Sleekplan is always committed to complying with the EU's General Data Protection Regulation (GDPR) to ensure that we meet its obligations. In fact, Sleekplan is fully committed to upholding compliance with GDPR.

The General Data Protection Regulation is the main framework of Europe's digital privacy legislation. Though being drafted and passed by the European Union it sets the rules on data processing for any entity who collects information related to people in the EU. On Sleekplan we have a policy in place to comply with the toughest privacy and security law in the world.

What’s GDPR?

The GDPR is a comprehensive data protection law. Although drafted and passed by the European Union (EU), it imposes obligations on organizations everywhere as long as they target people in the EU or collect data. The regulation was put into effect on May 25, 2018.

Does it apply to me?

GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.


GDPR Compliance at Sleekplan in a Nutshell

We act as data controller and processor

In terms of GDPR Sleekplan acts as both, data controller and processor. We are controller when we decide the purposes and the means of the processing (e.g. when it comes to our website, admin dashboard, customer database, newsletter, marketing, payment data, etc.) and we are processors when we act under the instructions of our customers (e.g. when we process the personal data of our customers end-users).

Information we hold and collect

Sleekplan stores data on 2 kinds of parties:

1. Our customers (The operators using the Sleekplan Dashboard replying to their users)

  • User first and last name

  • User email address

  • User profile picture

  • User/Company payment details (includes invoicing information, eg. company address and country, the credit card number is stored by Stripe)

2. Our customers end-users (The users of our customers)

  • End-user username

  • End-user email address

  • End-user last activity date and time

  • End-user profile picture

  • End-user profile information (We automatically track and store certain standard data fields resolved from public data provided by end-user on the Internet, and those data a customer transfer to us e.g. via Single Sign-On).
    These data includes:
    - City and country (calculated by the lead or user’s IP address location, however we store only anonymized IPs)
    - OS (the operating system a person is using).
    - Browser version (the precise version of the browser a person is using).

Sleekplan does not share, or resell, any kind of user data (both point 1 and 2 above). The data is not used for advertising (both 1 and 2) or analytics (2).

Data Hosting and Storage

Sleekplan services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the United States and processed with AWS. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. This enables us to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms. Learn more about GDPR at Amazon Web Services.

Q: Isn't the data residency in conflict with the GDPR?

A: The GDPR does not require personal data to be stored or processed in the EU, it simply makes compliance with the GDPR easier if personal data is stored and processed in the EU.

[Learn more about Data Residency and the GDPR]

Third-parties we share data with

All Sleekplan data processor providers have been checked to be all GDPR-compliant (Stripe, Amazon Web Services, ...). See the full list of our providers below.

Sub-Processor

Purpose

Applicable Safeguards

Amazon Web Services

440 Terry Ave N Seattle, WA 98109

Hosting

DPA is part of Terms

Stripe

510 Townsend Street San Francisco, CA 94103

Payment

DPA Signed

Intercom

55 2nd Street, 4th Floor San Francisco, CA 94105

Customer Support

DPA Signed

Google Analytics

1600 Amphitheatre Parkway Mountain View, CA 94043

Analytics

DPA Signed

Bugsnag

110 Sutter St, San Francisco, CA 94104, Vereinigte Staaten

Bug Tracking

DPA is part of Terms

Mixpanel

405 Howard Street, Floor 2 San Francisco, CA 94105

Analytics

DPA is part of Terms

ChartMogul

Oberwallstr. 6
10117 Berlin
Germany

Analytics

DPA Signed

Data processing agreement (DPA)?

Yes! Users and third parties can sign our DPA, which guarantees the protection of personally identifiable information that we collect and process.

This should be read, signed and submitted to our team. Questions can be directed to support@sleekplan.com or leave us a message in the chat.

Did this answer your question?