Data retention policy
HatQuest follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
User can request deletion of any all personal data by writing to support@hatquest.com
User data will be deleted within four weeks of the request for deletion.
Data archiving and removal policy
If a customer deletes their organization, all of their information is deleted after 30 days, subject to the following exceptions:
We may retain customer information after a deletion request under the following circumstances: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
A customer can also request that their information is deleted by sending us a request through the officially published channels.
Customers are advised in the Terms of Use that, should they decide to subsequently reactivate their account, that after 30 days their information may be unrecoverable from our servers and backup storage.
Data storage policy
Data is stored only on approved servers or systems. This process ensures that proper encryption is in place, that the software is up to date and does not have vulnerabilities, and that remote access is appropriately restricted.
Data is classified as Critical, Restricted and Low Risk, and following an impact assessment, is stored and assigned access levels as follows:
CRITICAL:
Data Types
User information (Profile, Email, Login information, Preferences)
Debug Logs from production services
Source Code
Impact
Protection of the data is required by law/regulation, or the loss of confidentiality, integrity, or
availability of the data or system could have a significant adverse impact on
our mission, safety, finances, or reputation.
Storage
This data shall be stored only on servers/systems approved by the Data Protection Officer. This process ensures that proper encryption is in place, that the software is up to date and does not have vulnerabilities, and that remote access is appropriately restricted.
Access
Access to critical data will only be available to individuals who have requested access which is then approved by the appropriate owners and Data Protection Officer. Any individual accessing such data must undergo a mandatory security training in handling confidential data. Such Users must also have 2 factor authentication enabled.
RESTRICTED:
Data Types
Feature Specs
Anonymized Usage Data (Google Analytics etc)
Communication not containing confidential information (emails, support tickets)
Internal Team communication
Communication not containing confidential information (emails, support tickets)
Internal Team communication
Impact
The data is not generally available to the public, or the loss of confidentiality, integrity, or availability of the data or system could have a mildly adverse impact on our mission, safety, finances, or reputation.
Storage
This data may be stored on encrypted systems approved by a Data Protection Officer. All systems must have up to date software, and remote access, if any, must be restricted.
Access
Access to restricted data will only be available to individuals with a business need. Access
must be requested from and approved by the appropriate data owner. Access to this data may be authorized to groups of persons by their job responsibilities or organizational unit within the company.
LOW RISK/PUBLIC
Data Types
Marketing Website
The data is intended for public disclosure, or the loss of confidentiality, integrity, or availability of
the data or system would have no adverse impact on our mission, safety, finances, or reputation.
Storage
Because this data is public there are no restrictions on storage.
Access
Because this data is public there are no restrictions on access.
App/service has sub-processors
no