Privacy & Security
GDPR
To comply with the General Data Protection Regulation (GDPR) laws passed by the European Union that go into effect beginning May 25, 2018. A sub-processor is a third-party company Prepr uses to process customer-related data. We’ve included the name of these companies, how we use them to process data, and links to their resources on customer privacy and security.
Right to access
The GDPR gives individuals the right to request a copy of any of their personal data that are being processed, as well as other relevant information. Prepr offers you the possibility to export a customer. Go to 'Customer' and select the right customer. Click 'GDPR export' in order to download a Json with the full customer. This includes:
- Personal details
- Full address
- Email address
- Subscriptions
- Interactions (such as like, view, bookmarked)
- Terms and tags
Right to erasure
This right is also known as the ‘right to be forgotten’. Individuals have the right to have their data erased. This can be easily done in the Prepr interface. Just search this customer under 'Customer' and click 'Delete'. All this customer data will be erased, immediately at the moment, you click on the confirmation button.
Prepr sub-processors
Sub-processors necessarily used in the Prepr Platform or in support thereof (partly depending on your location and use of Prepr).
| Company | Processed data | Resource |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | aws.amazon.com/compliance |
| Atlassian | Application error reporting | atlassian.com/legal |
| BunnyCDN | Cloud infrastructure | bunny.net/privacy |
| DigitalOcean | Cloud infrastructure | digitalocean.net/legal/privacy-policy |
| Cloudflare | Cloud infrastructure (DNS, Caching) | cloudflare.com/privacypolicy |
| Google G4A | Customer behaviour analytics | support.google.com/analytics |
| Fastly | Cloud infrastructure (CDN) | fastly.com/privacy/ |
| HubSpot | Cloud infrastructure (CDN) | legal.hubspot.com/privacy/ |
| Mixpanel | Back-end user behaviour analytics | mixpanel.com/legal |
| Mux | Cloud infrastructure (Video, Audio) | mux.com/privacy |
| New Relic | Cloud infrastructure (request logging) | newrelic.com/privacy |
| OpenAI | Content item enrichment | openai.com/api-data-privacy |
| Pusher | Real-time communication | messagebird.com/en/legal/privacy |
| Stripe | Payment processing | stripe.com/en-ca/privacy |
| Sentry | Application error reporting | sentry.io/security |
| Helpscout | Customer support | helpscout.com/company/legal/privacy |
| True | Cloud infrastructure | true.nl/privacy |
| TextRazor | Content items analytics | textrazor.com/privacy |
| Hotjar | Back-end user behaviour analytics | hotjar.com/legal |
Customer Data Retention Policy
Privacy regulations provide guidelines on how to deal with personal data. It's a good practice to delete this data when a customer hasn't interacted with your systems for some time.
Event history
You can easily delete all or specific interactions, such as view, click, win, vote or call. Select the interaction type you want to delete and enter a period. Need any assistance? Contact Prepr support.
Customer retention
You can choose to anonymize or delete customers.
- Anonymizing customers results in unknown customers: customers without any personal details. Engagement data is retained, past metrics are unaffected. Customers with active subscriptions and prize winners are not anonymized.
- Deleting customers will remove all customer data from the database. All personal details will be deleted, as well as all interaction data. Past metrics will be affected.
Need any assistance? Contact Prepr support.