Data retention policy
Data Retention Policy for DirectDecisions
Purpose: The purpose of this policy is to outline how DirectDecisions collects, stores, and discards data related to its Slack app service. We are committed to ensuring that our practices prioritize privacy and transparency.
Policy: DirectDecisions strictly adheres to a minimum data retention policy. This means we only store the bare minimum data necessary to facilitate our app's services. Our policy defines the handling of this data.
Data Types and Retention Periods:
User Identity Information: DirectDecisions stores users Slack IDs to associate them with their respective voting decisions. This data is not used for any purpose other than facilitating the preferential voting system and enhancing user experience. This information is retained for as long as the related voting data is not deleted. No information about the user is stored other then Slack ID. There is no associasion with identity of the real user in our database.
Preferential Voting Data: Voting data related to a user's Slack ID is stored for the duration of the voting's existence. Once a voting is deleted, the associated data is also deleted.
Data Deletion: Data associated with user voting can be removed upon request. Users who wish to have their data removed can contact us at support@directdecisions.com. Upon receiving a data deletion request, DirectDecisions will process the request and delete the relevant data within 30 days.
Data Security: DirectDecisions has implemented stringent security measures to protect the integrity and confidentiality of user data. All votings/users data are stored in the embedded database in the service separate from the api. The service itself is stored on the storage provider instance inheriting the security of the storage provider as well. The services communicate between themselves through high level http api using https protocol. This minimalist approach ensures the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Changes to this Policy: DirectDecisions reserves the right to modify this data retention policy at any time. We will duly inform our users of any changes.
Data archiving and removal policy
Archival and Removal Policy for DirectDecisions
Purpose: The purpose of this policy is to provide clear and transparent information about the procedures for the archival and removal of data within the DirectDecisions app for Slack, in compliance with the General Data Protection Regulation (GDPR).
Policy: DirectDecisions is committed to respecting the privacy of its users, including handling personal data responsibly and in accordance with GDPR principles.
Data Archival: DirectDecisions currently does not automatically archive voting data. Voting data, associated with user's Slack IDs, remains active and accessible as long as the voting event it is associated with is not deleted. The data is used strictly for the purpose it was collected for, which is to facilitate the voting process.
Data Retention Period: DirectDecisions adheres to the data minimization and storage limitation principles of the GDPR. As such, we retain voting data for as long as the respective voting event is not deleted. This period is deemed necessary for allowing users to review past votings, analyze results, and maintain a record of decisions made.
Data Removal:
Upon Voting Deletion: When a voting event is deleted by the user or admin, the associated voting data is concurrently removed from our systems, in line with the data minimization principle.
Upon Request: Users can exercise their right to erasure under the GDPR at any time. To request the removal of their voting data, users can contact us at support@directdecisions.com. DirectDecisions will promptly process and remove the requested data within 30 days of the request, unless there are legitimate grounds for retaining it as per GDPR regulations.
Data Security: DirectDecisions has implemented stringent security measures to protect the integrity and confidentiality of user data. All votings/users data are stored in the embedded database in the service separate from the api. The service itself is stored on the storage provider instance inheriting the security of the storage provider as well. The services communicate between themselves through high level http api using https protocol. This minimalist approach ensures the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Changes to this Policy: DirectDecictions reserves the right to modify this archival and removal policy at any time, while adhering to GDPR requirements. We will duly inform our users of any changes.
Data storage policy
Data Storage Policy for DirectDecisions
Purpose: This policy aims to outline the procedures and principles related to the storage of data within the DirectDecisions app for Slack, ensuring compliance with the General Data Protection Regulation (GDPR).
Policy: DirectDecisions is committed to respecting the privacy rights of its users. This includes handling all personal data responsibly and in line with GDPR principles.
Data Storage: DirectDecisions stores only the essential data necessary to facilitate its services. This includes voting data associated with users' Slack IDs. This data is active and accessible as long as the associated voting event is not deleted.
Data Storage Period: Consistent with the data minimization and storage limitation principles of the GDPR, DirectDecisions retains voting data for as long as the respective voting event is not deleted. This duration allows users to review past votings, analyze results, and maintain a record of decisions made.
Storage Infrastructure and Security: DirectDecisions uses an embedded database within its service, separate from the API, to store all voting/user data. The service itself is stored on a storage provider instance, thereby inheriting the security model the storage provider. Communication between services takes place through a high-level HTTP API using the HTTPS protocol, ensuring secure transmission of data. This minimalist approach aligns with the principles of data security, providing ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Data Removal: DirectDecisions ensures the ability to remove data in two ways:
Upon Voting Deletion: When a voting event is deleted by the user or an admin, the associated voting data is concurrently removed from our systems.
Upon Request: Users can exercise their 'right to erasure' under the GDPR at any time. Removal requests can be made by contacting us at support@directdecisions.com.
Policy Changes: DirectDecisions reserves the right to modify this data storage policy at any time while complying with GDPR requirements. We will duly inform our users of any changes.
Data hosting details
Cloud hosted.
Data hosting company
Vultr
App/service has sub-processors
no