Personal Information and Usage Data
When you sign up, we create an account using your email address, link to your profile photo, first name and last name from the Google account you use for authentication. We associate your use of and activities on the site (“retros”) with your account so that you and your team members can review your retros if you sign back in later. This includes anything you submit via text inputs, votes you submit during the voting process, grouping, and other activities.
Email, Marketing and Communications
When a retro is completed, any action items you create are emailed to you and your team. We will also send out very occasional updates of major changes to policies or terms. These messages are necessary to operate our service.
If you have opted in to occasional product updates and marketing emails from us, you can later opt out at any time by emailing email@example.com with subject “Email Opt Out” or by changing your preference in the user interface.
Data transmitted between our hosting provider and your browser is encrypted using SSL/TLS, and database backups are also encrypted. Our production environment is carefully restricted to only the few individuals who need access, and our software development process involves multiple privacy by design considerations.
Third Party Disclosure
We do not sell your data, and we only share it with third parties necessary to provide the services you request while using the site, to improve the performance and security of the services, and for the occasional emails described above. You can find a list of Third Party Data Processors we use below.
If we need to monitor, investigate, or respond to any reported or suspected illegal activity, fraud, threats to anyone's physical safety, or similar concerns, we may share your info with those involved in addressing our concerns. If we are compelled by a court order or other valid legal process to share your data, we will attempt to notify you unless legally prohibited from doing so.
If something material in this policy changes for any reason, we will make our best efforts to notify you in advance.
Third Party Data Processors
We use the following third party processors to process personal information and other data associated with your usage of Remote Retro to the extent necessary to provide our services.
- Gigalixir on AWS (for application hosting)
- SendGrid (to send emails)
- Honeybadger (for exception reporting)
- DataDog (for performance metrics)
- Papertrail (for request logging)
- Hubspot (to manage email lists)
- Google (for authentication and site analytics)
For users in the EU, the GDPR provides you with rights including:
- The right of access
- The right to rectification (aka correction)
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you are in the EU and wish to exercise or discuss your GDPR rights, please contact us at firstname.lastname@example.org.