GDPR Compliance
One of Vitally's core beliefs is that your data is just that - your data - and should be protected by the strictest practices and processes. The General Data Protection Regulation (GDPR) legislation that went into effect on May 25, 2018 aligns with this belief, and Vitally aims to be compliant with it as both a data processor (your data) and controller (the data we collect about our users).
The below information details how we address the key components of GDPR. If you believe something is missing below, or if you simply have questions about our GDPR efforts, please email us at [email protected]
Vitally can provide an export of your personal data, or the personal data of one of your end users, upon request. The process for submitting personal data export requests is documented in the Privacy & Terms section of your Account Settings.
In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to [email protected]
Vitally accepts requests to delete your personal data. The process for submitting personal data erasure requests is documented in the Privacy & Terms section of your Account Settings.
Vitally supports permanently deleting the personal data of your own end users in the End User Data section of your Account Settings.
In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to [email protected]
Our customers control what data is sent to Vitally through the use of other analytics services like Segment and Mixpanel. As of this writing, all analytics tools supported by Vitally also have support to opt users out of tracking.
Vitally also collects limited amounts of personal information about our own customers in order to continuously improve the product and offer our customers the best possible service and experience. This data is NOT used for any marketing purposes such as ad retargeting - it is only used to better the product. If you'd like to object to this collection, please send an email to [email protected]
Our Privacy Policy has been updated to address GDPR compliance and can be found at https://vitally.io/legal/privacy
While the Privacy Policy is the most relevant document for GDPR compliance and concerns, our Terms of Service has also been updated to address GDPR compliance. It can be found at https://vitally.io/legal/terms-of-service.
We do offer DPAs on request. To enter into a DPA with Vitally, please send an email to [email protected].
Last updated: July 16, 2020
AWS - the bulk of user data is hosted in AWS
Stripe - payment data, including user emails and company names, is maintained in Stripe
Zapier - some user data is sent to Zapier for forwarding to some of our other subprocessors, like Slack.
Slack - user data is sometimes discussed in chat in Slack
Intercom - user data is maintained in Intercom for live chat and support
Segment - user data is tracked in Segment for forwarding to other subprocessors, like Intercom
Sendgrid - user emails are sent to Sendgrid for transactional email purposes
Productboard - user names and emails are stored in Productboard for feature request tracking
Asana - user data is sometimes discussed and referenced in tasks and comments in Asana
Sentry - user data is stored in Sentry for exception/error tracking
Mixpanel - user data is tracked in Mixpanel for analytics purposes
Honeycomb - user data is tracked in Honeycomb for infrastructure monitoring
Docusign - user data for legal purposes is maintained in Docusign
Fullstory - user data is stored in Fullstory for support and issue tracking purposes
Salesforce - basic user data (e.g. name, email, shared conversations) is stored in Salesforce for internal purposes
Hubspot - basic user data (e.g. name, email, shared conversations) is stored in Hubspot for internal purposes