GDPR Compliance

Last updated May 23, 2018

We are committed to our users’ rights to privacy. We promise to share transparently all aspects of how the product and website work in regards to privacy, terms, and personal data, and we are in full support of efforts to ensure your protection online.

The EU’s General Data Protection Regulations (GDPR) take effect May 25, and we are fully behind the spirit of these regulations for a safe and secure Internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally-identifiable information.

Our Privacy Policy contains mentions of the few instances where personally-identifiable information is required. Typically this will include an email address in order to log in to Highlights or an integration username in order to manage your account.

Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won’t collect it. This approach has felt very much in line with the spirit of GDPR.

At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten.

Cookies

We will add a cookie notice to all marketing pages and blogs in order to comply with the E-Privacy Directive. We do not collect personally-identifiable information with our cookies, but we do want to acknowledge the use of cookie technology on our website.

Deletion

A user has the right to request that we delete all of their personal data. Users who wish to inquire about the right to be forgotten will be able to reach out to us at any time at contact@gethighlights.co.

Access / Portability

A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can reach out to us at any time at contact@gethighlights.co.

Modification

In Highlights, if a user asks to change their information, we can do so within our admin portal. If a user has a modification to make, they can reach out to us at contact@gethighlights.co.

Sub-Processors

We commit to displaying a list of all current sub-processors in use by Highlights. A sub-processor includes any third party that we share personally identifiable info with.

Here is that list:

  • Amplitude
  • AWS
  • Crisp
  • Google Analytics
  • Heroku
  • Hotjar
  • MailChimp
  • MailMunch
  • MoonClerk
  • Stripe

Questions about GDPR at Highlights? Please get in touch and we’ll be happy to answer them!