GDPR Addendum
Source:
Signup
Personal Data:
- Email address
- Instagram username
- Real name
Reason:
To provide a login to the service and contact you to help you use the product or learn about features.
Handling:
Secure managed MySQL database (AWS RDS). Only senior developers and DBA has direct access.
Disposal:
When user deletes account all information is cleared.
Source:
Paid account sign up (PRO)
Personal Data:
- Credit card expiry
- Last four digits of credit card
- Billing address
- Email address
- Name
Reason:
To enable payment for the service
Handling:
All credit card data is stored securely by a 3rd party provider ‘Stripe’. Expiry date and last four digits are stored in the database to present users with their previously used cards.
Disposal:
On request
Source:
Support or Sales via live chat
Personal Data:
- Email address (optional)
Reason:
To enable user to be notified of reply from support
Handling:
Stored in third party provider 'Intercom'
Disposal:
Deleted every 14 days
Security Outline
Here are some steps we are taking to further secure your data :
- Real time data breach protection & monitoring/alerts
- Common attack vector protection & monitoring/alerts
- Secure by design/default development process integration
- Further automated the deletion of personal data based on user action
- Introduction of data breach plan
- Hardened security on all infrastructure
Sub Processors
Sub Processor:
ActiveCampaign
Data:
- Email address
- Username
- Feature usage
Sub Processor:
Stripe
Data:
- Email address
- Billing details
Sub Processor:
Google Analytics
Data:
- Anonymised cookie data
Sub Processor:
Data:
- Anonymised cookie data
Sub Processor:
Intercom
Data:
- Email address
- Linktree username
Sub Processor:
Datadog
Data:
- Linktree username
- User resource utilisation
- Linktree username
- Application usage statistics
Sub Processor:
Sqreen
Data:
- Application security screening
Sub Processor:
Paypal
Data:
- Email address
- Billing details
Sub Processor:
Baremetrics
Data:
- Email address
- Subscription details