Like many of our customers and partners, we have been spending time over the last few months reviewing our systems and policies for the EU General Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, governs how companies process the personal data of EU residents and establishes stronger protections for the ‘digital rights’ of an individual.

We have always taken customer privacy and data security very seriously at Tettra, and we build our product with these principles in mind. We believe that regulations like GDPR are a positive evolution in privacy policy and consumer protection, and welcome the opportunity to continue improving our own practices in this area.

While Tettra is already in compliance with many parts of the regulation, we’ll be updating our policies and documentation over the next few weeks to explicitly address GDPR requirements. The changes we’re releasing fall into four categories:

  1. Product updates to give customers more granular and explicit control over what data is shared with Tettra
  2. Better documentation on existing tools for account export and deletion
  3. Updates to our Privacy Policy
  4. Updates to our Terms of Service

While GDPR applies specifically to our EU customers, we’re making these changes across our entire system, because we believe that all Tettra teams will benefit from the greater transparency and control over their data. You’ll find more information on what we’re planning in each of these four categories below.

Product Updates

We’re updating our sign-up flow to reduce the scope of data we request from your Slack account and make it clear what data/authorization we request from Slack and why. We have already moved some features that require additional Slack access to opt-in, and we plan to make more features that require Slack opt-in as well.

Clearer Documentation on Existing Tools

We recently added self-serve exports in the app, so you can download all of your Tettra content at any time, regardless of subscription status. We also already honor requests to delete all of your data from our systems. We will update our website with more details on how to submit a request and how we process those requests. We are actively working with our third-party service providers to be able to delete any personal data that is stored on their systems (for example, analytics and usage data tied to a specific Tettra user).

Privacy Policy

We will be updating our Privacy Policy to make it clear what data we collect, why and how we use that data. We’ll also update our policy around third-party integrations, including how data is shared and for what purposes.

Terms of Service

We’ll be updating our Terms of Service, so customers retain more rights to their content on Tettra. We’ll also be adding a data breach policy, which will cover our commitment to notify our customers promptly if we become aware of any unauthorized access to their data.

We expect to publish our updated Privacy Policy and Terms of Service at the beginning of May. At this time, we are not planning on providing a Data Processing Addendum (DPA) separate from our updated Terms of Service.

_____

We hope this post provides some clarity on our upcoming changes for GDPR, our ongoing work to keep your data protected, and helps your organization in your own efforts as you prepare for this important new regulation.

If you have any questions about GDPR, our work around security and privacy, or ideas on how we could improve in this regard, reach out at any time at [email protected].

Did this answer your question?