The following terms and conditions are approved by any user signing up for a Flusk account.
These General Terms and Conditions of Use (hereinafter "T&C") are a contract concluded between:
FLUSK (hereinafter "FLUSK"), a simplified joint-stock company with a share capital of EUR 1,000.00, domiciled at 16 rue des Chèvrefeuilles, 14000 CAEN, registered with the CAEN Trade and Companies Register ("Registre de Commerce et des Sociétés") under number 921 538 203, NAF code 62.03Z and represented by its managers, in the persons of Wesley WASIELEWSKI and Victor NIHOUL.
FLUSK's activity is the management of IT facilities. In this context, FLUSK has developped the IT tool FLUSK VAULT, an all-in-one IT security tool for Bubble.io applications. FLUSK VAULT can be used to run security tests and generate security reports on Bubble.io applications. The applicable T&C are those in force on the date of the provision by FLUSK of the tool to the User.
However, FLUSK reserves the right to modify these T&C at any time if necessary. In that case, FLUSK will provide a copy of any new version to the User, electronically. Therefore, any modification of the T&C having been duly transmitted to the User is enforceable against him from the date of the said transmission.
Article 1. Definitions.
For the purposes of the interpretation and execution of these terms and conditions, the terms and expressions referred to below, when preceded by a capital letter, mean:
"Agency": refers to development agencies, producing and developing Bubble.io applications for commercial purposes and on their behalf;
"Application": refers to any application Bubble.io which the User may own or which an Agency has developped;
"Dashboard": refers to an interface available giving access to a set of functionnalities, among which all Flusk products including Flusk Vault, Flusk Monitor, Flusk Assist, Flusk Plugins;
"External Costumer": refers to any costumer who is not a direct FLUSK costumer (meaning they don’t have a Flusk account on their own and don’t use the Flusk Product directly but trough an intermediary) ;
"License": online document conferred upon request of the User and after payment of a price, necessary to run external security audits and access features from the Flusk Product the license was based on;
"T&C": General Terms and Conditions for the use of FLUSK VAULT, the Tool;
"Tool": refers to FLUSK’s security tool, FLUSK VAULT. The Tool is an IT security solution for Bubble.io applications. The Tool connects with the User's Bubble.io application and allows the User to generate security tests as well as security reports;
"Parties": refers to both FLUSK and the User, as parties to the present terms and conditions;
"User": refers to any professional using the Tool for the needs of his professional activity;
References to the Articles are references to the articles of these terms and conditions, unless otherwise provided.
Any reference to the singular includes the plural and vice versa.
Any reference to one genre includes the other gender.
Article 2. Object.
The purpose of these T&Cs is to define the conditions under which FLUSK makes its Tool available to the User, as well as the rights and obligations of the Parties in connection with its use.
Article 3. Scope.
These T&C are reserved for professionals only, acting as part of their professional activity.
The User declares to have read and to accept these T&C at the time of the provision of the Tool by FLUSK and before any start of use.
Section 5. Description and installment of the Tool.
The Tool works based on the scrapping of public data in order to extract all the front-end data and to pass it through an internal algorithm. The Tool will then analyze the data and look for security vulnerabilities on the pages of the Application.
More information regarding the functioning of the Tool is available at: https://help.flusk.eu/en/articles/6933917-how-does-flusk-vault-process-your-application-data-and-protect-your-privacy.
5.2.- Installment of the Tool.
The Tool can only be installed by the application owner. In order to ensure the proper installation and functionality of the Tool, the User will have to grant access to FLUSK’s internal account ([email protected]).
Any Customer wishing to use the Tool for third party (External Customer) must ask FLUSK to install the Tool before any possible use.
Article 6. User’s obligations.
The User undertakes not to use the Tool for malicious purposes or to run penetration tests on applications which are not owned by the User.
Article 7. Conduction of security audits.
7.1.- Licensing condition.
Prior to the conduction of any security audit on behalf of an external customer using the Tool, a License must be retrieved from FLUSK, irrespective of whether the audit is conducted in the User’s name or in the customer’s name.
License definition and conditions can be found in the following article: https://help.flusk.eu/en/articles/7118888-flusk-vault-pricing-and-licensing
Granted licenses do not expire until applied to an Application.
7.2.- Conduction of external security audits.
The conduction of external security audits by the User is prohibited, unless the User is the owner of a License, as described in Article 7.1.
The Tool may only be used for professional purposes, within Applications that are owned by the User or developed by the Agency on behalf of which the User produces the audit.
Under the present Terms and Conditions, it will be considered that an external security audit has been conducted where:
The User has conducted a security audit and wrote a security report on behalf of an External Costumer, irrespective of whether the Tool has been mentioned in the latter;
The User has used the Tool within an application of which he is not the owner;
The User has delivered a security audit on behalf of an Agency for an application which the Agency did not develop.
