If you are a European Union (EU) resident, or even if you are not, you are probably aware that enforcement of the General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018. In preparation for that, we’ve made some changes to our agreements and product to comply as a data “Processor” and also as a “Controller” of personal data.
Apptoto’s Role as a Processor
Under the GDPR, Apptoto users are likely considered “Controllers” of the personal data collected by users and sent to Apptoto. If you are considered a Controller in this circumstance, then we are a “Processor” of yours. To help us be compliant as a Processor we have done the following:
- We created a Data Processing Agreement (DPA) that reflects the requirements of the GDPR and allows for GDPR-compliant data transfer and storage outside the EU. Email firstname.lastname@example.org if you would like a copy.
- We audited existing security policies and developed additional security policies to help ensure that the data you send us is safe and secure.
New features include:
- A “Data Retention Period” setting on the “Settings” > “Advanced & Privacy” tab. With this setting, you can select the period of time we will store certain data. Data older than the period you select will be deleted or anonymized.
- We can assist you in responding to data subject requests. If you receive a request from a client to export orremove/delete their data, please let us know.
Apptoto as a Controller
Some of the 3rd parties that we use allow for identifiable tracking inside of our web application. This means that we can see who clicked on what buttons in the application once you have signed up for an account. We use this data to make decisions about the product roadmap and to provide you with a high level of support. In many cases, we have figured out support issues by reviewing this data. However, you can now opt-out of identifiable tracking on the “Settings” > “Advanced & Privacy” tab in Apptoto. As part of our GDPR compliance effort, EU residents must now opt-in to identifiable tracking.
Lastly, we’ve cleaned up our email marketing lists. Before, we were not doing a good job of explicitly asking new users (trials and subscribers) to subscribe to our newsletter and marketing communications. If you are a current subscriber and are not in the EU, then we have opted you into the email newsletter by default. Otherwise, you will need to subscribe here to continue receiving our newsletter and marketing communications.
Please email email@example.com if you have any questions regarding the GDPR.