CrossOver Logo

CrossOver Policies

Last updated: 2 March 2025

1. Introduction

Welcome to crossover.social – a service operated by CheckFirst (FI31436034). These Terms and Conditions ("Terms") govern your use of our Service. By accessing or using our Service, you agree to be bound by these Terms. Please read them carefully.

The Service is provided on a Software as a Service (SaaS) basis and is intended solely for users belonging to organisations with a valid CrossOver contract with CheckFirst.

2. Access and Authentication

Access to the Service is strictly limited to authorised users. Instead of storing traditional passwords, our authentication system sends a one-time login code to your registered email address each time you sign in. You are responsible for safeguarding your email account and ensuring that the code is not disclosed to unauthorised third parties.

If you suspect unauthorised use of your login details, please contact us immediately.

3. Data Collection and Usage

The Service aggregates publicly available data from multiple platforms such as websites and social platforms. All data made available via the Service is public and is processed in accordance with applicable EU copyright exceptions and limitations and the Digital Service Act (DSA). In accordance with the Digital Services Act, if you believe that any aggregated content infringes on applicable laws or rights, please submit a request to our designated contact, and we will review the content in a timely manner.

The Service is provided on a best effort basis, and while we strive to present accurate and up-to-date information, CheckFirst does not warrant the completeness, reliability or legal compliance of the data. Users are responsible for ensuring that their use of the data complies with all applicable laws and any third-party terms.

4. Privacy, Data Handling and GDPR Compliance

In accordance with the General Data Protection Regulation (GDPR), CheckFirst has implemented appropriate technical and organisational measures to protect any personal data processed through our Service. All personal data is hosted at OVH Europe.

We collect only the personal data necessary for providing our Service, such as your full name and email address. Data is processed solely for the purposes of managing your access to the Service and improving our offerings. No sensitive data, such as passwords, is stored.

By using the Service, you consent to the collection, storage, and processing of your personal data as described herein. For any queries regarding data protection or to exercise your rights under the GDPR, please contact our Data Protection Officer at gdpr@checkfirst.network.

Please also refer to our Privacy Policy for more detailed information on how we collect, store, and process personal data.

5. Use of the Service

The Service may be used only for internal business purposes by organisations that have a valid CrossOver contract with CheckFirst. You agree to use the Service in compliance with all applicable laws, regulations, and any third-party terms.

You must not:

  • Sell, lease, transfer or otherwise exploit the Service or make it available to any third party;
  • Send spam or other unsolicited communications;
  • Upload or transmit any material that contains viruses, worms or other harmful software;
  • Attempt to gain unauthorised access to any part of the Service or associated systems;
  • Utilise the aggregated data for purposes that may infringe on third-party intellectual property or data protection rights.

All content entered into the Service by your organisation ("Client Content") remains your responsibility. The aggregated data is intended solely for internal decision-making and must not be republished or distributed without express written consent.

6. Intellectual Property

All intellectual property rights, including copyrights, trademarks and database rights in the Service and in any materials provided by CheckFirst, remain with their respective owners.

The use of the Service does not grant you any right to reproduce or distribute any of our content or the aggregated data, except as expressly permitted under these Terms. Any public dissemination of aggregated data must comply with all applicable intellectual property laws.

7. Disclaimers and Limitation of Liability

The Service is provided on a "best effort" basis and is supplied without any warranties, express or implied, including but not limited to any implied warranties of merchantability, fitness for a particular purpose or non-infringement.

To the fullest extent permitted by law, under no circumstances shall CheckFirst be liable for any direct, indirect, incidental or consequential damages arising from your use of the Service. Notwithstanding the foregoing, nothing in these Terms shall limit or exclude our liability for gross negligence, willful misconduct, or any liability that cannot be excluded under applicable law.

8. Modifications and Termination

CheckFirst reserves the right to amend these Terms at any time. We will provide reasonable notice of any material changes. Your continued use of the Service after such notice constitutes your acceptance of the updated Terms.