On the contrary, it will not be considered that an "external security audit" has been conducted where:
The Tool is used by the User for the purposes of its professional activity, including when the User is an Agency, as long as the Tool is used only in applications that it has developed;
The Tool is used by the User for internal activities and for the provision of services to internal development teams.
Article 8. Termination of access to the Tool.
Any violation of the above-mentioned obligations in Articles 6 and 7, may lead to the termination of both the User’s account and its organization workspace. This includes the loss of any license, active or inactive, reports and data.
In case of violation, FLUSK will inform the User of the upcoming termination of its account and workspace, that will take place immediately.
Article 9. Responsibility.
It is reminded that the Tool’s object is limited to the analysis of the security level of the applications on which it is run and production of security reports on this basis.
FLUSK can only be held responsible for facts which are directly attributable to it, and which would cause the User a direct prejudice, excluding any indirect prejudice.
In any case, FLUSK cannot be held responsible for security incidents which may occur on the User’s application.
Article 10. Data protection and confidentiality
10.1.- Data protection.
Certain information is mandatory and necessary for the processing of the User's approach.
The personal information communicated is recorded in a computerized file by FLUSK.
In connection with the use of the Tool, FLUSK VAULT collects information relating to:
To the User (surname, first name, email address, postal address, telephone number, profile picture, information relating to the persona).
To the activity of the User (name, official name, registration address, registration number, size of the company, members).
Applications on which the Tool is installed. In particular, information will be collected on:
Application structure (public dynamic.js file)
Application structure (private dynamic.js file)
Application structure (private editor.js file)
Options sets structure
Workflows and pages structure and content
API tokens (names)
API connector content (except call parameters values)
Application name, domain, and Bubble application ID
Performances and monitoring data
Applications on which the Tool is installed for security reporting. This is information about:
API connector call parameter values
API token (value)
This data is used for legal and accounting purposes (including invoicing), functional purposes, including the production of security reports, and personalization.
The data mentioned above are kept until they are deleted by the User from the Dashboard.
The above data can be deleted upon request at any time from your Dashboard, in the “Setting” tab under the “Application” menu.
With respect to data relating to Applications on which the Tool is installed for security reporting, the data listed in (iv.) will not be retained by FLUSK. However, they will be processed by FLUSK's servers and algorithms for reporting purposes.
In accordance with the law "Informatique et Libertés" of 6 January 1978 as amended by Regulation No. 2016/ 679/EU of 27 April 2016 (applicable from 25 May 2018), the User has a right of access, rectification, portability and deletion of data or limitation of processing. The User also has the possibility to oppose the processing of his data, for legitimate reasons.
These rights can be exercised by contacting the following address: [email protected]
10.2.- Security and confidentiality.
FLUSK ensures that no member or employee at FLUSK has access to the User’s application and accounts.
The User account linked to [email protected] has a password matching strong password requirements, only known by a single person, with 2FA enabled on a single device.
Access to the User’s application is subject to the User’s authorization. FLUSK’s access to the User’s application for support or assistance purposes is subject to explicit permission from the User, that will be granted through the Dashboard. Once the User’s consent is given, FLUSK will have access to the User’s application until it revokes access.
However, in case of suspicious activity in the Tool’s use (conduction of external security audits without special authorization, using FLUSK VAULT on an app that the User do not own...), FLUSK will be authorized to check the User’s installation and to access to its application.
Article 11. Intellectual Property Rights.
The Tool, as well as all trademarks that may be attached to it and more generally all other trademarks, illustrations, images and logos appearing on the Goods, their accessories and packaging, whether registered or not, are and will remain the exclusive property of FLUSK.
Any total or partial reproduction, modification or use of these trademarks, illustrations, images and logos, for any reason and on any medium whatsoever, without the express prior consent of FLUSK, is strictly prohibited. The same applies to any combination or conjunction with any other trademark, symbol, logotype and more generally any distinctive sign intended to form a composite logo. The same applies to all copyrights, designs, models and patents owned by FLUSK.
Article 12. Partial nullity.
If one or more stipulations hereof are held to be invalid or declared as such pursuant to a law, a regulation or a final decision of a competent court, the other stipulations will retain all their force.
Article 13. Applicable Law and Competent Courts.
These T&C and the operations resulting from them are governed by French law. They are written in English. If they are translated into one or more languages, only the English text shall prevail in the event of a dispute.
Any dispute relating to the interpretation and/or execution of these T&C must be the subject of an attempt at amicable settlement. Any complaint must therefore be addressed to the address [email protected]. In case of failure of amicable settlement, any dispute will fall under the jurisdiction of the French courts.