Data Security Policy

What is accessed

• Your personal name and email attributes are needed as part of signup and login authentication process
• We do no request other data from other channels

What data is stored

• Your name and email are stored as part of the account creation process; Name, nickname and avatar can be modified within personal account
• License configuration requires you to provide the name and contact details of the payee
• We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage is credit card information stored on, or even sent to, our servers. All credit card details are sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal
• Other data that you create and control as part of managing Consortium
• Audit of user access against a given consortium
• Audit of configuration changes

What we do with data

• Your name, nickname and email are stored in your account record; Data is encrypted at rest; You can modify name, nickname and avatar image link
• Our policy is never to share or sell data to any external party

Data Retention and Archiving Policy for Neelix Core Data

• Your name, nickname, email, experiences commentary and metadata are stored for as long as your account remains in the system. There is no automatic archiving or account deactivation policy related to inactivity.
• The can close an account by being "forgotten" in accordance with the account cancellation policy (see below). User-identifying information relating to the Consortium is either deleted or anonymized when the account is closed. Data related to payments already processed will be stored securely in accordance with our tax, accounting and financial reporting obligations. In all cases where we keep data, we do so in accordance with the limitation periods and records retention obligations imposed by applicable law.
• Stripe data retention policy provides information about billing and payment data stored on © Stripe. At no time are credit card details stored or sent to Neelix servers.

Data Retention and Archiving Policy for Integrated Channels

• This policy applies to Slack and Microsoft Teams integrations.
• When Neelix app is installed in a workspace, we store name, id, and bot token and associate the workspace with the user who added it. When channel list is refreshed, we store name, id and locale for any unrecognized channel and associate all relevant channels (new and existing) with the user who triggered the refresh. These values may be updated periodically but we do not retain any other workspace or channel data.
• If a channel is deleted, all data about the channel is deleted, including Neelix's default configuration settings and any association with any user. Likewise, if the app is uninstalled from a workspace, all workspace, configuration and workspace user association data are deleted along with data from any channels in the workspace.

Encryption, Hosting and Geo Location of Data

• We do not run own physical infrastructure. Instead, we leverage the power and security of Google Cloud Platform
• Application and datastore are hosted in GCP - host region is us-central
• Data is encrypted at rest
• Internet communications are secure - https only

People and Access Policy

• User can access data only with specific Consortia according to the permissions administered by the maintenance user(s) of each Consortium
• Only authenticated users can access functionality

Backups

• 24 hour backups policy

Account cancellation

"Close Account" is a self-service process (the same link is available in the user's personal cabinet).

• User can leave the system at any time. Personal name, nickname, account pairing details and email details will be deleted if the account is closed
• Experiences comments will be deleted and person identifiable information purged if your Consortium is not in use.
• If the Consortium is being used by other authorized users, then a clear notification will be provided during the account closure process. You will have the opportunity to agree with other users to archive the Consortium in its entirety or just to remove your own comments.

Account Support is the preferred method when requesting more information about stored data or when any other assistance is required.

Contact us is another method of contacting us for inquiries or assistance.

Billing and Invoices Data Management

• We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage are credit card details stored on, or even sent to, our servers. All credit card data is sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal.
• Stripe data retention policy provides information about billing and payments data stored on © Stripe.
• Participants Dashboard lists billing entities. If you are a maintenance user of a billing entity, then you will be able to access "Invoices | Stripe Customer Portal" link.

Vulnerability Management

• See Security Vulnerability Process

The right to find out more about the data usage & Correction of details

Contact Us if you need more information of if you find errors that cannot be corrected via self-service, please