The Service may be terminated by you at any time or by CheckFirst if we determine that you are in breach of these Terms or if there is a risk to the security or integrity of the Service. Termination may be immediate or subject to notice, at our discretion.

9. Governing Law and Dispute Resolution

These Terms and any disputes arising from them shall be governed by and construed in accordance with the laws of Finland. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the Finnish courts.

10. Contact and Further Information

If you have any questions about these Terms, please contact our support team at support@checkfirst.network.

CheckFirst | Data Protection Officer: gdpr@checkfirst.network

Last updated: 2 March 2025

1. Introduction

This Privacy Policy explains how CheckFirst (FI31436034) ("we", "our", or "us") collects, uses, and protects personal data when you use our crossover.social service ("Service").

We are committed to ensuring that your privacy is protected and that we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We collect and process the following personal data:

  • Account Information: Your name, email address, and organisation details.
  • Usage Data: Information about how you use our Service, including login times, features used, and user preferences.
  • Technical Data: IP address, browser type and version, device information, and other technical identifiers.

We do not store passwords in our system. Instead, we use a one-time code authentication system that sends verification codes to your registered email address.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our Service
  • To authenticate your access to the Service
  • To notify you about changes to our Service
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided these interests do not override your fundamental rights and freedoms.
  • Consent: Where applicable, you have given consent to the processing of your personal data for specific purposes.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

5. Data Storage and Security

All personal data is hosted at OVH Europe. We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Access controls and authentication procedures
  • Regular backups and disaster recovery procedures

6. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

7. Your Data Protection Rights

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact our Data Protection Officer at gdpr@checkfirst.network.

8. Cookies and Tracking

We do not use cookies or similar tracking technologies to track activity on our Service and hold certain information.

9. Third-Party Services

Our Service aggregates publicly available data from third-party platforms such as YouTube, TikTok, X (formerly Twitter), Bluesky, Google, and others. We do not share your personal data with these third parties.

However, when you access content from these platforms through our Service, your interactions may be subject to their respective privacy policies.

10. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer:

Email:
gdpr@checkfirst.network

Mail:
Check First oy - DPO Office
PL 7
00351 HELSINKI
Finland

Last updated: 2 March 2025

1. Overview

CheckFirst recognise that the security of our CrossOver service and the protection of your data are of paramount importance. This Security Policy provides an in‐depth explanation of the robust measures we have implemented to safeguard our systems and ensure the confidentiality, integrity and availability of your information. We continually assess and update our security protocols to respond to emerging threats and to maintain the highest standards of data protection across our service.

Our commitment extends to all aspects of the service, ensuring that every component of our platform is monitored, maintained and enhanced to mitigate risks and to protect our users and their data.

2. Authentication Security

To ensure that only authorised users can access our service, we have implemented a passwordless authentication process. When you attempt to log in, a one‐time code is generated and sent to your verified email address. This code is valid only for a short period, which minimises the risk of unauthorised access. In addition, our systems keep detailed records of every authentication attempt and are configured to automatically restrict access after several unsuccessful attempts. These measures, combined with ongoing monitoring, ensure that our authentication process remains robust and secure.

We continuously review and update our authentication protocols in order to meet the evolving security challenges and to provide a secure user experience.

3. Data Security

Data security is at the heart of our operations. All data is stored on secure servers located in OVH Europe data centres, which are managed in accordance with stringent security standards. Data transmitted between your device and our servers is encrypted using TLS 1.3, ensuring that your information remains confidential during transit. Furthermore, data stored at rest is protected with industry-standard encryption, and access to our databases is tightly controlled and continuously monitored.

These measures work together to protect your data from unauthorised access, modification or disclosure, and we take every precaution to ensure that your information is handled securely.

