Privacy Policy
ProcessPlan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how
we collect, use, and disclose information for our enterprise platform.
Information We Collect
We collect several types of information for our enterprise platform:
Company and User Data
- Account Information: Company name, administrator contact details, and authorized user
information provided during implementation.
- Content Data: Processes, workflows, checklists, and other operational data created within
the platform.
- Communication Data: Information from support tickets, implementation meetings, and other
business communications.
How We Use Your Information
- To provide, maintain, and support our platform
- To process your implementation requests
- To communicate with you about platform updates and support
- To ensure compliance with contractual agreements
Data Retention
We retain your company data only for as long as necessary to fulfill our contractual obligations and for
legitimate business purposes. Upon contract termination, we will delete or anonymize your data in accordance
with our agreement.
Terms of Service
ProcessPlan is a proprietary enterprise software platform. Access and use are governed by individual
enterprise agreements.
Enterprise Licensing
ProcessPlan is available exclusively through enterprise licensing agreements. All terms of use, including
account management, data handling, and service levels, are specified in individual client contracts.
Account Management
For our enterprise clients:
- We establish administrator accounts for your company during implementation
- Company administrators can create and manage employee accounts
- We provide technical support for account management as specified in your contract
License and Use Restrictions
Subject to your enterprise agreement, we grant your organization a license to use our platform. You agree not
to:
- Use the platform for any illegal purpose or in violation of any laws
- Attempt to gain unauthorized access to the platform infrastructure
- Reverse engineer, decompile, or disassemble any part of the platform
- Use the platform to store or transmit malicious code, viruses, or harmful content
- Interfere with or disrupt the integrity or performance of the platform
Limitation of Liability
To the maximum extent permitted by law, ProcessPlan shall not be liable for any indirect, incidental,
special, consequential, or punitive damages resulting from your use of or inability to use the platform.
Specific liability terms are detailed in individual enterprise agreements.
Security
Security is fundamental to ProcessPlan. We implement comprehensive security measures to protect your
data.
Data Encryption
- Encryption in Transit: All data transmitted between your devices and our servers is
encrypted using TLS 1.2 or higher.
- Encryption at Rest: All data stored in our systems is encrypted using AES-256 encryption.
- Database Encryption: Customer databases are encrypted at the storage level.
- Key Management: Encryption keys are managed using industry-standard key management
services.
Authentication & Access Control
Two-Factor Authentication (2FA)
ProcessPlan provides Two-Factor Authentication (2FA) as an additional security option for all user
accounts.
- 2FA Availability: Two-factor authentication is provided for all user accounts
- TOTP Support: Time-based One-Time Password (TOTP) compatible with authenticator apps
- Enhanced Security: While not required, we strongly recommend enabling 2FA for all users
- Role-Based Access Control: Granular permissions based on user roles and responsibilities.
- Session Management: Automatic session timeouts and secure session handling.
Infrastructure Security
- Secure Hosting: Our infrastructure is hosted in ISO 27001 certified data centers
in Germany.
- Network Security: Firewalls, DDoS protection, and intrusion detection systems.
- Regular Audits: Third-party security audits and penetration testing.
- Vulnerability Management: Regular security updates and patch management.
Security Best Practices for Users
We recommend the following security best practices:
- Enable 2FA: Two-factor authentication is strongly recommended for enhanced account
security
- Use Authenticator Apps: Use Google Authenticator, Authy, or similar TOTP apps
- Secure Recovery Codes: Store 2FA recovery codes in a secure location
- Regular Access Reviews: Review and update user access permissions quarterly
- Strong Passwords: Use unique, complex passwords for all accounts
- Secure Sessions: Log out of shared or public computers after use
- Immediate Reporting: Report any suspicious activity immediately to our security team
Policy Updates
We may update this legal information from time to time to reflect changes in our practices, technology, legal
requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of
this page.