1.1 General provisions
We offer online Services allowing You to manage Your contacts (“Contacts”) and to allow third parties (the “Third Party(ies)”) to seamlessly map out and activate their network.
You may (i) import any data, information and content that Users may download termor import or store from the Services, including Your Contacts and related information and any third-party personal data relating to a physical person who is or could be identified (the “Personal Data”), from Your email box to the Services (Your “Content”); (ii) administrate Your Content and create private or shared groups with Third Parties and organizations (the “Organizations”) from the Services; (iii) submit, post, modify Content organized into separated sections (the “Workspaces”) and (iv) invite Third Parties to subscribe to the Services and participate to groups or organizations and, depending their rights, create new groups, add Content, and access to specific area.
1.2 Your subscription to the Services
In order to access and use the Services, You must create an Account using (but not limited to) Gmail, Outlook or iCloud. You must be legally able to enter into a contract and must comply with all applicable law.
By setting up an Account, You agree to and must provide a valid email address and any other information required to complete Your Account creation process. You agree to provide Your real name and address, and any other information required to complete the subscription process.
Your Account is personal. You are not allowed to share the use of the Services between several persons via Your Account. You acknowledge that You are responsible for the security of Your Account. You shall be held responsible for any activity occurring with Your Account, may it be of Your own, or any other person having access to Your Account.
We recommend that You change Your passwords regularly and choose complex passwords that include specific letters, numbers and characters.
You may at any time decide to delete Your Account. You understand that deleting Your Account implies the immediate deletion of any related Content after the receipt of Your request, except in certain circumstances when it may not be completely removed (when Your Content is shared with someone else, for example). We are not responsible or liable for the removal or deletion of any of Your Content, or the failure to remove or delete such Content. You may not be able to recover Your deleted Content.
1.3 Your use of the Services
All costs necessary for Your equipment and connection to the internet and Your access to and use of the Services are Your sole responsibility. You understand that You are using the Services at Your own risk, and that You must check the safety and the security of Your hardware and materials.
To improve the Services, We may recommend specific configurations. Should You choose not to follow them, You assume the responsibility for any and all consequences of Your choice.
You are not allowed to use the Services for any unauthorized use, or any illegal activity. Please not that any excessive use of our emailing functionality ("Messages") generating an unreasonable volume of bounced emails may result in the immediate suspension of account.
We undertake not to use Your Content for any purpose other than providing the Services.
2. Your content
When using the Services, You provide Us with Your Content. You are fully and solely responsible for Your Content downloaded, stored, or posted through the Services including its legality, reliability, and appropriateness. You retain ownership of Your Content. You are informed that the use of the Services does not exempt You from making back-up copies.
You grant Us a non-exclusive right to use and store Your Content in order to operate and feed the Services through Your Account. We will not process Your Content for other purposes and will be taking measures to prevent unauthorized access, use, modification, deletion, and disclosure of Your Content by Our staff.
None of Our employees shall have access to Your Content unless necessary for providing the Services. At Your request and after obtaining Your formal consent, Our employees may remotely connect to Your Account in order to assist You.
With respect to the Content, You undertake to comply with all legal and regulatory requirements, in particular those relating to Personal Data, including filing any declaration required by the local data protection authority.
You undertake to respect the rights of Third Parties, including privacy protection, personality rights, intellectual or industrial property rights such as copyrights, patent rights, designs, and trademarks.
You may delete Your Content but if Your Content is shared with Third Parties, such Content may not be completely deleted.
3. Intellectual property
3.1 Our services
All intellectual property rights related to the Services, including but not limited to the Website, the documentation, trademarks, texts, graphics and images, belong without any limitation to Us.
You are therefore not entitled to use any attribution or elements of the Services belonging to Us, such as the documentation, all trademarks, texts, or graphics, etc. for any other purposes than the use of the Services.
You hereby acknowledge that We are the sole owner of the Services’ intellectual property rights, Our technology, and Our names. You shall not at any time dispute such ownership or the validity of Our intellectual property or any of the attached rights.
You are not permitted to use any device, software, or routine that could interfere with, or disrupt, the Services, sublicense, resell, copy, modify, or host the Services, attempt to reverse engineer, decipher, decompile, or disassemble any of Our technologies, frame or utilize framing techniques on Our technologies and use the Services for any application that replicates or attempts to replicate them or any part thereof.
3.2 Your content
You retain full ownership and intellectual property of Your Content, including Personal Data of Your Contacts (to the extent permitted by applicable law), of Your Organizations and Your Workspaces.
