What is the GDPR?

GDPR is the General Data Protection Regulation (GDPR). A new law introduced by the EU to protect users' personal data. This law covers several aspects of data security. Here we provide guidance on how we protect your data, what our responsibilities are and what your responsibilities are. We strongly recommend that you read all of our documentation or other articles on GDPR to decide whether you want to use our app. We are not responsible for any omissions or errors in data protection made by you or third parties. Please take the time to read the documentation and act sensibly to stay safe.

Definition of personal data:

Any data that belongs to an individual is his or her personal data. It can be a person's name, image, email address, physical address, social media post, location, computer IP address, etc. The owner of the personal data is the only legal party to it. This means that no matter where and how the data is stored, it belongs to the individual. The data collector or user (e.g. Facebook, YouTube) cannot display, store or share personal data without the explicit or implicit consent of the user. If the user gives permission for their data to be used for certain activities (data storage, viewing, etc.), then the administrator of the application can use it.

Imagine a hypothetical situation: you publish a post on social networks. In this case, you give implicit permission to show the post to your public or private contacts. The administrator of the application is not responsible for offensive comments that may be left by your contacts. This means that if you have made your details public, this is your responsibility. However, the Programme Administrator is responsible for any sharing of data with third parties. If any data is to be shared, this must be made clear in advance. So we can see how uploading and displaying data is up to both the programme administrator and the user. Further details are provided throughout the documentation.

Developer responsibility:

Protecting the user's personal data at the back end is the developer's responsibility. The developer is responsible for how the user's data (name, phone number, email, etc.) and other information (e.g. logs of the user's interaction with the application) is stored in the database and on the server. We will describe in detail how direct data (name, email, etc.) and indirect data (browser name, computer IP, etc.) are stored in the database and on the server. Once any data is uploaded to the server, its security depends on the security of the server and sometimes on the administrator of the application.

The user will be informed of all temporary (cookies and sessions) and permanent (data stored in a database) data storage methods. The User will be given the opportunity to delete all his/her personal data after deleting his/her account or terminating the service. We guarantee that we do not keep logs of the user's activities and that we do not have any secret means of extracting the user's data. From time to time, the administrator of an application may grant the developer access to cPanel and other credentials to enable the developer to maintain and manage the application for a short period of time before it is launched. We strongly recommend that the administrator changes these credentials when the work is complete. The developer is not responsible for any leakage of these credentials. Nor is the developer responsible for any unintentional security breaches in the program. After all, data shared on the Internet always has a risk of leakage. Therefore, we strongly recommend that you do not share any data that may compromise you or another person.

Responsibilities of the Programme Administrator:

The administrator of the application has unrestricted access to the user's personal data. The administrator can view and copy data stored in the database and on the server. The administrator can share the user's personal data with third parties. How the user's data will be used must be clearly disclosed before the user's registration. The administrator should not allow anyone to collect data openly or under the guise of completing surveys or forms. The administrator of the application has the most privileges and therefore has the greatest responsibility for the protection of users' personal data.

User responsibility:

It all depends on the user. If the user does not provide the data, then there will be no data leakage, but this is not an option. It is the sole responsibility of the user to keep their credentials secure. The password and username can be encrypted in the database, but a password that is too predictable can allow a hacker to easily access the user's account. Change your information if you notice any suspicious activity or if you have had to share your passwords with others. Always think before you give your details.

Our action on GDPR:

  1. As little data collection as possible: We collect only the most necessary data and explain to the user why certain data is needed.
  2. Using HTTPS: We provide encrypted communication throughout the app to protect data from interception.
  3. Cleaning up the session and cookies: After disconnecting, we delete all sessions and cookies.
  4. Not monitoring user activity for commercial purposes: We do not track users' activities in order to provide them with targeted advertising or commercial offers.
  5. Informing the user about the storage of the computer's IP and location data: We clearly inform users of any logs stored in relation to a computer's IP or location.
  6. Clear terms and conditions and privacy policy: We provide transparent rules about the requirements of the GDPR and the conditions of use of data.
  7. Informing third party involvement: Users will be informed of any sharing of their data with third parties.
  8. Policy on data leakage: We make clear rules about how we will handle any data leaks.
  9. Data deletion: Users have the option to permanently delete their data after deleting their account or cancelling a service.
  10. Software security updates: We implement all the necessary patches to ensure that the software is safe from vulnerabilities.

