Privacy and Security:
Last Updated: February 5, 2020
What Information Do We Collect?
Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.
In general, you can browse the Site without telling us who you are or revealing personal information about yourself. Once you become a User, we require you to provide various contact and identity information, billing information, and other personal information as indicated on the relevant forms on the Site (which vary, depending on what kind of User you are). Where possible, on these forms we indicate which fields are required and which fields are optional.
In addition, as you use the Site, you can from time to time enter or send to us personal information. For example, if you are a Subscriber, you can enter your own timesheet and other billing information, and if you are a Customer you can enter information about payment of any invoice submitted by a Subscriber. As you use the Site you can also from time to time enter personal information about third parties. For example, if you are a Subscriber, you can enter personal information about your Customers or your staff.
You always have the option to not provide information by choosing not to become a User or by not using the particular feature of the Site for which the information is being collected.
If you are a Subscriber, we collect your credit card information for billing purposes. And if you are a Customer who wishes to pay amounts to a Subscriber on a recurring basis, we collect and store your credit card information for payment purposes.
Some of our pages utilize framing techniques to serve content to from our partners while preserving the look and feel of our site. Please be aware that you are providing your personal information to these third parties and not to www.freshbooks.com.
We also automatically track certain information about you based upon your behavior on our Site and store it through log files. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand, protect and serve you and our community. This information may include the URL that you just came from, which URL you next go, your computer browser information, and your IP address. We may provide Customers’ IP addresses to payment intermediaries in the course of the payment process.
We also make use of third party companies to extract contact information (ie. phone numbers), which we will use to contact you in relation to marketing purposes and/or to enhance existing services and programs. Technologies such as: cookies and similar technologies are used by FreshBooks and our partners (e.g., advertising, marketing and analytics), affiliates, or other service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may set your preferences by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
We, or our designated third party service provider, may from time to time contact you by telephone. Such calls may as indicated by us, and with your consent, be monitored, recorded, stored and used for the purposes specified in such calls.
How We Use Your Information
We may also use personal information about you to improve our marketing and promotional efforts, to analyze Site usage, to improve our content and product offerings, and to customize the Site’s content, layout, and services. These processes include automated decision-making and profiling information. The intention of the usage is to improve the Site and the FreshBooks application and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using the Site.
Sharing of Your Information
- Subscribers and Customers Information: In the normal operation of the Site Subscriber timesheets (including information entered by “staff” members) and invoices are disclosed to the applicable Customers, and Customer information is disclosed to the applicable Subscriber. In general, information you enter on the Site is available to the other persons – whether they are Customers, Subscribers, staff members or others – to whom you give access to your account or to whom you give access to the information through the normal operation of the Site.
- Payment Information: We use credit card and other personally identifiable information (such as PayPal email addresses) you submit to us on the Site, and other information that we collect, as required, to process payments you make through the Site through our payment processor intermediaries. We do not store credit card or other payment method information unless the Subscriber or their Customers choose to enter credit card information for use in the FreshBooks recurring profiles module; in all other cases our payment processors have the sole and complete responsibility for the storage of credit card and payment information. We may also share personally identifiable information with our payment processor intermediaries for risk management and fraud prevention.
- Aggregated Data: We will create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by FreshBooks from other sources in aggregated, anonymous form and does not identify any individual (such data is referred to as “Aggregate Information”). Subject to applicable laws and regulations, we use Aggregate Information to understand our customers and to develop, improve and/or market our Services. We may provide Aggregate Information to third parties.
- Subsidiaries, Affiliates, and Service Providers: We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of the Site, and may disclose personal information to them in the course of our use of their services. For example, we may use the services of third party hosting companies to host the operation of the Site. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We take care to use only service providers that we believe are reputable, have equivalent or better security safeguards in place than us, and able to live up to our and your expectations, including about the handling of confidential information. These companies are authorized to use your personal information only as necessary to provide these services to us.
- Legal Requests and Business Transitions, Emergencies: In certain situations, FreshBooks may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. FreshBooks may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (c) as otherwise required or permitted under any applicable law, rule, or regulation, and (d) in good faith, to protect or defend the rights or property of FreshBooks and other users and (e) if FreshBooks is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
For further details on the specific third party usage of our data, including a list of the partner organizations with whom Aggregate Information may be shared, please reach out to our team at email@example.com.
Your Use of Other Persons’ Information
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. FreshBooks stores this information for the sole purpose of sending this one-time email, tracking the success of our referral program, and compliance with laws. Your friend may contact us at firstname.lastname@example.org to request that we remove this information from our database.
