What is the GDPR?

The GDPR is the General Data Protection Regulation, a new EU law designed to protect users’ personal data. This law covers a number of data security aspects. Here we provide guidelines on how we protect your data, what our responsibilities are and what your responsibilities are. We strongly recommend reading all of our documentation, or other articles about the GDPR, and deciding whether you want to use our application. We are not responsible for any negligence or mistakes made by you or third parties in the area of data protection. Take the time to read the documentation, act sensibly and stay safe.

Definition of personal data:

Any data that belongs to a person is their personal data. This can be a person’s name, image, email address, physical address, a post on social networks, location, computer IP address and so on. The owner of personal data is its only lawful party. This means that no matter where and how the data is stored, it belongs to the person. A data collector or user (for example, Facebook or YouTube) cannot display, store or share personal data without the user’s explicit or implied consent. If a user grants permission to use their data for a certain activity (storing, viewing the data and so on), then the application administrator may use it.

Imagine a hypothetical situation: you publish a post on social networks. In that case, you grant implied permission to display the post to your public or private contacts. The application administrator is not responsible for offensive comments that your contacts may leave. This means that if you made your data public, that is your responsibility. However, the application administrator is responsible for any sharing of data with third parties. If any data is to be shared, it must be clearly stated in advance. So we can see how uploading and displaying data depends both on the application administrator and on the user. More detailed information is provided throughout the documentation.

The developer’s responsibility:

Protecting the user’s personal data on the application’s back end is the developer’s responsibility. The developer is responsible for how the user’s data (name, phone number, email and so on) and other information (such as logs of the user’s interactions with the application) is stored in the database and on the server. We will describe in detail how directly provided data (name, email and so on) and indirect data (browser name, computer IP and so on) is stored in the database and on the server. As soon as any data is uploaded to the server, its security depends on the security of the server and sometimes on the application administrator.

The user will be informed about all temporary (cookies and sessions) and permanent (data stored in the database) data storage methods. The user will be given the option to delete all of their personal data after deleting their account or terminating the service. We guarantee that we do not keep logs of user activity and have no hidden ways of extracting user data. Sometimes the application administrator may give the developer access to cPanel and other credentials so that the developer can maintain and manage the application for a short period before it goes live. We strongly recommend that the administrator change these credentials once the work is finished. The developer is not responsible for any leaks of these credentials. The developer is also not responsible for any accidental security breaches in the application. Ultimately, data shared online always carries a risk of leaking. That is why we strongly recommend not sharing any data that could compromise you or another person.

The application administrator’s responsibility:

The application administrator has unrestricted access to users’ personal data. The administrator can view and copy data stored in the database and on the server. The application administrator may share users’ personal data with third parties. How user data will be used must be clearly disclosed before user registration. The administrator should not allow anyone to collect data openly or under the guise of surveys or filling in forms. The application administrator has the most privileges, and therefore the greatest responsibility for protecting users’ personal data.

The user’s responsibility:

Everything depends on the user. If the user does not provide data, then there will be no data leak either, but that is not a solution. Keeping your credentials safe is solely the user’s responsibility. A password and username may be encrypted in the database, but a password that is too predictable can let a hacker easily access the user’s account. Change your information if you notice any suspicious activity, or if you had to share your password with others. Always think carefully before providing data.

Our actions regarding the GDPR:

  1. Collecting as little data as possible: We collect only the most essential data and explain to the user why certain data is needed.
  2. Using HTTPS: We ensure an encrypted connection throughout the application, protecting data from interception.
  3. Clearing sessions and cookies: After logging out, we destroy all sessions and cookies.
  4. Not tracking user activity for commercial purposes: We do not track user activity in order to serve targeted advertising or commercial offers.
  5. Informing the user about the storage of computer IP and location data: We clearly inform users about any stored logs related to computer IP or location.
  6. Clear terms and privacy policy: We provide transparent rules about GDPR requirements and the terms of data use.
  7. Informing about the involvement of third parties: Users will be informed about any cases where their data is shared with third parties.
  8. Data leak policy: We have created clear rules about how we will handle any data leaks.
  9. Data deletion: Users have the option to permanently delete their data after deleting their account or cancelling the service.
  10. Software security updates: We install all the necessary patches to ensure the application is safe from vulnerabilities.

