The GDPR is a great set of policies which helps to make sure that personal data, privacy and security are respected by companies. This document explains how we're taking care of you while you use our product.
Who owns my data?
You retain ownership of your poll data and all rights to it. Nothing in our T&Cs grants us, or transfers to us, any legal rights except those that enable us to process your data in line with our T&Cs.
In practice this means:
- The poll data you collect is yours, and you can do what you want with it. We consider poll data to be owned by the account as opposed to the individual user on the account.
- We have a right to use your data in order to collect it, store it, and process it for you as you use doopoll.
- By using doopoll you give us permission to use sanitised / anonymised poll data in order to create a better product for our users. For example, how phrasing of questions affects response rates, or whether a certain number of options causes response rates to drop off.
What personal data do you require from me as a user?
Here is a record of the personal data we process, and the reasons why we ask for it.
- Email: We use this to identify you and create your account. Your email is also used to send notifications, and to carry out account operations such as resetting a password. We remove your email from our support systems and our main database as soon as we delete your account. It may still be present in backups for up to 90 days, after this point the data is removed from our backup set. Your email will remain on our marketing list until you unsubscribe as it is a separate list. Billing information:
- Card type & last four digits: We store this information to help you identify which of your payment cards is registered as the payment method for your account. Your full card number is stored with out payment processor Stripe. All card information is encrypted before being sent to Stripe, and unencrypted when it gets there.
- Card expiry: This means we can work out if your payment has failed because you need to update your card.
- Billing Address: This helps us with fraud prevention, and can also be used for invoices.
- VAT Number: For tax purposes you can provide your VAT Number for invoices.
- Billing email: Occasionally this may be different to the account admin's email. We use this email to send invoices and payment related messages.
- Your billing information is deleted from our main database as soon as we delete your account. It may still be present in backups for up to 90 days, after this point the data is removed from our backup set.
- We may hold on to details of invoices and payments for our financial records for six years to comply with UK law.Optional information:
- First and Last Name: Your name identifies you to your team, and allows us to provide better support.
- Phone number: This helps us to manage your account, provide support, and ensure you are getting the best from doopoll.
- Language: Choosing from a preselected list changes the language of the UI. We store this so that you don't need to set it each time.
- Last active: We log the date you last logged in for our analytics, and to work out if you are an active user.
- Account / Organisation name: We use this to better identify who you are for support. It allows use to provide context and group users in your team.
- All optional personal information is removed from our main database as soon as we delete your account. It may still be present in backups for up to 90 days, after this point the data is removed from our backup set.
- In addition we may also track events and actions you perform on doopoll. This helps us understand you and your challenges better, in order to create a better product. We do not delete this information.
How do I delete my account?
If you want to delete your account you can do so by emailing firstname.lastname@example.org. We will ask for a second confirmation in order to pass security and fraud checks.
At that point, within five days all of your data and your account will be removed from our working database. It may still be present in backups for up to 90 days, after this point the data is removed from our backup set.
Your email may still be on one of our mailing lists which you will need to unsubscribe from separately. You can simply click the unsubscribe button at the bottom of the email at any time.
What personal data do you store on respondents?
No personal data is required to answer a doopoll. We create and assign a random ID which is stored on the respondents’s local storage in order to identify them.
Optionally, respondents may be asked by the poll creator for their email and name for further contact as well as other clearly specified uses. If a respondent consents to give this information in whole or in part, it will be linked to their poll responses. This data is also only used by the poll creator and their organisation.
Note that respondents may put personal information in free text comments, but we do not require this or ask them to do it.
Where is my data stored?
This is fairly boring and technical, but you might need to know this to comply with your company data policy.
- Our core app and API run on servers physically located in Dublin, Ireland. They are on the EU-WEST-1 region. They are hosted with MDG Galaxy, which in turn runs on top of Amazon AWS.
- Our databases are hosted on servers physically located in London, England. They are on the EU-WEST-2 region. They are hosted with Amazon Web Services.
- When you upload an image, in order to allow your poll respondents to load images quickly, we serve them on via Content Delivery network (CDN). These images may be cached locally. Our images are stored and served with Uploadcare which in turn runs on top of Amazon AWS. Whilst not physically located within the European Economic Area, Uploadcare is Privacy Shield compliant: https://uploadcare.com/about/privacyshieldnotice/.
If you have any other questions about your data, click the speech bubble in the bottom right hand corner of the screen and one of our team will get back to you.