GDPR Commitment
The European Union (EU) introduced a regulation called the General Data Protection Regulation (GDPR in summary) on 25 May 2018. The purpose of the GDPR is to give EU residents drastic improvements in their privacy rights and control over their data and protect them from privacy breaches and leaks.
Bybrand ensures compliance with global regulations and industry practices to maintain your customers' data privacy and security.
Bybrand's commitment to the GDPR
This quick guide will help you understand how Bybrand treats your data, which we collect when registering with our service.
Read the full PDF version: GDPR Compliance Statement.
We do not use Google Analytics
It is important to note that Bybrand does not use Google Analytics anywhere on the website, blog, or knowledge base. Therefore, we do not obtain confidential data from your navigation when you visit our website or blog.
- We do not obtain your browsing data;
- We do not monitor your behavior on Bybrand pages;
- No cookies for advertising.
Cookies
We use cookies for a better user experience in Bybrand's restricted area (web app). They are necessary to ensure the reliable operation of our platform. No particular information about you is added to cookies or browser session data.
Data processing
Bybrand's data and primary servers are hosted in the DigitalOcean data center (located in New York - NYC1.) GDPR does not demand that personal data from the EU remain on servers in the EU.
Our clustered databases are encrypted at rest with LUKS (Linux Unified Key Setup) and on the move with SSL.
At any time, you can request the data we've stored about your company and employee data that are in the email signatures, and you will receive them in a simple format. We guarantee that we will fulfill your request in a maximum of 30 days.
- No special category data process GDPR.
- Although Bybrand itself has not undergone an SOC audit, our data center has. DigitalOcean Certification Reports
Collect your data
We only collect information necessary for the initial provision of the service:
- Your name;
- Email;
- Company name;
- IP address (for geolocation);
After registration, you can choose whether you'd like to provide us with other private data in order to offer you a better service. For example, you can provide your mobile number for a faster password change in the system.
- We do not sell or rent your personal data and information;
- No information is monetized.
Payment processing
If you decide to purchase a service plan, we will need your payment details. Paddle.com (the service responsible for payment processing) collects buyer data during checkout for payment processing and order fulfillment purposes.
Buyer data is shared securely with payment providers such as PayPal, Visa, and Mastercard.
These providers are GDPR and PCI DSS compliant. The sharing is necessary to facilitate the payment process. Furthermore, anonymous data is also shared with various fraud monitoring platforms in compliance with GDPR.
Remarketing
We do not make remarketing campaigns with the email from customers or retargeting ad to website visitors. Therefore, we do not share your email with third parties to serve paid ads.
Data in email signatures
Personal data in an email signature is rarely, if ever, confidential data.
Email signature data is easy to obtain publicly, such as on a business card, corporate directory, or website. There is nothing sensitive, even in an email, address, or mobile number. However, they constitute personal data, even if it is a commercial email address.
In some cases, you may want to connect Bybrand with third party integrations, such as Google Workspace or Freshdesk, for the generation of automatic email signatures. Bybrand only obtains data necessary to fill out email signatures.
The information obtained is available in the "placeholders" area of the Departments resource.
Deletion of company profile
Bybrand allows you to completely and immediately delete your registration data at any time. This procedure can be done without Bybrand or the need to contact technical support.
When deleting an account, you will delete all associated data, including your information that we send to third parties, such as Mailchimp.
- Deletion is not allowed if your account has had payment processing.
Retention of data
Storage Limitation: all data of customers using our free trial who do not buy a plan are completely deleted after 120 days.
Email notifications
Our email marketing platform is MailChimp. We disable link opening tracking and link tracking in all outgoing emails.
You can select which information, if any, that you want to receive from Bybrand. Information can include: newsletters, tips, and best practices for using the service.
With the exception of necessary transactional emails, such as password changes and plan expiration reminders.
Sub-processors
We share certain information with companies that can be considered our "sub-processors" according to the GDPR.
Below is a complete list of our sub-processors:
- Mailchimp: email marketing platform;
- Postmark: transactional emails;
- Paddle: payment provider;
- DigitalOcean: cloud infrastructure hosting;
- Amazon Web Services: cloud infrastructure hosting;
- JivoChat: online chat customer support.
We will be happy to answer any questions and clarify any questions about how we protect your data in general and specifically in the GDPR.
If you have any questions about these terms, please contact us. privacy@bybrand.io