[Effective date: June 10, 2019]
Easy to understand
Consistent across all user data
Compliant with all applicable laws
Before we get started, our lawyers want us to mention that FigLeaf may process and store your data in locations outside of the EU. Now that that’s out of the way, let’s get to the good stuff.
What personal data does the FigLeaf app collect?
Your email address. We need your email address to create your FigLeaf account and give you access to FigLeaf services. If you don’t provide us with your email address, we can’t provision our services and you won’t be able to use FigLeaf.
Your device type, OS version, FigLeaf version — with your consent first. This data will help us improve device compatibility.
How you interact with the FigLeaf app — with your consent first. This data will help us improve your experience while using our app.
Your IP address. This data is necessary for DDoS protection and security analysis. It’s also mandatory for anti-fraud systems used by banks.
Some app events, and crash data. We collect non-personalized app events like first launch, log in, log out, and others. FigLeaf needs this data to function properly.
Any Personally Identifiable Information collected by the FigLeaf app is encrypted with a Security Key that only you have access to. The data is only decrypted by FigLeaf when it’s processed, or when shared with our trusted partners.
What personal data does FigLeaf website collect?
Not a whole lot — just the email address you provided when contacting Customer Support.
Website Cookies and Other Tracking Technologies
The only cookies we like are the kind with chocolate chips (don’t get us started on raisins). We’re not a fan of the digital kind of Cookies — those small text files that help a website remember your actions and preferences.
Cookies are designed to follow you around the web. We don’t want to know where you’re going or where you’ve been. So we use Local Storage technology, developed in-house, which only tells us what browser you use — and only for the purpose of making our website work properly. Nothing more.
Special notice for children under the age of 16 and their parents or guardians:
Our website, Product, and services are not aimed at children under the age of 16, and we may not knowingly collect any personal information from anyone under the age of 16. If you believe that we have collected personal data from minors, please contact us via email.
As mentioned before, we like to keep things impersonal. There are some cases where we might ask for more details.
For example, if you love FigLeaf so much that you want to buy a subscription (thank you, by the way), our payment provider needs a few details to process the transaction. Things like your name, address, and credit card number. While we may collect this data on behalf of a payment provider, we do not store it in our systems.
Here’s everything you need to know about what happens to your info once you agree to share it with us.
What type of companies?
Payment processing, customer support, data storage, protection and security, DDoS prevention, and VPN service.
Not to worry. We refuse to shake hands with potential business partners until we confirm they value data privacy as much as we do. Anyone we do business with is required to maintain confidentiality and is prohibited from using your information for any other purposes.
From time to time, we may store, process or share data with entities or systems outside of the EEA. As required, we ascertain that those third-parties also understand their data protection obligations.
And we interact only with PCI-compliant third-party payment processors to collect and to process your credit card details.
Anything else I should know about third-party providers?
Is there any case where FigLeaf might share my data with other entities?
Changes in Ownership: If the Company becomes owned by a third party as a result of a merger, acquisition, reorganization, or bankruptcy, customer information may be passed to the third party.
Protection of the Company and Others: It may be required of us by law to disclose the information available to us.
Service Providers: We rely on several service providers to deliver our service. For example, we may use Cloud technologies to perform certain operations; on VPN providers to assure data is encrypted in transit; payment processing services, and from time to time use subcontractors to augment our staff.
Data Retention and Security
We process and store information for as long as your account exists or as required by any law.
We back up your data and keep it for only 30 days from the moment it hits our servers. This means that if you delete your account, it will be stored on our servers for 30 days. After that time, we won’t be able to provide the data to anyone.
Everything you do is encrypted while transferred, on our servers and on your device.
If we need access to your information to help with something, we we will ask your permission to do so.
No one can guarantee 100% security, but we take all appropriate technical and organizational measures to protect your data against unauthorized or accidental access, deletion, alteration, blocking, copying, disclosure or other unauthorized actions by third parties.
In the case of personal data accidents, we will inform you without undue delay.
Your Privacy Rights
We prefer to know nothing about you. That’s why we collect and use only the minimum personal data necessary to operate our Product and service, to improve these, and to provide you with support.
You’re always in control of your privacy preferences. Feel free to review and manage them by contacting Customer Support in writing via email with your request to:
Withdraw your consent to us processing, storing or sharing your data;
Update your information so that your data will always be accurate;
Access data that has been collected about you;
Restrict the processing of your personal data;
Delete the personal information associated with your account;
File a complaint with the appropriate data protection authority.
If you have any GDPR-related cases, questions or requests you can submit your inquiry to FigLeaf Data Protection Officer (DPO) at firstname.lastname@example.org.