All Collections
FAQs
Privacy & Legal
How Sleekplan complies with GDPR
How Sleekplan complies with GDPR

A short guide to our GDPR compliance.

Updated over a week ago

Headquartered in Munich, Sleekplan is subject to strict German and European data protection rules. It goes without saying that we are committed to complying with applicable laws, including the GDPR. Sleekplan is fully committed to upholding compliance with GDPR at any time.

The General Data Protection Regulation is the main framework of Europe's digital privacy legislation. Though being drafted and passed by the European Union it sets the rules on data processing for any entity that collects information related to people in the EU. On Sleekplan we have a policy in place to comply with the toughest privacy and security law in the world.

What’s GDPR?

The GDPR is a comprehensive data protection law. Although drafted and passed by the European Union (EU), it imposes obligations on organizations everywhere as long as they target people in the EU or collect data. The regulation was put into effect on May 25, 2018.

Does it apply to me?

GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.


GDPR Compliance at Sleekplan in a Nutshell

We act as data controller and processor

In terms of GDPR Sleekplan acts as both, data controller and processor. We are acting as a controller when we decide the purposes and the means of the processing (e.g. when it comes to our website, admin dashboard, customer database, newsletter, marketing, payments, etc.) and we are processors when we act under the instructions of our customers (e.g. when we process the personal data of our customers end-users).

Information we hold and collect

Sleekplan stores data on 2 kinds of parties:

1. Our customers (The operators using the Sleekplan Dashboard replying to their users)

  • User first and last name

  • User email address

  • User profile picture

  • User/Company payment details (includes invoicing information, eg. company address and country, the credit card number is stored by Stripe)

2. Our customers' end-users (The users of our customers)

  • End-user username

  • End-user email address

  • End-user last activity date and time

  • End-user profile picture

  • End-user profile information (We automatically track and store certain standard data fields resolved from public data provided by end-user on the Internet, and those data a customer transfers to us e.g. via Single Sign-On).
    These data include:
    - City and country (calculated by the lead or user’s IP address location, however, we store only anonymized IPs)
    - OS (the operating system a person is using).
    - Browser version (the precise version of the browser a person is using).

Sleekplan does not share or resell, any kind of user data (both points 1 and 2 above). The data is not used for advertising (both 1 and 2) or analytics (2).

Data Hosting and Storage

Sleekplan services and data are hosted in Amazon Web Services (AWS) facilities (eu-west-1) in Ireland and processed with AWS. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. This enables us to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms. Learn more about GDPR at Amazon Web Services. Our databases and permanent storage are hosted in Amazon Web Services (AWS) facilities (eu-west-1).

Third-parties we share data with

All Sleekplan data processor providers have been checked to be all GDPR-compliant (Stripe, Amazon Web Services, ...). See the full list of our providers below.

Sub-Processor

Purpose

Applicable Safeguards

Amazon Web Services

440 Terry Ave N Seattle, WA 98109

Hosting

DPA is part of the Terms

Stripe

510 Townsend Street San Francisco, CA 94103

Payment

DPA Signed

Intercom

55 2nd Street, 4th Floor San Francisco, CA 94105

Customer Support

DPA Signed

Google Analytics

1600 Amphitheatre Parkway Mountain View, CA 94043

Analytics

DPA Signed

Bugsnag

110 Sutter St, San Francisco, CA 94104, Vereinigte Staaten

Bug Tracking

DPA is part of the Terms

Mixpanel

405 Howard Street, Floor 2 San Francisco, CA 94105

Analytics

DPA is part of the Terms

ChartMogul

Oberwallstr. 6
10117 Berlin
Germany

Analytics

DPA Signed

DATEV eG

Paumgartnerstr. 6 - 14 90429 Nürnberg Germany

Accounting

DPA Signed

PayJoe (NetConnections GmbH)

Jesinger Straße 52
73230 Kirchheim Germany

Accounting

DPA Signed

Data processing agreement (DPA)?

Yes! Users and third parties can sign our DPA, which guarantees the protection of personally identifiable information that we collect and process.

This should be read, signed, and submitted to our team. Questions can be directed to support@sleekplan.com or leave us a message in the chat.

Did this answer your question?