GDPR Compliance

One of Vitally's core beliefs is that your data is just that - your data - and should be protected by the strictest practices and processes. The General Data Protection Regulation (GDPR) legislation that went into effect on May 25, 2018 aligns with this belief, and Vitally aims to be compliant with it as both a data processor (your data) and controller (the data we collect about our users).

The below information details how we address the key components of GDPR. If you believe something is missing below, or if you simply have questions about our GDPR efforts, please email us at privacy@vitally.io

Data Subject Rights

Right to Access and Data Portability

Vitally can provide an export of your personal data, or the personal data of one of your end users, upon request. The process for submitting personal data export requests is documented in the Privacy & Terms section of your Account Settings.

In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to privacy@vitally.io

Right to Erasure

Vitally accepts requests to delete your personal data. The process for submitting personal data erasure requests is documented in the Privacy & Terms section of your Account Settings.

Vitally supports permanently deleting the personal data of your own end users in the End User Data section of your Account Settings.

In the event that you are unable to access your Vitally account, or if you don't have access to your account's settings, please send an email to privacy@vitally.io

Right to Object

Our customers control what data is sent to Vitally through the use of other analytics services like Segment and Mixpanel. As of this writing, all analytics tools supported by Vitally also have support to opt users out of tracking.

Vitally also collects limited amounts of personal information about our own customers in order to continuously improve the product and offer our customers the best possible service and experience. This data is NOT used for any marketing purposes such as ad retargeting - it is only used to better the product. If you'd like to object to this collection, please send an email to privacy@vitally.io

GDPR-Relevant Documents

Privacy Policy

Our Privacy Policy has been updated to address GDPR compliance and can be found at https://vitally.io/legal/privacy

Terms of Service

While the Privacy Policy is the most relevant document for GDPR compliance and concerns, our Terms of Service has also been updated to address GDPR compliance. It can be found at https://vitally.io/legal/terms-of-service.

Data Processing Agreement (DPA)

We do offer DPAs on request. To enter into a DPA with Vitally, please send an email to legal@vitally.io.

Our Sub-Processors

Last updated: December, 2023

  • Asana - user data is sometimes discussed and referenced in tasks and comments in Asana

  • AWS - the bulk of customer-provided user data is hosted in AWS

  • ClickHouse - customer-provided user data is stored in ClickHouse cloud to drive some Vitally application functionality, including reporting and analytics

  • Dropbox - basic user data and files are stored in Dropbox

  • Fullstory - user data is stored in Fullstory for support and issue tracking purposes

  • Gong - Contains call recordings between Vitally employees and our users and sales prospects which may contain user data.

  • Hex - We use Hex to pull data from multiple sources including the product and other data sources like Jira. It may process and temporarily store user data of current customers.

  • Honeycomb - user data is tracked in Honeycomb for infrastructure monitoring

  • Hubspot - basic user data (e.g. name, email, shared conversations) is stored in Hubspot

  • Intercom - user data is maintained in Intercom for live chat and support

  • Jira - user data is sometimes discussed and referenced in tasks and comments in Jira

  • Retool - Connects to production systems as a user interface for internal tooling that may process user data.

  • Segment - user data is tracked in Segment for forwarding to other subprocessors, like Intercom

  • Sendgrid - user emails are sent to Sendgrid for transactional email purposes

  • Sentry - user data is stored in Sentry for exception/error tracking

  • Slack - user data is sometimes discussed in chat in Slack

  • Stripe - payment data, including user emails and company names, is maintained in Stripe.

  • Usergems - basic user data (name, email) are stored in Usergems

  • Zapier - some user data is sent to Zapier for forwarding to some of our other subprocessors, like Slack.

Last updated