GDPR Commitment

The European Union (EU) introduced a regulation called the General Data Protection Regulation (GDPR in summary) on 25 May 2018.

The purpose of the GDPR is to give EU residents drastic improvements in their privacy rights and control over their data and protect them from privacy breaches and leaks.

Bybrand ensures compliance with global regulations and industry practices to maintain your customers' data privacy and security.

Bybrand's commitment to the GDPR

This quick guide will help you understand how Bybrand treats your data, which we collect when registering with our service.

We do not use Google Analytics

It is important to note that Bybrand does not use Google Analytics anywhere on the website, blog, or knowledge base. Therefore, we do not obtain confidential data from your navigation when you visit our website or blog.

  • We do not obtain your browsing data;
  • We do not monitor your behavior on Bybrand pages;
  • No cookies for advertising.

Cookies

We use cookies for a better user experience in Bybrand's restricted area (web app). They are necessary to ensure the reliable operation of our platform. No particular information about you is added to cookies or browser session data.

Data processing

Bybrand's data and primary servers are hosted in the DigitalOcean data center (located in New York - NYC1.) GDPR does not demand that personal data from the EU remain on servers in the EU.

Our clustered databases are encrypted at rest with LUKS (Linux Unified Key Setup) and on the move with SSL.

At any time, you can request the data we’ve stored about your company and employee data that are in the email signatures, and you will receive them in a simple format. We guarantee that we will fulfill your request in a maximum of 30 days.

Collect your data

We only collect information necessary for the initial provision of the service:

  • Your name;
  • Email;
  • Company name;
  • IP address (for geolocation);

After registration, you can choose whether you’d like to provide us with other private data in order to offer you a better service. For example, you can provide your mobile number for a faster password change in the system.

  • We do not sell or rent your personal data and information;
  • No information is monetized.

Payment processing

If you decide to purchase a service plan, we will need your payment details. Paddle.com (the service responsible for payment processing) collects buyer data during checkout for payment processing and order fulfillment purposes.

Buyer data is shared securely with payment providers such as PayPal, Visa, and Mastercard.

These providers are GDPR and PCI DSS compliant. The sharing is necessary to facilitate the payment process. Furthermore, anonymous data is also shared with various fraud monitoring platforms in compliance with GDPR.

Remarketing

We remarketing only for clients who signed up for the 30-day Bybrand evaluation period. For those clients, we share their email with third parties like Twitter, Facebook, and MailChimp.

All three companies have a strict policy for third party data processing, and they all comply with GDPR rules.

Data in email signatures

Personal data in an email signature is rarely, if ever, confidential data.

Email signature data is easy to obtain publicly, such as on a business card, corporate directory, or website. There is nothing sensitive, even in an email, address, or mobile number. However, they constitute personal data, even if it is a commercial email address.

In some cases, you may want to connect Bybrand with third party integrations, such as Google Workspace or Freshdesk, for the generation of automatic email signatures. Bybrand only obtains data necessary to fill out email signatures.

The information obtained is available in the "placeholders" area of the Departments resource.

Deletion of company profile

Bybrand allows you to completely and immediately delete your registration data at any time. This procedure can be done without Bybrand or the need to contact technical support.

When deleting an account, you will delete all associated data, including your information that we send to third parties, such as Mailchimp.

  • Deletion is not allowed if your account has had payment processing.

Retention of data

Storage Limitation: all data of customers using our free trial who do not buy a plan are completely deleted after 120 days.

Email notifications

Our email marketing platform is MailChimp. We disable link opening tracking and link tracking in all outgoing emails.

You can select which information, if any, that you want to receive from Bybrand. Information can include: newsletters, tips, and best practices for using the service.

With the exception of necessary transactional emails, such as password changes and plan expiration reminders.

Sub-processors

We share certain information with companies that can be considered our "sub-processors" according to the GDPR.

Below is a complete list of our sub-processors:

  • Mailchimp: email marketing platform;
  • Postmark: transactional emails;
  • Paddle: payment provider;
  • DigitalOcean: cloud infrastructure hosting;
  • Amazon Web Services: cloud infrastructure hosting;
  • JivoChat: online chat customer support.

We will be happy to answer any questions and clarify any questions about how we protect your data in general and specifically in the GDPR.

If you have any questions about these terms, please contact us. privacy@bybrand.io