4. Infrastructure Security

Our infrastructure is designed with comprehensive security measures to provide a resilient and robust service environment. We maintain a secure network architecture that includes advanced firewalls, intrusion detection and prevention systems, and continuous monitoring of all systems and services. Regular maintenance, including the timely application of security patches and updates, is carried out to ensure that our infrastructure remains protected against emerging threats. In addition, we perform routine audits and maintain regular backups to ensure rapid recovery in the event of any disruption.

By adopting a proactive approach, we ensure that our infrastructure remains secure, stable and capable of supporting the high demands of our service.

5. Application Security

We prioritise the security of our application by integrating secure development practices throughout the development lifecycle. Security is built into our processes from the initial design phase through to deployment, with regular code reviews and extensive security testing conducted to identify and rectify vulnerabilities. Our application is engineered to protect against common web threats, utilising measures such as input validation, output encoding and rate limiting. Ongoing monitoring and iterative improvements to our security protocols ensure that our application remains robust against an ever‐changing threat landscape.

These practices help to safeguard the application and ensure that your experience is both secure and reliable.

6. Access Controls

We implement strict access controls to ensure that only authorised personnel have access to our systems and data. Access to our service is granted on the basis of the principle of least privilege, meaning that users receive only the access necessary for their roles. We utilise role‐based access control and regularly review user permissions to ensure compliance with our security standards. Any access granted for maintenance purposes is carefully monitored, and rights are immediately revoked when no longer required.

This rigorous control of access helps prevent unauthorised use and ensures that your data remains secure.

7. Security Incident Response

In the event of a security incident, we are fully prepared to respond promptly and effectively. We maintain a comprehensive incident response plan that outlines the procedures for detecting, assessing, and mitigating any security breach. Our dedicated team is trained to manage incidents swiftly and to conduct thorough investigations as soon as an issue is identified. In line with GDPR requirements, we will notify affected customers without undue delay and work to minimise any potential impact.

Following any incident, a detailed review is undertaken to identify vulnerabilities and to implement additional measures aimed at preventing recurrence.

8. Compliance

Our security practices are designed to comply with relevant regulations and standards, including the General Data Protection Regulation (GDPR) principles. We routinely review our policies and procedures to ensure full compliance with industry and legal requirements. Regular audits are conducted to verify that our systems remain secure and that our security measures are up to date with current regulatory standards.

This commitment to compliance ensures that we maintain a high level of data protection and security across all aspects of our service.

9. Contact

For any security-related concerns or to report a potential vulnerability, please contact our security team at security@checkfirst.network. We take all reports seriously and will work diligently to address any issues in order to maintain the highest possible standards of security for our service.

Last updated: 2 March 2025

1. Purpose and Scope

This Device Hosting Policy ("Policy") sets forth the terms governing the installation and operation of CheckFirst’s device ("Device") within your network. The Device is designed solely to function as a standard web browser and is not intended to collect personal data, monitor network traffic, or record private communications.

2. Device Operation

The Device is exclusively operated and maintained by CheckFirst. It is configured to access publicly available website content in the same manner as a conventional web browser. Under no circumstances does the Device record data beyond what is necessary for standard browsing functionality.

3. Data Collection and Host Information

For administrative and operational purposes, CheckFirst collects the following host information: your name, address, email, and telephone number. This information is used solely to contact you regarding device status, including notifications if the Device goes offline or requires maintenance.

If you need to take the Device offline or relocate it, you must notify CheckFirst in advance. CheckFirst reserves the right to request the return of the Device at any time, with the return shipping costs covered by CheckFirst.

In the event of a malfunction, CheckFirst may supply a replacement Device at no cost.

Any unauthorized tampering, modification, or interference with the Device is strictly prohibited.

4. Network Performance and Security

CheckFirst warrants that the operation of the Device is configured so as not to adversely affect the performance or security of your network. However, you remain responsible for ensuring that your network infrastructure adequately supports the Device’s operation.