You grant Us a non-exclusive, limited-term license to access, use, process, copy, distribute, perform, export, and display Personal Data, only as reasonably necessary (i) to provide and maintain the Services; (ii) to prevent or address Services, security, support or technical issues; (iii) as required by law; and (iv) as expressly permitted in writing by You.
Unless otherwise specified, We may use Your name, logo and marks to identify You as Our client on Our Website and other marketing materials.
With respect to the Content, You undertake to comply with all legal and regulatory requirements, in particular those relating to Personal Data. If You are established in the European Union or if You process Personal Data of Third Parties established in the European Union or governed by European Union law, You must accept Our data protection addendum.
This notification process is consistent with the process suggested by the Digital Millennium Copyright Act (“DMCA”) (the text of which can be found at the U.S. Copyright Office Web Site, www.copyright.gov).
If You are a copyright owner (or the authorized representative of said owner) You can report a suspected infringement to Us. You may submit a notification pursuant to the DMCA. Your notice shall contain the following: (i) Your name, mailing address, telephone number and email address; (ii) sufficient detail regarding the copyrighted work; (iii) the URL or other specific location on Our Website that contains the allegedly infringing material; (iv) a statement by You that You have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law; (v) a statement by You that the information contained in Your notice is accurate and that You attest under the penalty of perjury that You are the copyright owner or that You are authorized to act on the copyright owner's behalf; (vi) an electronic or physical signature of the owner of the copyright or a person authorized to act on the owner's behalf.
Your notice can be sent to Our copyright agent at: email@example.com.
After We receive a proper written notice, We will expeditiously remove or disable the allegedly infringing Content and notify the concerned User and, if requested, provide the report to the concerned User.
If You are not the copyright owner, You cannot report a suspected infringement to Us. If You believe that any Content infringes a Third-Party’s copyright, You should advise the copyright owner directly.
Organizations are authorized to add and remove Users to use their unique Organization Workspaces.
After being added, You have the ability to share given Contacts and groups with this Organization.
In the Services, You can work across multiple Organizations at once, meaning Your single account can access Your own Workspace(s) and different Organization Workspace(s). Your private Workspace and Your Organization Workspace are completely separate.
Organization subscriptions are charged on a per-member and per Organization basis. That means if the same member is accessing two different Workspaces, then two different subscription fees will be charged for that User accessing both Organizations.
Certain sections of an Organization Workspace will be designated as accessible by all members of the Organization. Any Contact shared with this Organization, and associated Content, will be accessible by all members of the Organization. If a member of an Organization Workspace terminates the Services Account or ceases to be a member of the Organization, their Contacts shared and associated Content posted to those accessible sections will not be removed and will remain accessible by other member of Organization.
5.1 Availability of the Services
We provide the Services without warranty, whether implied or express. You understand that the Services are provided on an "as is" and "as available" basis.
The Services are available worldwide. We may, at Our sole discretion, restrict access to the Services, or portions of them in some countries. You understand that You are solely responsible of ensuring that You may access the Services from Your geographic area. We may not be held responsible for any internet connection outage resulting in the Services’ disruption, Content loss or degradation.
The Services are only available in English. We may, at Our sole discretion, communicate or produce content in other languages with no further obligation to provide them in additional languages.
Our assistance is provided only for the use of the Services. The information provided by Us does not constitute advice, whether commercial, financial, legal or otherwise.
We reserve the right to temporarily interrupt access to the Services to carry out technical maintenance or improvements to the Services. No temporary interruption of the Services shall give rise to any payment of compensation to You.
You understand and agree that We do not warrant that the Services shall meet Your specific needs, requirements, and expectations, that the Services shall provide access to error-free and perfectly accurate data, the transmission of data from Our servers or local machine shall ensure a complete delivery and any issue or flaw detected in the Services shall be corrected.
We shall not be liable for any damages arising out of the use of the Services.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. WE DO NOT WARRANT THAT THE USE OF THE SERVICES SHALL BE UNINTERRUPTED OR ERROR-FREE.
We may only be held liable for the damage it has directly and exclusively caused and in no event for any consequential, punitive, special or exemplary damages, and without any joint or several liability. In any and all cases, Our liability is expressly limited to the amount You paid for using the Services during the last twelve (12) months.
5.2 Third-Party technology
The Services may contain links or integrations with third-party content, products, and services, as a convenience. We do not endorse and shall not be held responsible for any content, products, and services provided by Third Parties, nor the operational or functional capacity of the integration with the Services. Your use of third-party content, products and services, including payments and any terms and conditions are solely binding You and said Third Party.
5.3 Protection and storage of Content
We shall maintain reasonable physical, and technical safeguards to ensure the security, confidentiality, and integrity of Your Content.
5.4 Your liability
You are responsible for Your access to and use of the Services and agree that We have no control over Your Content.
