GDPR Compliance

Last updated: February 02, 2022

GDPR Compliance

password.link takes great care when handling users personally identifiable data.

Details of this are given in this document, in our Terms of Service and our Privacy Policy.

Personal data we collect

The system stores personal information for the main account and invited editors.

Account:

  • email,
  • name,
  • company

Editors:

  • email,
  • first name,
  • last name

Data storage

Personal data is stored exclusively in the password.link database.

password.link runs on Heroku, in its "Europe" region.

Heroku GDPR compliance is described here. Heroku DPA (Data Processing Addendum) is here.

Data shared with third parties

Chargebee

When you sign up for a paid plan, we ask for the information that is legally required for invoicing and supply it directly to Chargebee. We do not store this information in our systems.

The information is:

email, first name, last name, company, VAT number, billing address

Chargebee GDPR Compliance

Stripe

When adding a credit card to your billing profile we send the card information to Stripe directly, without reading that information ourselves.

We then forward the result of the card registration to Chargebee that triggers the card charges.

So to Stripe we send:

credit card details, which we cannot read ourselves apart the last 4 digits, email

Stripe GDPR Compliance

Legal basis

We collect and store your data for the following reasons:

To fulfill contractual obligations with a data subject.

To perform tasks at the request of a data subject who is in the process of entering into a contract with a data controller.

(For more information about these reasons, see the explanation on Wikipedia)

Use and flow of the data

We use your data to do the following:

  • to allow you to log in to the site. In this case your data stays in our main servers only.
  • to send you an invoice, we never save your invoicing data, we delegate Stripe and Chargebee the storage and management of your data.
  • to send you transactional emails about the service, promotional and marketing emails we use Mailgun. On account registration we send your email address only to them.
  • on support request we ask your email address to contact you back for customer care.
  • when an error occurs on the platform we automatically send some telemetry data to Sentry to be notified about the errors and help us to resolve them.

Duration of data retention

We store your data for the duration of your use of the system.

As soon as you cancel your account, your personal information is erased.

Your rights over your personal data

We respect your right to do the following:

request a copy of your data, update your data or request deletion of your data

Please contact us (at the address below) if you want to do any of the above.

How to contact us

If you have any doubts, or wish to exercise your rights (as listed above), please send us an email here: support@password.link

We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.