Last updated: June 15, 2020
Personal Data Collection and Storage in our apps and websites
This document provides an overview of the principles and technology we use in capturing and managing personal information about you via our business operations or our apps and services.
We respect your privacy
This company was founded, and we work hard every day, to help you manage and protect your privacy. Our products and services all relate to helping you limit the amount of data you share or others can take from you, so we hold ourselves to a high standard in terms of how we capture, manage, and treat your data and your rights surrounding that data.
We’d love to have a zero-personal-data footprint, but it’s not yet technically feasible. We need to email you to support your use of our app, we need to process payments, we need to track how our app is working (or not working) and we need to promote our products in order to find and win customers. Each of those requires us to collect and manage personal data.
Six Guiding Principles:
Let’s start with a review of the principles that drive all of our decisions relating to personal data:
- Minimize data collection. We strive to only collect the information we need to operate our service and effectively manage and grow our business. There are many more opportunities for a company like ours to acquire data and tools to leverage this data, than we choose to employ, but we consistently choose to acquire the least data and use that data as minimally as possible while still enabling our operations and growth.
- Minimize data sharing, Maximize data respect. We want to minimize the number of integrations with 3rd parties so that your data is transferred to as few places as possible, choose the most privacy-friendly 3rd parties (For example, we use Matomo instead of Google Analytics.), and generally treat your data as we’d want our data to be treated.
- Default to opt-in, wherever possible. We don’t like opt-out business practices, where companies take data unless you go to the trouble of telling them you’d prefer that they didn’t; so, when we can give users the choice to opt-in to sharing additional data, we take that approach.
- Help you opt-out, where necessary. Some of our 3rd-party tools don’t support opt-in mechanisms but do themselves have opt-out methods. In these cases, we explicitly show you how to choose to opt out – right within the Priiv App. In most cases, opting out of these tools not only stops us from getting data, but prevents your data from going to those companies when any other app or company uses those same 3rd parties.
- Build quality products, and a successful company. We want to ensure that our application is both functional and responsive, and that means we must monitor how it performs for users, when it crashes, how fast it loads, and more.
- Make reasonable tradeoffs. There is a tension in trying to build and grow a business, digitally interact with prospects and customers, use available technology and tools (which were often not built with a privacy-first outlook), and live up to the principles stated above. When we need to resolve this tension, or a conflict between our business needs and our privacy ideals, we will endeavor to make a choice which appropriately aligns with our ideals while not unreasonably compromising our business opportunities.
We pledge to do our best to balance all of these principles. We understand our audience and expect they will have high expectations. We don’t expect we’ll please everyone in every case, but we’ll remain open to feedback and continue improving where and when it is necessary.
Summary of Data & Services
We use Stripe, Recurly, and Avalara to sell software and services via our websites. Via these tools, we collect email addresses and billing information, as required to process and fulfil orders. In this transaction, Priiv never has access to your credit card information and these services are fully PCI compliant.
We use Hubspot as our primary customer and app-based messaging and marketing platform. This captures the email address you provide during registration or sign up, the name of the website or channel where you responded to our ad, and information on use of our app (such as last login date). Any messages you send us and any messages we send you are stored here as well. This platform is used to communicate via email to share tips and progress related to your use of our app, to share our weekly newsletter, and to share promotions. You may opt-out of our email communications at any time.
To understand the use of our products, and help us to improve them, we use Crashlytics and Mixpanel. Your data is only obtained by Mixpanel if you opt-in to its use from within the app.
On websites, we use Matomo to provide basic website analytics telling us how many people visited, where they came from, and how each person (including you) interacted with our sites. Matomo is a more privacy-friendly alternative to Google Analytics.
Our iOS application and certain web tools that are part of our product use some embedded tools to enable their capabilities. We use the Google Firebase suite of products to allow us to integrate different platforms, such as updating records in Hubspot based on in-app activity. We also use Zapier to pass information between services. Specifically, it is used to pass basic billing confirmations from Recurly and Stripe to Hubspot to provide customer support.
These services transmit aggregate stats and some user-specific data between other tools we use. For example, the contents of email messages, purchase transactions, and score data are transmitted using these services. We do not use these services to store customer information.
Lastly, we offer Sign In with Apple. This is a secure and private way to authenticate with applications. As a user you choose whether Apple shares your actual email address with us, or uses an alias which then forwards email to you.
Our platform is hosted using the Amazon AWS suite of tools, and features and capabilities of the iOS app – including scoring and personalization, run on AWS servers and software. We use an ElasticSearch, Logstash, and Kibana (ELK) stack for logging. We keep logs on activity to help us both understand performance, find bugs, and troubleshoot errors we encounter. While these logs are not permanent, unprocessed customer data such as the exact API calls made are stored here until they are purged. Our primary customer data is stored in Mongo Atlas, a managed database that provides us with a secure and stable platform for storing your data. All of your activity in the platform, along with most of the content in the platform is stored here.
If you have any additional questions about our use of your data, please do not hesitate to ask us via firstname.lastname@example.org