personally identifying characteristics and may share that aggregated or de-identified data with third parties or publish it. We reserve the right to make use of any such aggregated data as we see fit.

Disclosures Required by Law. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your Personal Information to comply with any legal obligation, to enforce or apply our terms and conditions and other agreements, to protect our rights, property, or safety, or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

4.2 Business Customers

Affiliates, Subcontractors, and Service Providers. We share Personal Information with our third-party service providers, affiliates, and any subcontractors as required to offer you our Services. These entities help us to:

• Run, operate, and maintain our Services through third-party platforms and software tools
• Perform crash analytics
• Perform marketing analytics
• Provide payment attribution
• Provide measurement and analytics services
• Provide technical and customer support

Jaris-powered Features. If you use Jaris-powered features as part of our Services, we will share Personal Information with Jaris to deliver those features. Jaris provides technology and program management services that power certain Flute features, including financing, instant payout, settlement management, and risk monitoring. Jaris may process business information, relevant Transaction Data, settlement flows, and linked bank account information to provide these features. 

When you use Jaris-powered features, you will be asked to review and accept Jaris’s privacy policy, available at https://jaris.io/legal/privacy. 

Jaris may retain information in accordance with its own retention policies, including extended retention required by banking regulations.  For bank partner products, Jaris processes information on behalf of First Internet Bank of Indiana as described in First Internet Bank of Indiana’s privacy notice.

Aggregated or De-identified Data. We may also aggregate or otherwise strip Personal Information of all personally identifying characteristics and may share that aggregated or de-identified data with third parties or publish it. We reserve the right to make use of any such aggregated data as we see fit.

Disclosures Required by Law. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your Personal Information to comply with a legal obligation; to enforce or apply our terms and conditions and other agreements; to protect our rights, property, or safety; or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

5. International Transfers of Data 

Any data that you provide to us may be accessed, shared, or processed by our offices located in the United States and service providers located in the United States if such data transfer is necessary for the specific purpose for which you submitted your data (such as the provision of goods or services under a written contract). This may entail the transfer of your Personal Information across international borders, where the data protection standards may differ and may be lower than the standards enforced in your jurisdiction.

6. Children’s Privacy

The Services and Sites are not directed at individuals under the age of 16. We do not knowingly collect Personal Information from children under 16. If you become aware that an individual under the age of 16 has provided us with Personal Information, please contact us using the contact details provided at the end of this Privacy Policy.

7. Change of Control

Personal Information may be transferred to a third party because of a sale, acquisition, merger, reorganization, or other change in control. If we sell, merge, or transfer any part of the business, part of the sale may include your Personal Information.

8. Data Security and Retention

We implement a variety of security measures to maintain the safety of your Personal Information when you enter, submit, or access your Personal Information. However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be appropriate technical and organizational measures to protect the confidentiality, security, and integrity of Personal Information obtained through the Services and Sites, we cannot ensure or warrant the security of any information you transmit to us.

In addition, we encourage Business Customers to assist us in protecting Personal Information. Business Customers should create accounts using strong passwords, safeguard their passwords or API keys against unauthorized use, and avoid using login credentials they use for other services or accounts as the login credentials for the Services.

We retain information from or about you for so long as necessary to fulfill the purposes outlined in this Privacy Policy and the applicable agreement with the Business Customer. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law, and the statute of limitations.

For information about how Jaris retains Personal Information, please see Section 4.2 above.

9. Policy Updates

This Privacy Policy may be periodically updated. We encourage you to periodically review this Privacy Policy to ensure you are familiar with the most current version. Please review carefully before submitting Personal Information to our Sites and Services. The date the Privacy Policy was last updated is indicated at the top of this page.

10. Contact Information

If you have any questions about or complaints in relation to this Privacy Policy, please contact us at privacy@flute.com.

For information controlled by Jaris or a bank partner, privacy requests should be directed to those entities in accordance with their privacy policies.