StationDB infrastructure is hosted in North America, in servers that are ISO 27001, ISO 27017, SOC 1, SOC 2 and SOC 3 certified, among others.
1. Respect of Privacy
Here's what we do to protect user privacy:
- Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
- We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
2. GDPR Policy
StationDB strictly implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.
Types of Personal Information collected :
- Account information: We collect your first and last name, email address, postal address, phone number, avatar and other similar data.
- Billing address: We collect your billing address and other informations related to your company in order to edit invoices.
- Database credentials : We collect these credentials to allow the user to access the database through our platform. Your credentials are fully encrypted.
- Payment information : We collect data necessary to process your payment such as your credit card, and the security code associated to it. These informations are encrypted and handled by our payment service provider : Stripe (www.stripe.com).
- Usage of products and services: We collect data about your activity on StationDB thanks to cookies in order to improve StationDB product.
- Device and browser information : We collect your device and browser information to help debugging and the product development.
Individual rights :
- Right to be informed: we clearly inform our Users about the use that will be made of their data
- Right of access: our users can access all their data, without restriction, from StationDB service
- Right of rectification: it's as simple as contacting us, we'll process all your rectification queries
- Right of erasure: it's as simple as contacting us, we'll process all your erasure queries
- Right to data portability: our users may contact us, anytime if they wish to get an export of their data
- Right to object: we handle all requests on this matter from our users
3. Password privacy
The User is responsible to keep his login and password secret, and store them in a safe place.
- Cookies are necessary for chatbox functionalities; they are needed to restore the chat session and messages of a chatbox user when browsing between website pages and/or coming back on the website a few days after.
- Cookies have a default expiration time of 6 months, which is renewed if and when the user comes back to the website and loads the chatbox.
- Cookies bind a user to a single session. If that session contains messages, it is permanent (unless deleted by a website agent); otherwise the session is temporary and is destroyed 30 minutes after the last website access.
- Cookies are not used for tracking purposes. They are solely used to bind a user to a server-side session storage, which is then used for messaging purposes, in the event either the user or a website agent starts a conversation.
- The user IP address is stored in the server-side session storage that's bound to the cookie. If the user leaves without using the chatbox messaging features, the session (and thus the IP address) will be automatically removed from Crisp servers upon session expiration (ie. 30 minutes after last access; as stated above).
- The user IP address is kept indefinitely in the event the user started a chat session with a website on Crisp. We are legally required by the law of France to log those IPs in the event of a legal request (for a minimum duration of 1 year). Though, we keep those IP address longer as we need to aggregate them to protect our chatbox service against botnets and spam attacks, which occur frequently. The Crisp service could not function at the level our customers expect from us without statistics on those collected IP.
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
5. Connection privacy
Operations between your computer and our servers are authenticated and encrypted thanks to SSL connection.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.