You warrant that You are fully and solely responsible for Your Content and that You have all rights, or have obtained all necessary authorizations to use and process such Content.
You are responsible for any publication of Content on Your Account. You shall not provide Content that may be found to be illegal, indecent, or otherwise damaging in any way or form, including, without limitation, Content that infringes the rights of Third Parties.
You shall be responsible for the Content stored by any Third Party or any other User to whom You have given access to the Services.
You are responsible for complying with the legal and regulatory obligations regarding the processing of Personal Data. You undertake to comply at all times with all applicable laws and regulations and to respond to any request from Us for information to verify the conformity of the processing and the security of the Personal Data that Users handle directly or indirectly.
You warrant and represent that You shall indemnify, defend, and hold harmless (including reasonable attorneys' fees) Us, Our affiliated companies, Our principals, agents, administrators, officers, directors, and employees from and against any claim by any Third Party arising out of or connected with the use of the Services, and more generally, the violation of applicable law. This defense and indemnification obligation will survive these Terms and your use of the Sites.
You act as an independent entity and, therefore, are responsible for all risks of Your business. You are solely responsible for the subscription, information on Your Content, and files sent, distributed, or collected, as well as for their operation and updating.
To use and improve the Services, We may recommend technical requirements or certain configurations. You are responsible for following these technical requirements or recommendations. You are solely responsible for the use and implementation of means to ensure the security, protection and backup of Your equipment, Your Content and the Services. As such, You undertake to take all appropriate measures to protect Your Content. You undertake not to commit any act which could jeopardize the security of the Services.
You may cancel Your Account at any time. The termination will be effective after the end of the subscription term.
Upon termination of the subscription, regardless of the reason, You shall not be able to access the Services and Your Account shall be deleted, along with Your Content.
We shall remove Your Content from Our servers immediately after the end of Your subscription, except for any Content required by law or regulation to be stored for a longer period.
Applicable fees for the use of the Services are displayed in euros (with taxes, if applicable)
You may consult Our pricing for the Services’ subscription.
You agree that at the end of each month or year, depending on the Paid Plan, Your Services’ subscription will automatically renew and Your payment method for such subscription will automatically be charged at the start of each new subscription period for the fees and taxes applicable to that Paid Plan, under the same conditions as the prior Paid Plan unless You cancel it or We cancel it. Invoices are sent to You by email.
If You fail to pay the fees due under the applicable Paid Plan, the Services subscription will be canceled and We will suspend Your Account.
We may, at Our sole discretion, offer to Users a free trial of all or part of the Services for a limited period of time ("Free Trial"). If You subscribe to a Free Trial, You may cancel Your subscription at any time until the last day of Your Free Trial.
folk is committed to ensuring the security of the clients by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities. We encourage you to contact us to report potential vulnerabilities in our systems.
Severability, Waiver, Disability
Applicable law and jurisdiction
This is the entire agreement between us relating to your use of the Services and supersedes any prior understandings or agreements, written or oral. These terms may not be modified by you, in writing or otherwise, unless agreed to in a written document signed by folk.
If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized we will work with you to understand and resolve the issue quickly, and Folk will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
Under this policy, “research” means activities in which you:
- Notify us as soon as possible after you discover a real or potential security issue.
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
- Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
- Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.
- Do not submit a high volume of low-quality reports. Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
Data is systematically deleted after 60 days of inactivity. If no one logged in for 60 days, the workspace is considered to be inactive, its data is deleted and not accessible anymore. Preliminary warning emails are sent beforehand. On top of that, we have a retention period of 30 days, meaning we keep backups for 30 days. After this 60+30 days period, data is permanently deleted and cannot be restored.
The following test methods are not authorized:
- Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
- Physical testing (e.g. office access, open doors, tailgating), social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing
This policy applies to the following systems and services: *.folk.app, folk.app. Any service not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. Additionally, vulnerabilities found in systems from our vendors fall outside of this policy’s scope and should be reported directly to the vendor according to their disclosure policy (if any). If you aren’t sure whether a system is in scope or not, contact us at firstname.lastname@example.org before starting your research. Though we develop and maintain other internet-accessible systems or services, we ask that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a particular system not in scope that you think merits testing, please contact us to discuss it first. We will increase the scope of this policy over time.
Reporting a vulnerability
We accept vulnerability reports via email@example.com. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
What we would like to see from you
To help us triage and prioritize submissions, we recommend that your reports:
- Describe the location where the vulnerability was discovered and the potential impact of exploitation.
- Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
- Be in English, if possible.
What you can expect from us
When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.
- Within 3 business days, we will acknowledge that your report has been received.
- To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
- We will maintain an open dialogue to discuss issues.