What is GDPR?
The General Data Protection Regulation (GDPR) is a European regulation strengthening the security and protection of personal data.
What is Unito's role under GDPR?
Unito acts as both a "data processor" and a "data controller" under the GDPR.
Unito is a "data processor" when downloading and transforming personal data contained in synced tasks, cards, and issues. Personal data and information that they can include could be, for example, assignee or commenter names and email addresses.
Unito is also a "data controller", as we need to collect information to set up and run our services and to provide timely customer support. This customer information includes things such as customer name and contact information.
Does Unito comply with GDPR?
What personal data does Unito collect?
We store data that customers have given voluntarily. For example, to be able to provide support, we may collect and store contact information, such as name and email address, when customers sign up for our products and services. In order to connect to the synced tool, we also collect OAuth tokens, which are fully encrypted and treated as confidential and restricted data.
When processing and syncing task data, Unito does not permanently store any contents and relies on mere checksums to detect changes.
Does Unito transfer data internationally?
The GDPR imposes restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria. Unito is hosted on Amazon Web Services in the United States, which is certified under the EU-US Privacy Shield. Customer support operations are performed in Canada, which is recognized by the EU as providing adequate protection.
Whom should I contact if I have questions regarding GDPR or my personal data?
Please contact us at firstname.lastname@example.org for more information.