GDPR functions are supported:

  1. "Adios, App" (All the best, app): When a user cancels their subscription or deletes their account, we give them the option to delete all the data associated with the account. This action is irreversible - if the data is deleted, it will be permanently removed from both the database and the server. The user can make a backup before the deletion if they plan to return.

  2. Secrecy is my right: We encrypt most of your personal data stored in the database. If a data leak were to occur, the hacker would only get the encrypted data, not your personal information in an open form. Certain data cannot be encrypted (e.g. username) because it must be displayed when you log into your account. However, we do mask as much personal information as possible.

  3. Without cookies and session storage: We give you the option to choose whether you want to save cookies and sessions. Even if you choose to keep them, cookies and sessions will be deleted after logging out. We strongly recommend that you do not save your login details in your browser. It is better to remember your password or use tools such as LastPass for password management.

  4. Eradication of traces: We do not monitor or track your activities for commercial purposes. We may only store your login time or IP address, but only for security purposes. When you delete your account, all your data will be completely deleted from the server.

  5. Social engineering is bad: We do not record any of your personal activities on the App. Recording, analysing and trying to sell a product or motivate a user based on this data makes it unethical practice. We do not.

  6. Let me know: Receive notifications of all actions related to your account (account creation, password change) by email. We recommend that you change your credentials if you notice any unusual actions.

  7. Notification of policy updates: You will be notified of any updates to the privacy policy or disclaimer. Please read your emails on this issue and decide how to proceed. Please do not hesitate to contact us about these issues.

  8. Join without hassle: We have implemented HTTPS everywhere, so data interception is impossible. Even if someone managed to do it, the hacker would only get encrypted data. So you can use our app safely.

  9. We do not store user data: We do not store any user data. There are no hidden options that collect data. Once the application is uploaded to the server, we do not have access to it without an administrator password. So don't worry about hidden data leaks.

  10. Data leakage policy: We have put in place all the security measures to protect your data in the database (data encryption, MySQL, SQL injection prevention, input validation, etc). Weak or overly predictable passwords can compromise the security of your data and are therefore your responsibility.

Is sending mass messages to Facebook users through our system GDPR compliant?

Yes, sending mass communications through our system is GDPR compliant. Since people OPT-IN (voluntarily start a conversation) on our Facebook page, we can prove it. They become our contacts in a legitimate way. All messages sent must have an opt-out link (this feature is already in place) or some other way to allow people to opt-out at any time.

  • Overview

      Overview

      How it works

      We offer you a platform where you can automate everyday business decisions easily and without programming knowledge! Log in and try it out

      Options

      Social chat automation, comment automation, enquiry or booking collection, sales and much more.

      Integrations

      All steps are automated, so you can forget complex programming tasks with integrations.

      Startmsg fits:

      • Small Business
      • Marketing Specialist
      • Accommodation Sector
      • El. Commerce
      • Advertising Agency
      • Technology Company
      • Restaurant
      • Beauty & Wellness Business

      Integrations

      All integrations

      Plans

      Starter

      Join StartMsg platforms - freewhere you can easily create and manage chat campaigns for your business, helping you to effectively engage your customers and increase their loyalty.

      Pro

      With StartMsg Pro Automate and manage customer engagement to achieve your business goals. Turn every conversation into a valuable contact and grow your business efficiently!

      Compare plans
  • SolutionsNew
  • Options
  • Pricing
Get Started