Our commitment to the GDPR
We are always committed to respecting privacy and keeping personal data safe, in line with the GDPR (General Data Protection Regulation).
The EU general data protection regulation (GDPR) governs how the personal data of individuals in the EU may be processed and transferred.
What is the GDPR?
The EU general data protection regulation (GDPR) is the strongest privacy and security law in the world.
This regulation updated and modernised the principles of the 1995 data protection directive. It was adopted in 2016 and entered into application on May 25, 2018.
The GDPR defines:
- individuals' fundamental rights in the digital age
- the obligations of those processing data
- methods for ensuring compliance
- sanctions for those in breach of the rules
Rights of individuals
The GDPR lists the rights of the data subject, meaning the rights of the individuals whose personal data is being processed. These strengthened rights give individuals more control over their personal data, including through:
- the need for an individual's clear consent to the processing of his or her personal data
- easier access for the data subject to his or her personal data
- the right to rectification, to erasure, and “to be forgotten”
- the right to object, including to the use of personal data for the purposes of “profiling”
- the right to data portability from one service provider to another
The regulation also lays down the obligation for controllers (those who are responsible for the processing of data) to provide transparent and easily accessible information to individuals on the processing of their data.
Our initiatives to be GDPR compliant
We are committed to protecting the privacy and security of our customers, and below are some of the initiatives we've undertaken.
Subject data rights
We are committed to complying with the requirements of the GDPR. We offer all the necessary mechanisms, such as web pages and tools, allowing our customers to access, update, export, or delete all their data without restriction.
Customers can request that we stop processing their personal data at any time.
For more information on your privacy rights with us, please see our Privacy Policy and Cookies Notice.
Data Security, Compliance, and Certifications
The GDPR requires technical and organisational security measures to protect personal data. Protecting our users' information and their privacy is extremely important to us. We have built security into every layer of our services. We use backups, encryption, threat detection, and other mechanisms for your security and privacy. All third-party providers have been verified as GDPR-compliant.
We hold your data on servers hosted outside of the EU in the UK, USA, and Brazil.
Awareness
All our key people responsible for software development and customer support are fully aware of the GDPR requirements.
Data we hold
- Username and email: When you register, we ask you for your email and user name. Through your profile settings, you may additionally provide your first name, last name, country, city, gender, and birthday. If you login using a social network (such as Facebook or Google), we may ask for permission to access basic information from that account, such as your name, email address, and profile picture. You can stop sharing this information with us at any time using the social network settings.
- Payment information (paid users): Payment information is required to fulfil the transaction. If you pay using a payment card at checkout, you will provide your payment information, such as your card details, to our card payment provider. Their privacy policy will apply to this information. If you checkout using PayPal, the PayPal privacy policy will apply to the payment information you provide.
- User Content: This includes documents provided by you while using our website.
- IP Address: For determining the location of our customers.
- Log files: We record diagnostic data in log files. This log file may include the IP address, date, time, and browser information.
- Website Usage: To help understand and improve the performance of our services, we collect statistics such as how many users visit a page on our website or how many times a link is clicked.
- Cookies: We use cookies to understand and save your preferences for future visits and to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
For more information on how to request what information we hold on you, please contact us.
Subject access requests
We respond to a subject access request within one month of receipt (usually in under a week).
Choice and consent
We value choice and transparency around how we collect, use, and share information and provide optionality within account settings.
For more information on your privacy rights with us, please see our Privacy Policy and Cookies Notice.
Children
We do not collect any information from anyone under 13 years of age. If we believe that personal information has been collected from a child younger than 13 years of age, we will remove it.
International data usage and transfers
As a company with a global customer base and operations, we must be able to transfer and access data around the world. We understand and respect the rules for international transfers of personal data outside of the European Economic Area and the UK.
Our main residence is in the United Kingdom. Therefore, our supervisory authority is based in the United Kingdom.
Contact Us
If you have any questions or concerns surrounding the storage and use of your personal data, please contact us.
Last Updated: April 12, 2023