Headquartered in Munich, Sleekplan is subject to strict German and European data protection rules. It goes without saying that we are committed to complying with applicable laws, including the GDPR. Sleekplan is fully committed to upholding compliance with GDPR at any time.
The General Data Protection Regulation is the main framework of Europe's digital privacy legislation. Though being drafted and passed by the European Union it sets the rules on data processing for any entity that collects information related to people in the EU. On Sleekplan we have a policy in place to comply with the toughest privacy and security law in the world.
What’s GDPR?
The GDPR is a comprehensive data protection law. Although drafted and passed by the European Union (EU), it imposes obligations on organizations everywhere as long as they target people in the EU or collect data. The regulation was put into effect on May 25, 2018.
Does it apply to me?
GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.
GDPR Compliance at Sleekplan in a Nutshell
We act as data controller and processor
In terms of GDPR Sleekplan acts as both, data controller and processor. We are acting as a controller when we decide the purposes and the means of the processing (e.g. when it comes to our website, admin dashboard, customer database, newsletter, marketing, payments, etc.) and we are processors when we act under the instructions of our customers (e.g. when we process the personal data of our customers end-users).
Information we hold and collect
Sleekplan stores data on 2 kinds of parties:
1. Our customers (The operators using the Sleekplan Dashboard replying to their users)
User first and last name
User email address
User profile picture
User/Company payment details (includes invoicing information, eg. company address and country, the credit card number is stored by Stripe)
2. Our customers' end-users (The users of our customers)
End-user username
End-user email address
End-user last activity date and time
End-user profile picture
End-user profile information (We automatically track and store certain standard data fields resolved from public data provided by end-user on the Internet, and those data a customer transfers to us e.g. via Single Sign-On).
These data include:
- City and country (calculated by the lead or user’s IP address location, however, we store only anonymized IPs)
- OS (the operating system a person is using).
- Browser version (the precise version of the browser a person is using).
Sleekplan does not share or resell, any kind of user data (both points 1 and 2 above). The data is not used for advertising (both 1 and 2) or analytics (2).
Data Hosting and Storage
Sleekplan services and data are hosted in Amazon Web Services (AWS) facilities (eu-west-1) in Ireland and processed with AWS. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. This enables us to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms. Learn more about GDPR at Amazon Web Services. Our databases and permanent storage are hosted in Amazon Web Services (AWS) facilities (eu-west-1).
Third-parties we share data with
All Sleekplan data processor providers have been checked to be all GDPR-compliant (Stripe, Amazon Web Services, ...). See the full list of our providers below.
Sub-Processor | Purpose | Data subject | Location of processing | Applicable Safeguards |
Amazon Web Services | Hosting | Customer | EU | DPA is part of Terms |
Hetzner | Hosting | Customer | EU | DPA Signed |
Stripe | Payment | Customer | USA | DPA Signed, SCC |
Intercom | Customer Support | Customer | USA | DPA Signed, SCC |
PostHog, Inc | Analytics | Customer | EU | DPA Signed |
Google Analytics | Analytics | Customer | USA | DPA Signed, SCC |
ChartMogul | Analytics | Customer | EU | DPA Signed |
DATEV eG | Accounting | Customer | EU | DPA Signed |
PayJoe (NetConnections GmbH) | Accounting | Customer | EU | DPA Signed |
Azure AI Services (Microsoft Azure) | AI-Services | Customer | EU | DPA is part of OST |
Data processing agreement (DPA)?
Yes! Users and third parties can sign our DPA, which guarantees the protection of personally identifiable information that we collect and process.
This should be read, signed, and submitted to our team. Questions can be directed to support@sleekplan.com or leave us a message in the chat.