GDPR Compliance
Last updated: February 02, 2022
GDPR Compliance
password.link takes great care when handling users personally identifiable data.
Details of this are given in this document, in our Terms of Service and our Privacy Policy.
Personal data we collect
The system stores personal information for the main account and invited editors.
Account:
- email,
- name,
- company
Editors:
- email,
- first name,
- last name
Data storage
Personal data is stored exclusively in the password.link database.
password.link runs on Heroku, in its "Europe" region.
Heroku GDPR compliance is described here. Heroku DPA (Data Processing Addendum) is here.
Data shared with third parties
Chargebee
When you sign up for a paid plan, we ask for the information that is legally required for invoicing and supply it directly to Chargebee. We do not store this information in our systems.
The information is:
email, first name, last name, company, VAT number, billing address
Chargebee GDPR Compliance
Stripe
When adding a credit card to your billing profile we send the card information to Stripe directly, without reading that information ourselves.
We then forward the result of the card registration to Chargebee that triggers the card charges.
So to Stripe we send:
credit card details, which we cannot read ourselves apart the last 4 digits, email
Stripe GDPR Compliance
Legal basis
We collect and store your data for the following reasons:
To fulfill contractual obligations with a data subject.
To perform tasks at the request of a data subject who is in the process of entering into a contract with a data controller.
(For more information about these reasons, see the explanation on Wikipedia)
Use and flow of the data
We use your data to do the following:
- to allow you to log in to the site. In this case your data stays in our main servers only.
- to send you an invoice, we never save your invoicing data, we delegate Stripe and Chargebee the storage and management of your data.
- to send you transactional emails about the service, promotional and marketing emails we use Mailgun. On account registration we send your email address only to them.
- on support request we ask your email address to contact you back for customer care.
- when an error occurs on the platform we automatically send some telemetry data to Sentry to be notified about the errors and help us to resolve them.
Duration of data retention
We store your data for the duration of your use of the system.
As soon as you cancel your account, your personal information is erased.
Your rights over your personal data
We respect your right to do the following:
request a copy of your data, update your data or request deletion of your data
Please contact us (at the address below) if you want to do any of the above.
How to contact us
If you have any doubts, or wish to exercise your rights (as listed above), please send us an email here: support@password.link
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.