What is GDPR?
GDPR is a new EU law protecting users’ personal data and enforcing data security. It requires several aspects of data protection. This outlines how we protect your data, our responsibility, and your responsibility. Read all documentation and decide if you want to use this application. We are not liable for negligence or faults in data protection by you or third parties. Read carefully and act wisely for data safety.
Definition of Personal Data
Any individual’s data is their personal data – name, image, email, address, social posts, location, IP address, etc. Users have absolute ownership of personal data. Wherever and however it’s stored, it belongs solely to the user. Data collectors like apps can’t use or share user data without explicit or implicit permission. If a user permits data use for specific actions, the app admin can use it accordingly. For example, a social media post is visible to chosen contacts per the user’s implicit permission. The app isn’t responsible for contacts abusing that access. But it is responsible for any third party data sharing not stated explicitly in advance. Data uploading and visibility depends on both app admin and user. Read full docs for details.
Developers must safeguard user data storage on the back end – how user info and interaction logs are stored in the database and servers. We’ll describe how submitted and gathered data is saved, and notify users. Users can permanently erase all personal data on account deletion. We don’t keep activity logs or backdoors to extract user data. Sometimes the developer needs temporary app access for support, before full launch. We recommend the admin change credentials after. Developers aren’t responsible for unintended security flaws in the app or credential leaks in such cases. There are always data breach risks with online sharing. Don’t share compromising info.
The admin has unrestricted access to user data, including databases, logs and more. They can view, copy, and share user data with third parties, as announced explicitly beforehand. Admins shouldn’t allow third party data extraction under any guise. With great privilege comes great responsibility for safeguarding user data.
It depends on the user. Submitting no data prevents breaches, but isn’t practical. Read all docs from the developer and admin, then carefully submit necessary data only. Safeguard your credentials, as weak or predictable passwords can allow unauthorized access. Change credentials if suspicious activity occurs or you shared them out of necessity. Think before submitting data.
Our GDPR Actions
- Minimize collected data and explain necessity
- Enforce HTTPS
- Destroy sessions/cookies after logout
- No user tracking for commercial use
- Disclose logs with IPs and locations
- Clear terms and conditions
- Inform about third party data sharing
- Create data breach policies
- Permanently delete data upon account deletion
- Patch vulnerabilities
Account Deletion: Permanently and irrevocably delete all related data upon account cancellation or deletion.
Encryption: Encrypt most personal data. Hashes remain even if breached, protecting privacy. Some visible data can’t be encrypted.
No Tracking: Don’t save cookies, sessions, or track activity commercially. Don’t save credentials in your browser.
Destroy Footprints: Delete all user data from servers upon account deletion. No activity logs kept.
No Manipulation: Don’t record personal activity for analysis or motivational product pushing.
Notifications: Get notifications for account actions to monitor unusual activity.
HTTPS: Enforced everywhere to prevent data sniffing.
No Hidden Collection: No backdoors, hidden options, or post-launch data collection capabilities.
Data Breach Policy: Implement database security, but we are not responsible for server or admin caused breaches. Weak credentials or flaws could compromise databases. Contact your admin regarding this.