One of Vitally's core beliefs is that your data is just that - your data - and should be protected by the strictest practices and processes. The General Data Protection Regulation (GDPR) legislation that went into effect on May 25, 2018 aligns with this belief, and Vitally aims to be compliant with it as both a data processor (your data) and controller (the data we collect about our users).

The below information details how we address the key components of GDPR. If you believe something is missing below, or if you simply have questions about our GDPR efforts, please email us at privacy@vitally.io

Data Subject Rights

Right to Access and Data Portability

Vitally can provide an export of your personal data, or the personal data of one of your end users, upon request. The process for submitting personal data export requests is documented in the Privacy & Terms section of your Account Settings

In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to privacy@vitally.io

Right to Erasure

Vitally accepts requests to delete your personal data. The process for submitting personal data erasure requests is documented in the Privacy & Terms section of your Account Settings

Vitally supports permanently deleting the personal data of your own end users in the End User Data section of your Account Settings.

In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to privacy@vitally.io

Right to Object

Our customers control what data is sent to Vitally through the use of other analytics services like Segment and Mixpanel. As of this writing, all analytics tools supported by Vitally also have support to opt users out of tracking.

Vitally also collects limited amounts of personal information about our own customers in order to continuously improve the product and offer our customers the best possible service and experience. This data is NOT used for any marketing purposes such as ad retargeting - it is only used to better the product. If you'd like to object to this collection, please send an email to privacy@vitally.io

GDPR-Relevant Documents

Privacy Policy

Our Privacy Policy has been updated to address GDPR compliance and can be found at https://vitally.io/legal/privacy

Terms of Service

While the Privacy Policy is the most relevant document for GDPR compliance and concerns, our Terms of Service has also been updated to address GDPR compliance. It can be found at https://vitally.io/legal/terms-of-service.

Data Processing Agreement (DPA)

We do offer DPAs on request. To enter into a DPA with Vitally, please send an email to legal@vitally.io.

Our Sub-Processors

Last updated: September 17, 2019

  • AWS - the bulk of user data is hosted in AWS
  • Stripe - payment data, including user emails and company names, is maintained in Stripe
  • Zapier - some user data is sent to Zapier for forwarding to some of our other subprocessors, like Slack.
  • Slack - user data is sometimes discussed in chat in Slack
  • Intercom - user data is maintained in Intercom for live chat and support
  • Segment - user data is tracked in Segment for forwarding to other subprocessors, like Intercom
  • Sendgrid - user emails are sent to Sendgrid for transactional email purposes
  • Productboard - user names and emails are stored in Productboard for feature request tracking
  • Sentry - user data is stored in Sentry for exception/error tracking
  • Mixpanel - user data is tracked in Mixpanel for analytics purposes
  • New Relic - user data is tracked in New Relic for infrastructure monitoring
  • Docusign - user data for legal purposes is maintained in Docusign