Feature Upvote and the GDPR

How we're complying with the EU General Data Protection Regulation (GDPR)


As we are based in Spain, which is in the European Union, we are regulated by the EU General Data Protection Regulation (GDPR). We are fully compliant with the GDPR.

Overview

Feature Upvote is a “data processor”, according to the GDPR definition. We process your users’ feature requests and related data on your behalf.

  1. We use data from your users solely for reasons directly related to providing the core features of Feature Upvote. We do not use any personal data from your users for marketing, profiling or similar purposes. Data collected is limited to email address, full name, IP address, browser user agent string, and HTTP referrer. IP address, browser user agent string, and HTTP referrer are used solely as a technical aid to help prevent spam and service misuse.

  2. Feature Upvote has “right to be forgotten” procedures in place. We automatically and fully delete a customer’s data three months after they cancel their account and/or the account expires. The sole reason for holding onto the data for three months is to allow customers a reasonable amount of time to export their data or to reactivate their account. Upon request, we can delete data earlier.

  3. When a customer’s data is deleted, all suggestions, comments, votes, email addresses, names, and metadata are deleted. The only customer data we keep long term after cancellation is the data to meet our legal requirements for our bookkeeping duties. Precisely, we keep a record of all invoices and payments with enough information to meet our legal requirements.

  4. When an individual or organisation creates a trial account, but never converts the trial account to a paid subscription, the account is deleted, including all suggestions, comments, votes, email addresses, names, and metadata, six months after the trial expires.

  5. Feature Upvote has less than 250 employees, which means we don’t have to keep records of data processing activities.

  6. Feature Upvote takes all reasonable steps to ensure the reliability of any personnel who have access to personal data. Feature Upvote has in place all reasonable technical and organisational measures to keep all personal data confidential and secure and to protect personal data against accidental loss or unlawful destruction, alteration, disclosure or access.

  7. Feature Upvote is primarily hosted on Amazon’s AWS (Amazon Web Services) cloud infrastructure. We regularly perform audits to ensure we are following Amazon’s recommended security guidelines for data protection.

What data do we collect?

On our public website (“marketing site”)

On our website we use Google Analytics to help us understand, in anonymised form, how the site is being used. We use Google Analytics’ anonymizeIp option to ensure that Google Analytics does not store personally identifying information. Google Privacy Compliance Policy

For speed we deliver some website resources, including fonts and JavaScript libraries, using public third-party content delivery networks (CDNs).

Videos available on our website are hosted on YouTube. Google Privacy Policy for YouTube

Our public website is hosted on Netlify. Netlify Privacy Policy

Our support emails are managed by the help desk service Teamwork. Teamwork Privacy Policy

Our users on our web application (the “Feature Upvote service”)

When you create an account on Feature Upvote we store your IP address, browser user agent string, and HTTP referrer. We do this so we can detect when people try to abuse the service. This information is stored in our database, which is hosted on AWS, and is not shared with other services.

We send transactional emails to registered users of Feature Upvote via the email delivery service Postmark, which is operated by Wildbit LLC. Wildbit Privacy Policy

When you opt in to our newsletter, we supply your email address to the email newsletter service MailerLite. MailerLite Privacy Policy

When you upload a company logo or “favicon”, these are stored using the image hosting service Cloudinary. No personally identifying information is supplied to Cloudinary. Cloudinary Privacy Policy

Feature Upvote offers several optional integrations. When you enable an integration, your data will be shared with the integrated service only to the minimum extent necessary to provide the functioning integration.

Your users on our web application (the “Feature Upvote service”)

When your users post a suggestion or a comment or upvote a suggestion on the Feature Upvote service, we store your user’s full name, email address, IP address, browser user agent string, and HTTP referrer. This data is used to perform the functions of the Feature Upvote service, including preventing spam and service misuse.

User information is stored in our database, which is hosted on AWS.

User data is shared with the comment spam detection service, Akismet. Akismet Privacy Policy

We send transactional emails only to your users of Feature Upvote via the email delivery service Postmark, which is operated by Wildbit LLC. We never send your users marketing emails. Wildbit Privacy Policy

Your users can upload images to Feature Upvote; these are stored using the image hosting service Cloudinary. No personally identifying information is supplied to Cloudinary. Cloudinary Privacy Policy

A limited subset of suggestion data is shared with the search provider Algolia. No personally identifying information is supplied to Algolia. Algolia Privacy Policy

Financial transaction information

If you become a paying customer, you will need to provide us and our payment partners (Stripe for the billing, Quaderno for the invoicing) with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number.

As you would expect of any business, we share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file our annual tax return.

In addition, we use the business analytics service ChartMogul for internal business analysis. They also have details of customer purchasing history.

Data Processing Agreement

Becoming a customer of our service implies acceptance of our Data Processing Agreement, unless otherwise explicitly agreed with us in writing.

Need more information about Feature Upvote and the GDPR? Write to dataprotection@featureupvote.com.