What is GDPR?
GDPR stands for General Data Protection Regulation. A new law enforced by EU to protect end user’s personal data. This law enforces several aspects of data security. Here we want to give a guideline on how we protect your data, what is our responsibility and what is your responsibility. We strongly suggest you read all our documentation or other articles about GDPR and make the decision whether you want to use our application or not. We are not responsible for any negligence or fault in data protection on your side or any third-party side. Take your time to read the documentation act wisely, and stay safe.
Definition of Personal Data
Any data owned by an individual is his or her personal data. It could be someone’s name, image, email address, physical address, social media post, location, computer IP address, etc. The ownership of the user’s personal data is absolute. That means wherever and however the data is saved it belongs to the user solely. The data collector or data user (Facebook, YouTube) cannot show, save, share, or perform any other activity with the user’s personal data without the user’s explicit or implicit permission. If a user gives permission to use his or her data on a specific type of action (data storing, data viewing, etc.) then it can be used by the admin of the application. To visualize this, consider a hypothetical situation. You post a status on social media. Here you have given the implicit permission to show the post to your public or private contacts. Application admin is not responsible for any abusive comment to your post made by your contacts. This means that if you made your data public then it is your responsibility. But application admin does hold responsible for any data sharing with third parties. If any data is shared it must be said explicitly in advance. So, we see how data uploading and showing depends on both the app admin and the user. Further details you will get upon reading the full documentation.
Responsibility of Developer
The safeguard of user personal data on the application's back end is the responsibility of the developer. The developer is responsible for how the user data (name, telephone no. email, etc.) and other info (like logs of user interaction with the application) is stored on the database and server. We will describe in detail how the data you submit directly (name, email, etc.) and indirectly (browser name, computer IP, etc.) are saved on the database and server. Once any data is uploaded to the server the security of the data depends on the security of the server and sometimes the admin of the application. Users will be notified about all the temporary (cookie and session) and permanent (data saved to the database) data saving. Users will get the option of all his or her personal data erasing permanently upon account deletion or service cancellation. We assure you that we do not keep logs of user activity or any other backdoor to extract user data. Sometimes cPanel access and other credential of app admin is needed by the developer to support and maintain the application for a short time before the application goes fully online. We strongly recommend that the app admin change these credentials after the job is done. The developer cannot be held responsible for any credential leak on this ground. The developer also cannot be held responsible for any unwilling security glitch on the application. After all, data shared online always has the risk of getting leaked. So, we strongly suggest not sharing any data that can compromise you or any other individual.
Responsibility of Application Admin
Application Admin has unrestricted access to the user's personal data. Admin can access to database, server logs, and any other info on admin’s reach. Application admin can see and copy the data saved on the database and server. App admin can share user’s personal data with third parties. How the user’s data is used must be announced by the app admin explicitly before user registration. The admin should not allow anyone to extract data openly or under the disguise of the survey, fill out the form, or any other means. The app admin enjoys the most privilege on the application. So, the admin has the highest responsibility for the safekeeping of the user’s personal data
It’s all depending on the user. If users do not submit data, then there will be no data breach. But this is not an option. The topmost priority of the user is to read all the documentation from both the app developer and app admin and then submit the data. Safekeeping of the user’s own credentials is the sole responsibility of the user. Password and username may be encrypted on the database but a dictionary word or too predictable password for a specific user can give easy access to the user’s account to hackers. Change your credentials on any suspicious activity by an unauthorized person or in case you share your credentials with others for some inevitable reason. Always think before submitting.
Our Action on GDPR
- Collect as little data as possible. Tell the user the necessity of collecting specific data.
- Enforce HTTPS
- Destroy all sessions and cookies after logout.
- Do not track user activity for commercial purposes.
- Tell users of any logs that save computer ip and location.
- Clear terms and conditions.
- Inform users about any data sharing with third parties.
- Create clear policies about data breaches.
- Delete data on canceling subscription or account deletion.
- Patch web vulnerabilities.
Supported GDPR Features
Adios, Application: Once you cancel your subscription or delete your account, we give you the option to delete all your data existing or related to your account. Note that, this action is irreversible. The moment you say yes to delete all your data will be erased from the database and server forever. You can back up data before deleting it in case of re-subscribe or re-register.
Secrecy is my right: We encrypt most of your personal data on the database. If any bad things occur (data breach) then the hacker will get an encrypted hash not your personal on plain text. So, your secrecy will be intact even in case of a data breach. Note that, some data cannot be encrypted because we need to show it upon login to the account (like username). We will hide all your personal data as much as possible.
No cookie and session saving: We will give the option to save or not save cookies and sessions. Even if you save cookies and sessions these will be destroyed after logout. We strongly suggest you not save your credentials in the browser. Please memorize your credentials or use tools like Sticky Password to manage your credentials.
Destroy footprints: We do not save or track any of your activity for any commercial purpose. We may store your login time or IP for security purposes only. When you delete your account every single piece of your data will be deleted from the server.
Social engineering is bad: We do not record any of your personal activity on the application. Recording a user’s personal activity, analyzing it, and trying to sell a product or motivating a user to pursue a certain thought upon analyzed data is becoming malpractice. We do not do such things.
Notify me: Get notified about all your activity relating to your account (account creation, password change) by email. We suggest you change your credentials if any unusual things occur.
Connect without worry: We enforced HTTPS everywhere. Data sniffing is not possible in this case. Even if possible, the sniffer will get an encrypted hash. So feel safe to use our application.
No data collecting: We do not collect any data on users. No backdoor, and no hidden option to collect data. Once the application is uploaded to the server we cannot enter to application without the app admin password. So do not worry about any hidden data leaks.
Data breach policy: We implement all the security to store your data carefully on the database (data encryption, MySQLi, SQL injection prevention, input checking, etc.). However, we do not take any responsibility for data breaches from servers. Because it is the total responsibility of the app admin and server admin to secure your data from breaching. Any weak or too predictable password of the app admin or server admin could compromise the database. Any inherent fault on the database config can give away the database (MongoDB security fault). Any security flaw on the server can lead to data leaking. Please contact your app admin in this regard.