Other Information Collectors
Your use of automated bank account feeds enabled by the Yodlee, Inc. (“Yodlee”) data gathering service (the “Yodlee Service”) from within FreshBooks is subject to the Yodlee terms, which are available here, and by using the Yodlee Service from within FreshBooks you consent to our and Yodlee’s use, collection and disclosure of your information as described in those Yodlee terms.
Consent for Withdrawal
We provide you a way for you to withdraw your information being processed for individuals within the European Economic Area (EEA) and the State of California.
Contact us at email@example.com to initiate the steps required. We will verify your information prior to processing and proceed with the steps necessary within the applicable laws and regulations.
If you are not a resident of the EEA or the State of California but wish to no longer be subscribed to emails or direct mail campaigns, please reach out to our support team at firstname.lastname@example.org
Correcting, Updating, and Transferring Your Personal Information
Upon written request FreshBooks will provide you with information about what personal information we have about you. To review, delete, and update your personal information to ensure it is accurate, you may login into your account to make the changes, or you may contact us at email@example.com. We will respond to your request within a reasonable timeframe. We may ask you for further information from you to help us respond to your request, including asking for government-issued identification.
If you are a EEA resident requesting the porting or an export of your information, you may reach out to us at firstname.lastname@example.org and we will proceed with the steps necessary.
FreshBooks is a complex business network that connects millions of users. FreshBooks manages a business eco system that brings together contractors, companies and customers. This network relies on the exchange and sharing of information that is important to others in your network. Tracked hours, sent invoices, paid invoices, contractor invoices are all vital to other people that work with you. These are the official history of work done and moneys paid. The complexity and connected nature of the system requires that this history exists in perpetuity to accommodate proper function and accounting for the other systems that you have connected to via contracting hours, invoices, estimates. FreshBooks will reasonably assure that information will be deleted in a compliant manner.
When a customer chooses to close an account we will remove your information from our marketing and billing systems. This will ensure that there are not further mailings or billings directed towards the canceled user.
As we continue to refine FreshBooks we will establish a method for the complete removal of all user information from the system without breaking accepted accounting principles for other connected FreshBooks accounts. This document will evolve as these new methods are defined and tested for permanent account deletion. Users wishing to be notified when this development is complete can indicate their wishes via email@example.com or 1.866.303.6061.
We will retain your information for as long as your account is active or as needed to provide you services.
Our goal is to retain your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; this retention period may extend past the point at which you close your account.
The criteria that will be for determining periods of retention will be based on the type of data. For example, data relevant to accounting information will be retained for at least 7 years, whereas temporary cookie data of a web visitor may not be retained at all.
International Transfer of Personal Information
We do not share your personal information with third parties, unless it is necessary to carry out your request, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your personal information to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law.
We store personal information about Website Visitors and Subscribers within the Canada, United States and in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which FreshBooks has operations. Therefore, your personal information may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.
In this event, we will ensure that the recipient of your personal information offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
We have implemented safeguards to ensure an adequate level of data protection where your personal information is transferred to countries outside the EEA. For further details on the transfer of your personal information, including a list of the organizations with whom said information may be shared, please reach out to our team at firstname.lastname@example.org.
For more details on how we protect your data, please see our https://www.freshbooks.com/policies/security-safeguards page.
Supplemental Policy Information
Invitations: You have the opportunity to invite others to work with you through your FreshBooks account. To do that, FreshBooks asks you to import or to manually enter your contacts’ email addresses. As you direct, we then send them an invitation on your behalf or other notices reflecting changes you make to their status in your account.
With your consent we may post your testimonial along with your name. If you want your testimonial removed please contact us at email@example.com.
Residents of Canada
Personal information (as the term is defined in the Personal Information Protection and Electronic Documents Act of Canada (“PIPEDA”)) will be collected, stored, used and/or processed by the FreshBooks in compliance with the FreshBooks’s obligations under PIPEDA.
The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.
When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.
European Economic Area (EEA) Visitors
If you are a visitor from the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (e.g. to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal information. If we process personal information in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” section below.
Notification of Privacy Statement Changes
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Complaint Process with Supervisory Authority
If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Dutch Data Protection Authority (“Dutch DPA”) by contacting the Dutch DPA using the methods listed on their website at https://www.autoriteitpersoonsgegevens.nl/. Alternatively, you may request that we pass on the details of your complaint to the Dutch DPA directly.
It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please email our data protection representatives at:
FreshBooks Privacy Team
1655 Dupont St. Suite 250
M6P 3T1 Canada
FreshBooks Data Protection Officer (DPO)
Attn: Levi Cooperman
1655 Dupont St. Suite 250
M6P 3T1 Canada
FreshBooks EU Representative
Attn: Stefano Grossi
1017 BT Second Floor