Last updated: December 14, 2020
The privacy of your data is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.
This policy applies to Feed Control. For our other products, please see the FiveFilters.org privacy policy page.
What we collect and why
Our guiding principle is to collect only what we need. Here’s what that means in practice:
Identity & access
When you sign up for Feed Control, we ask for identifying information: your name and email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission either.
Billing information
When you pay for Feed Control, we use Paddle to process payments. Your credit card is passed directly to our payment processor and doesn't ever go through our servers. All payment data is stored by Paddle, not by us.
Geolocation data
We log IP addresses accessing the service for a short time to rate limit certain parts of the system to prevent abuse.
Website interactions
We keep a record of the last sign-in date to each account so that we can detect abandoned accounts (which can tie up system resources) and ask users if they want to continue using the service.
We do not use third-party web analytics software.
Cookies and Do Not Track
We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org.
Voluntary correspondence
When you write to us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
Information we do not collect
We don’t collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.
When we access or share your information
Our default practice is to not access your information. The only times we’ll ever access or share your info are:
To provide products or services you've requested. We do use some third-party services to run our applications and only to the extent necessary process some or all of your personal information via these third parties. The third-party services we use are Hetzner Cloud and Amazon Web Services. Having subprocessors means we are using technology to access your data. We don't look at your data for these purposes unless an error occurs that stops an automated process from working and requires manual intervention to fix. These are rare cases and when they happen, we look for root cause solutions as much as possible to avoid them from reoccurring. We also use some other processors for other business functions: Zendesk for support.
To help you troubleshoot or squash a software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
How we secure your data
All data is encrypted via SSL/TLS when transmitted from our servers to your browser.
Most data are not encrypted while they live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.
What happens when you delete data in your product accounts
We give you the option to trash data. Anything you trash on your product accounts are no longer accessible via the application and are deleted from our active servers. We also have some backups of our application databases, which are kept for up to 30 days. In total, when you trash things in our applications, they are purged within 30 days from all of our systems and logs. Retrieving data for a single account from a backup is cost-prohibitive and unduly burdensome so if you're unsure about deleting, try de-activating or hiding the resource when possible.
We also delete your data after a subscription expires and we detect no more activity from you. In this case, you will receive email notification before any such action to see if you intend to continue using the service.
Location of site and data
Our servers are located in Germany and our payment processor uses servers in the UK and US. Please be aware that any information you provide to us could be transferred to and stored in the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
Changes & questions
We may update this policy as needed to comply with relevant regulations and reflect any new practices.
Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at [email protected] and we’ll be happy to answer them!
This privacy policy was adapted from the Basecamp open-source policies / CC BY 4.0