Is Gigalixir GDPR Compliant?
What Personal Information Does Gigalixir Collect for my Account?
We collect the minimum amount of personal information to provide you our services.
For Free Tier customers, we collect your email address (for your account “user name”). That’s it.
For Standard Tier customers, we also require billing information (to be processed and kept at Stripe, we do not have access to your credit card information).
For both tiers of service, Gigalixir will also know your app_name(s) and database_name(s).
If you contact us at Support, our Support software will collect your email address and IP address to verify the authenticity of the requester. Obviously, any details you send us about your account is stored in the Support software and can be deleted upon request (see below).
What Personal Information Does Gigalixir Collect when I’m Running My Apps?
At the user level, we collect and store the email address.
There is no customer app customer data stored in the database.
How long does Gigalixir Store Log Data?
We store the last 100 lines of the log entries for an indeterminent amount of time. This allows us to give customers some history to the log information when they request it. This data is not backed up and is regularly flushed.
What does Gigalixir Share with Marketers / Advertising and Non-Essential Companies?
We do not sell or rent your personal data to third parties for marketing purposes. Or any purposes at all. That’s not what we’re here for.
For data aggregation purposes, we may use your non-personal data, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your personal data.
We may give your personal data to third-party service providers whom we hire to provide services to us to keep the Gigalixir business in legal and tax compliance globally. These third-party service providers may include but are not limited to payment processors, web analytics companies, advertising networks, data management services, help desk providers, accountants, law firms, auditors.
Does Gigalixir View/See our Data in our Apps or Databases?
No, we do not see or save your data in your apps or databases.
What Data does Gigalixir Store in the Clear / Unencrypted?
We store your email unencrypted. Direct login passwords are encrypted.
Does Gigalixir Collect any Private Data that is Not Needed to Run the Service?
We collect personal data sufficient to run the Gigalixir products for you, improve the Gigalixir services over time, and cater to our customers successfully. That means we don’t collect any additional or unnecessary private data other than the information listed above.
Finally, we store no PII from your apps – the only user data we store is about you, the data controller, and it is minimal – if you are using Gigalixir as a Free Tier user, for example, it is just the email address, app name(s) and database name(s). For Standard Tier users, additional billing information is stored at Stripe, however we have no access to your credit card details.
If I’m based in the EU, does my data leave the EU?
We are a global company serving customers around the world. We provide the same standard of privacy protection to all our users, regardless of their country of origin or location.
Because we are a globally focused business, our infrastructure reflects that mission. As a result, some of our services are processed outside the EU - for example - Stripe payment processing.
Even if you choose a EU-based database, there is a chance that your data may leave the EU in order for us to adequately provide our service to you and your clients. However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs.
Information that we collect will be stored and processed in the United States in accordance with our Privacy Statement.
Additionally, we obviously have no control over whether a company or customer chooses to send data via our services outside the EU.
Can you Sign a Data Protection Agreement?
We can provide you with our Data Processing Agreement (DPA) as part of your GDPR compliance requirement.
As we want to make these legal experiences as easy as possible, our documents are pre-signed by Gigalixir’s parent company and can be sent to your corporate legal email address for signature.
Once the document is signed by both parties, the DPA document is binding for both parties.
If I Request to be ‘Forgotten’ or Deleted, what Data would Gigalixir Delete and Keep for Legal Reasons?
Upon a request to be forgotten, we mark all of your data as “removed” in our database. Data marked “removed” will be deleted within 30 days to prevent mistakes and human error. Your payment information and transactions (if relevant) is kept at Stripe for tax and reporting purposes.
Following a confirmation from Gigalixir that your data will be deleted, your Customer Service and Support correspondence will also be deleted. That means, if you write us in the future, we will have no record of any of your prior communication with Gigalixir, so please save any information you need before requesting to be forgotten.
How do we Request our Information be Deleted and / or Ported to Another Service?
Simple, send us an email at Support and we’ll verify your identity (we don’t want your competitors tricking us into deleting your account now, do we?) and either port or delete your data as requested.
Got a different question?
Got a different question, send us an email at Support!