Sendflow is based in Poland and data is hosted only in Europe. When we transfer data outside Europe we always make sure that the companies are compliant with EU privacy laws. As of May 2018, all our service providers are GDPR compliant.
Sendflow stores data about:
Sendflow does not share, or resell, any kind of user data (whether data described in point 1 or 2 above).
Sendflow collects account information for each user, including:
Data held on our users' end-users include:
We do not perform any kind of profiling. Data used for targeting are processed as strings by Sendflow and we don't extract any specific meaning.
Our users can use the account features to remove or update their data and data held on end-users.
Our users' end-users can contact our users if they want to remove or update their data. End-users can also remove their subscription to the push notifications from the browser settings: Sendflow automatically removes expired endpoints and associated data.
Backups and logs can have a duration up to 1 year.
Sendflow grants you the ownership on your data and on your users' data. You can access to your account and export your data at any time.
Data collected is used for:
Data about our users' end-users, collected for example through the SDK, is used solely for technical purposes. Sendflow doesn't use, aggregate or resell it for marketing purposes. This doesn't limit what you can do with your user data through Sendflow.
Our users' consent is explicitly provided because they perform actions on Sendflow.
End-users' consent to receive push notifications is explicitly provided when they allow push notifications for a website in their browser settings. They can revoke their permission at any time from the browser settings.
We care about security and we follow best practices to reduce the risk of data breaches.
When we design a new feature, security is the first citizen. For example, when we have designed a way to target specific users, we have decided to force the developer to include a user ID signature: in this way notifications are confidential by default and nobody can subscribe to notifications as if it was another user.
Data breaches will be notified to our users within 72 hours, after having become aware of it. It is then the responsibility of our users to report this data-breach to their end-users.
Data is collected and manipulated both on our own devices and on third-party servers. Our web application servers are provided by Digital Ocean Inc. We also use many different services suited for specific purposes, for example: G Suite for support emails, Paylane for invoicing.
Push notifications are delivered through proprietary services depending on the user browser (e.g. Firebase, Mozilla autopush, Windows Push Notification Services).
Data holder is Codeflow
Inside the company, the Data Protection Officer is Codeflow.
Copyright © 2020 Sendflow.