The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation came into effect from May 25th, 2018.
At OOPSpam LLC, we are committed to being transparent with our customers regarding our privacy practices and complying with all applicable privacy laws and regulations, such as the European Union (EU) General Data Protection Regulation (GDPR). We value your trust and are dedicated to protecting your privacy.
This page lays out our commitment to data protection and makes transparent what data we store about our users.
What data do we collect?
On our website:
Our website (as opposed to our web OOPSpam APIs) is hosted by GitHub in the United States.
On our website, we use Cabin to help us understand, in anonymized form, how the site is being used. Here is Cabin Privacy Policy.
Our dashboard and account details are hosted by DigitalOcean in the United States. DigitalOcean privacy policy.
When registering for our free trial, you need to provide us with a valid email address. We then confirm that the address works by emailing you a confirmation link. All transactional emails including Forgot Password emails are sent by using Postmark. Postmark privacy policy. You can find Postmark GDPR compliance notice here.
We also need an email address so we can contact you regarding any changes to our service or, for example, to this privacy policy. We send the email to you via the email delivery service EmailOctopus, here is EmailOctopus privacy policy.
As you may have noticed on our dashboard and the documentation page, we use a chat widget to answer questions and talk to our users in real-time. This chat widget is powered by Crisp. Here is Crisp privacy Policy.
Registering for a free trial requires acceptance of our publicly available terms & conditions.
On our APIs:
Our API servers are hosted with Fly.io a US-based cloud provider. Here is Fly.io privacy policy.
We use API Gateway to rate-limit API usage. API Gateway keeps meta log of your requests so that it knows how many requests you made. We do not store request bodies. These details are hosted by DigitalOcean in the United States. Here is DigitalOcean privacy policy.
If a customer chooses to store request and response logs with us, this information will be stored by Supabase in the EU (region: eu-central-1). Here is Supabase privacy policyCustomer/Financial transaction information:
If you become a paying customer (as opposed to just using our free trial) you will need to provide us and our payment partner (Paddle) with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number, only Paddle has access to that.
As any business, we of course share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file our annual tax return.
We also use ProfitWell for subscription analytics: understanding our growth, churn, and all kinds of financial metrics. ProfitWell is directly connected to Paddle, so they have access to customer billing history.
Data Processing Agreement
Becoming a customer of our service implies acceptance of our Data Processing Agreement, unless otherwise explicitly agreed with us in writing.
Data deletion
Any user (paid or free-trial) can request to have their account deleted at any time, this can be done by visiting the Personal Data page on our dashboard. For paying customers we of course have to keep records of all completed transactions for tax purposes.
Stay informed
Meaningful changes to this document will be announced on our Twitter account and via email.
