Last updated: 22 August 2022
Data Processor and Data Controller Roles
When we process personal data that you and your users provide to us when using Bimbala we are your data processor and you are our data controller. Our Data Processing Agreement will govern the roles and responsibilities of each party when processing personal data.
Summary of Processing as a Data Processor
We use data from your users solely for reasons directly related to providing the core features of Bimbala. We do not use any personal data from your users for marketing, profiling or similar purposes. Data collected is limited to email address, full name, IP address, browser user agent string, and HTTP referrer. IP address, browser user agent string, and HTTP referrer are used solely as a technical aid to help prevent spam and service misuse.
Bimbala has “right to be forgotten” procedures in place. We automatically and fully delete a customer’s data three months after they cancel their account and/or the account expires. The sole reason for holding onto the data for three months is to allow customers a reasonable amount of time to export their data or to reactivate their accounts. Upon request, we can delete data earlier.
When a customer’s data is deleted, all suggestions, comments, votes, email addresses, names, and metadata are deleted. The only customer data we keep long-term after cancellation is the data to meet our legal requirements such as a record of all invoices and payments.
We take all reasonable steps to ensure the reliability of any personnel who have access to personal data. We have in place all reasonable technical and organizational measures to keep all personal data confidential and secure and to protect personal data against accidental loss or unlawful destruction, alteration, disclosure, or access.
Bimbala is primarily hosted on Hetzner's cloud infrastructure. We regularly perform audits to ensure we follow Hetzner's recommended security guidelines for data protection.
We store production data solely within the European Union.
Summary of Data Collection and Processing as a Data Controller
Data collected on our public website (“marketing site”)
On our website, we use Motamo to help us understand, in anonymized form, how the site is being used.
Data collected from users of our web application
When you create an account on Bimbala we store your IP address, browser user agent string, and HTTP referrer. We do this so we can detect when people try to abuse the service. This information is stored in our database, which is hosted on AWS, using the Ireland data region, and is not shared with other services.
Bimbala offers several optional integrations. When you enable an integration, your data will be shared with the integrated service only to the minimum extent necessary to provide the functioning integration.
Data collected from your users on our web application
When your users post a suggestion or a comment or upvote a suggestion on the Bimbala service, we store your user’s full name, email address, IP address, browser user agent string, and HTTP referrer. This data is used to perform the functions of the Bimbala service, including preventing spam and service misuse.
User information is stored in our database, which is hosted on Hetzner's servers - in Germany.
We send transactional emails only to your users of Bimbala via the email delivery service -
Financial transaction information collected
If you become a paying customer, you will need to provide us and Paddle, our payment partner with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number.
As you would expect of any business, we share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file our annual tax return.
Need more information about Bimbala and the GDPR? Write to [email protected].