Processing Your Personal Data
As a user of the Service and as a customer of Bryntum AB, we collect certain personal data about you and store it.
When signing up to access the Service, we collect your name, email and company for our records upon registration.
When chatting with us on our Website, the conversation will be stored by Drift (Privacy Shield compliant).
When signing up to use our forums on our Website, your name, email and optionally your avatar and date of birth is stored in our web servers hosted by GoDaddy (Privacy Shield compliant). You can delete yourself from the forums at any time.
- When you become our customer we store your personal Data (name, email, company address) in our accounting software (Fortnox, privacy related information: https://www.fortnox.se/om-fortnox/integritet-och-sakerhet/gdpr/ - in Swedish). If you pay for your plan inside the RootCause application, your name, email and company address will be stored in our database (as well as in Stripe).
In addition to processing personal data of our customers, when you implement the Service in your web application or web site - we also process personal data of your end users. In this scenario, you (our customer) act as the Data Controller and Bryntum acts as a Data Processor. You control when data is logged, and what personal Data from your end users is stored in our servers.
How Do We Use Your Information?
We use your email to send you notifications when your subscription is about to expire. We also use your email to send you information about updates to the Service. You can opt out from our emails at any time inside your user settings page. If you signed up for a trial of the Service, we will send you an automatic reminder once your trial period is about to expire.
Personal Data Retention
Your personal Data is stored by us during the period when you are a registered user of the Service. Please note that we may keep your personal Data stored longer, to comply with Swedish laws and regulations, or for reasonable business purposes.
Location Of Personal Data
We store our application and customer data in a few different data centers depending on what part of our Service or Website you interact with. Please see the list below for the different scenarios and locations of the data.
The database servers for the Service are located in The Netherlands, hosted by Digital Ocean (GDPR compliant)
Our technical support forums are hosted in USA, by GoDaddy (Privacy Shield compliant).
If you use the chat widget on our Website, the conversation is stored in the USA by Drift (Privacy Shield compliant).
- If you paid for your RootCause plan inside the dashboard application, certain personal Data such as name, email, phone number and address will be stored in the USA by Stripe (Privacy Shield compliant).
Security & Protecting Your Data
Our Website and Service both use SSL (Secure Sockets Layer) with 256-bit encryption to provide secure communication for any data sent to or from our servers. For our own direct server access we use two factor authentication. When you purchase access to our paid plans, we do not store any credit card details in our databases.
The data center where the Service stores your personal Data has the following security measures implemented:
- 24/7 Physical security guard services
- Physical entry restrictions to the property and the facility
- Physical entry restrictions to our co-located datacenter within the facility
- Full CCTV coverage externally and internally for the facility
- Biometric readers with two-factor authentication
- Facilities are unmarked as to not draw attention from the outside
- Battery and generator backup
- Generator fuel carrier redundancy
- Secure loading zones for delivery of equipment
Do You Share My Information With Third Parties?
Some parts of the Service and Website are relying on third party services. Below is a list of the scenarios when your information is shared with other parties.
- If you chat with us on our website, the conversation is stored by Drift (Privacy Shield compliant)
- If you paid for your RootCause plan inside the dashboard application, the payment is handled by Stripe (Privacy Shield compliant). Personal Data such as your name, email, phone number and address will be stored in the USA by Stripe
We will never sell your personal Data to any third parties.
Your Responsibilities As A RootCause User
You are responsible for informing your users about the information you are collecting about them as a result of using the Service. You are also responsible to ensure this is not violating any laws in your country or in the country of any of your end users. We recommend that you inform your end users when video or session data is being recorded. We also recommend that you request consent from your end users before logging a session, using our error confirmation dialog.
If you are not allowed to store PII for your users outside your country’s border, we offer you an on-premises option (Docker images) so that you can host RootCause in your own private network and then any PII will never leave your servers. Available for our Business + Enterprise plans, more information on our pricing page.
Your Rights As A RootCause User
As a user of our RootCause service, you can request to erase your Personal Data anytime. If you contact us and request us to remove your account, we will delete all your personal Data within 30 days.
Can I as a customer erase my recorded sessions containing PII of our end users? Yes, you can delete any sessions from the Errors/Feedback lists (they are also automatically deleted based on the History setting of your plan).
Can I as a customer update or correct details of my personal Data? Yes, please send us an email with any details you want to correct.
- Can I as a customer export all the personal Data about me collected by Bryntum? Yes, please just send us an email if you wish to receive a ZIP archive with all the data we have collected about you.
For EU citizens, click here to read more about your rights under the GDPR regulations.
What Is The Privacy Shield Framework?
In some areas of our business we use third parties to provide different services (such as payments, analytics, chat) where data might be stored in the USA. All such services we use are Privacy Shield compliant. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Bryntum's Data Protection Officer
The Bryntum Data Protection Officer can be reached at firstname.lastname@example.org.
Appendix 1 – Categories of Personal Data Collected
|Scenario||Category||Personal Data||Lawful basis|
|Signing up to access the Service||Contact details||Name, email and company||To fulfill our contract with you, consent.|
|Chatting with us on our website||Contact details||Name, email, text messages||Legitimate interests|
|Signing up to use our forums||Contact details||Name, email, avatar, date of birth||To fulfill our contract with you|
|Become a paid customer||Contact details||Name, email, company address||To fulfill our contract with you, Legitimate interests|
In addition to processing personal data of our customers, when you implement the Service in your web application or web site - we also process personal data of your end users. In this scenario, you (our customer) act as the Data Controller and Bryntum acts as a Data Processor. You control when data is logged, and what Personal Data from your end users is stored in our servers. You are required to get the consent from your end users and inform them of your processing.
Appendix 2 – Subprocessors
|Chatting with us on our website||Drift||USA (Privacy Shield compliant)|
|Become a paid customer||Stripe||USA (Privacy Shield compliant)|
|Using our forums||Godaddy||USA (Privacy Shield compliant)|