5. Contact and Support

For any inquiries or concerns regarding this Policy or the operation of the Device, please contact our support team at support@checkfirst.network.

Last updated: 31 March 2025

1. Introduction

This Data Retention Policy outlines how CheckFirst (FI31436034) manages, stores and deletes data collected through our crossover.social service ("Service"). This policy should be read in conjunction with our Terms and Conditions and Privacy Policy.

The purpose of this policy is to ensure that:

  • We comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR)
  • We only retain personal data for as long as necessary
  • We protect the rights of individuals whose data we process
  • We operate transparently with respect to data management practices

2. Categories of Data and Retention Periods

2.1 Account Information

Data included: Name, email and organisation details
Retention period: Retained for the duration of the contract between the user's organisation and CheckFirst, plus 90 days after contract termination to facilitate potential renewal
Justification: Necessary for providing access to the Service and account management

2.2 Authentication Data

Data included: One-time login codes and authentication logs
Retention period: One-time codes are deleted after use or expiration (maximum 30 minutes). Authentication logs are retained for 90 days
Justification: Security monitoring and fraud prevention

2.3 Usage Data

Data included: Information about how users interact with the Service, including login times, features used, and user preferences
Retention period: Retained for 12 months
Justification: Service improvement, technical troubleshooting, and usage pattern analysis

2.4 Technical Data

Data included: IP addresses, browser type and version, device information, and other technical identifiers
Retention period: Retained for 90 days
Justification: System security, debugging, and service optimisation

2.5 Aggregated Public Data

Data included: Publicly available data aggregated from multiple platforms
Retention period: Retained for the duration of the contract plus 30 days, or as specified in the customer contract
Justification: Provision of the core Service functionality

2.6 Client Content

Data included: Content entered into the Service by the client organisation
Retention period: Retained for the duration of the contract plus 30 days, or longer if specifically requested by the client
Justification: Service provision and business continuity

3. Data Deletion and Anonymisation

3.1 Deletion Methods

When data reaches the end of its retention period, CheckFirst will ensure that it is deleted securely and permanently from our systems. This includes:

  • Secure deletion from production databases
  • Removal from backup systems according to backup rotation schedules (maximum 30 days after deletion from production)
  • Ensuring that deleted data cannot be recovered

3.2 Anonymisation

In some cases, we may anonymise data rather than delete it completely. Anonymisation will be performed in such a way that the data can no longer be associated with an individual. Anonymised data may be retained indefinitely for statistical and analytical purposes.

4. Data Retention Exceptions

4.1 Legal Requirements

We may retain data beyond the periods specified above if required by applicable law, court order, or other legal process. In such cases, the data will be retained only for as long as legally required and access will be restricted to authorised personnel.

4.2 Dispute Resolution

In the event of an ongoing dispute, investigation, or legal proceeding, relevant data may be retained until the matter is fully resolved plus a reasonable period to protect our legitimate interests.

4.3 Technical Constraints

In certain limited circumstances, complete deletion may be technically infeasible (for example, in backup systems). In such cases, we will ensure the data is segregated and access is restricted until technical deletion can occur.

5. Data Subject Rights

As detailed in our Privacy Policy, individuals have various rights regarding their personal data, including:

  • The right to request deletion of their personal data
  • The right to request restriction of processing
  • The right to data portability

Requests to exercise these rights should be directed to our Data Protection Officer at gdpr@checkfirst.network. We will respond to such requests within 30 days.

6. Review and Updates

This Data Retention Policy will be reviewed annually and updated as necessary to reflect changes in our business practices, legal requirements, or technical systems.

Changes to this policy will be communicated to users through our website and, where appropriate, via email notification.

7. Contact Information

If you have any questions about this Data Retention Policy, please contact our Data Protection Officer:

Email: gdpr@checkfirst.network

Mail:
Check First oy - DPO Office
PL 7
00351 HELSINKI
Finland