Your privacy is critically important to us. Below is our policy.
Last updated: April 4, 2019
Identity and access
When you sign up for LocaleData, we ask for your name, email address and time zone. That’s just so you can access and personalize your new account, and we can deliver our services, send you notifications, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.
When you pay for LocaleData, we ask for your credit card and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support. We store your billing address to calculate any sales tax due, to detect fraudulent credit card transactions, and to print on your invoices.
When you write LocaleData with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference.
When you browse our marketing pages, we’ll track that with Google Analytics for statistical purposes (like conversion rates and to test new designs). We also log your activity in the application, including your IP address, so we can always verify that no unauthorized access has happened and improve our services for as long as the logs are kept. We also store any information you volunteer, like surveys, for as long as it makes sense.
The only times we’ll ever share your info:
- To provide products or services you’ve requested.
- To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
Your rights with respect to your information
You may have heard about the General Data Protection Regulation ("GDPR") in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the site. The rights under GDPR include:
- Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. This is your right to request correction of your personal information.
- Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the "Right to be forgotten"). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using LocaleData services and may result in closing your account.
- Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
- Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
- Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
- Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.
Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at firstname.lastname@example.org.
Processors we use
As part of the services we provide, we use third party processors to process some or all of your personal information:
- DigitalOcean. Cloud services provider.
- Backblaze. Cloud storage for our backups.
- Paddle. Payment processing services.
- Gravatar. Service for providing default profile avatars.
- Sentry. Error reporting software.
- Skylight. Application performance monitoring.
- Mailgun. Transactional email service.
- MailerLite. Email newsletter service.
- Google Analytics. Analytics service.
Security and encryption
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The off-site server and database backups are also encrypted. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it).
When you cancel your account, we’ll delete the associated data from our databases immediately. However, your personal data may still be available in our backups and logs. We back up our servers and databases. We keep our backups for the past 90 days, older data are deleted permanently.
Location of site and data
Our marketing and application sites run on servers located in Frankfurt, Germany. However, some of our subprocessors are located outside the European Union. If you are located in the EU, please be aware that any information you provide to us can be transferred outside the EU. By using our sites, participating in any of our services and/or providing us with your information, you consent to this.