Supported GDPR features:

  1. “Adios, App” (Goodbye, app): When a user cancels a subscription or deletes their account, we provide the option to delete all data related to the account. This action is irreversible: if the data is deleted, it will be removed permanently from both the database and the server. The user can make a backup before deletion if they plan to return.

  2. Privacy is my right: We encrypt most of your personal data stored in the database. If a data leak were to happen, a hacker would only get encrypted data, not your personal information in plain form. Certain data cannot be encrypted (for example, the username), because it has to be shown when logged in to the account. However, we mask as much personal information as possible.

  3. No storing of cookies and sessions: We give you the option to choose whether you want to save cookies and sessions. Even if you choose to save them, cookies and sessions will be destroyed after you log out. We strongly recommend not saving your login details in the browser. It is better to remember your password or use tools such as LastPass for password management.

  4. Erasing traces: We do not store or track your activity for commercial purposes. We may only save the login time or IP address, but only for security purposes. When you delete your account, all of your data will be completely deleted from the server.

  5. Social engineering is bad: We do not record any of your personal activity in the application. Recording, analyzing and trying to sell a product or motivate a user based on this data becomes an unethical practice. We do not do this.

  6. Let me know: Receive notifications by email about all actions related to your account (account creation, password change). We recommend changing your credentials if you notice any unusual activity.

  7. Notice about policy updates: You will be informed about any updates to the privacy policy or disclaimer. Read your emails on this matter and decide how to act. Do not hesitate to get in touch about these questions.

  8. Log in without worry: We have implemented HTTPS everywhere, so the interception of data is not possible. Even if someone managed to do it, the hacker would only get encrypted data. So you can use our application safely.

  9. We do not store user data: We do not store any user data. There are no hidden options that collect data. Once the application is uploaded to the server, we have no access to it without the administrator’s password. So do not worry about hidden data leaks.

  10. Data leak policy: We have implemented all the security measures to protect your data in the database (data encryption, MySQL, SQL injection prevention, input validation and so on). Weak or overly predictable passwords can harm data security, so you are responsible for them yourself.

Does sending bulk messages to Facebook users through our system comply with the GDPR?

Yes, sending bulk messages through our system complies with the GDPR. Because people opt in themselves (they voluntarily start a conversation) on our Facebook page, we can prove it. They become our contacts in a lawful way. Every message sent must include an unsubscribe link (this feature is already built in) or another way that lets people opt out at any time.

  • Oversikt

    Oversikt

    Slik fungerer det

    Vi tilbyr en plattform der du kan automatisere daglige forretningsbeslutninger enkelt og uten kodingskunnskaper! Bli med og prøv det ut.

    Funksjoner

    Automatisering av chat på sosiale medier, automatisering av kommentarer, innsamling av leads og bestillinger, salg og mange andre funksjoner.

    Integrasjoner

    Hvert trinn er automatisert, slik at du kan glemme komplekse kodingsoppgaver med integrasjoner.

    StartMsg er ypperlig til:

    • Små bedrifter
    • Markedsføringsspesialist
    • Hotell- og restaurantbransjen
    • E-handel
    • Reklamebyrå
    • Teknologiselskap
    • Restaurant
    • Skjønnhets- og velværevirksomhet

    Integrasjoner

    Alle integrasjoner

    Planer

    Starter

    Bli gratis medlem av StartMsg-plattformen, der du enkelt kan opprette og administrere chat-kampanjer for virksomheten din som effektivt engasjerer kundene og øker lojaliteten deres.

    Pro

    Med StartMsg Pro kan du automatisere og administrere kundedialogen for å nå forretningsmålene dine. Gjør hver eneste chat til en verdifull kontakt, og få virksomheten til å vokse effektivt!

    Sammenlign planer
  • LøsningerNy
  • Funksjoner
  • Prising
Kom i gang