Privacy Policy

In this Privacy Policy, AppSignal B.V. (hereinafter: ''AppSignal'' or ''we'') explains which personal data is collected when you use our services. This includes our websites https://www.appsignal.com, https://docs.appsignal.com and https://blog.appsignal.com (hereinafter: the “Website”) and our product (hereinafter: the “Product”), (hereinafter jointly: the/our "Service(s)"). AppSignal values your privacy and the protection of your personal data. Personal data will therefore be processed carefully and in accordance with this Privacy Policy and applicable laws and regulations.

If you have any questions or wish to receive further information, please contact us using the contact details at the bottom of this Privacy Policy.

1. When does this Privacy Policy apply?

This Privacy Policy applies to visits to our Website and the use of the Product. If necessary, we make a distinction in this Privacy Policy between our Website and our Product.

Also, this Privacy Policy only applies to processing of Personal Data by us as controller. If an organisation processes Personal Data of you through our Services, this organisation is the controller. We are then the processor. In that case, this Privacy Policy does not apply.

2. Your Privacy is of great importance to us

We believe that careful handling of Personal Data is of great importance. Personal Data is therefore processed carefully and in accordance with this Privacy Policy and the applicable laws and regulations.

This means that we:

• Clearly define our purposes before we process your Personal Data, via this Privacy Policy;
• Store as little Personal Data as possible and only process the Personal Data that is necessary for our purposes;
• Only process Personal Data if there is a valid basis;
• The necessary security measures are taken to protect your Personal Data. We also impose these obligations on parties that process Personal Data for us;
• Respect your rights, such as the right to access, correction, data portability or deletion of your Personal Data processed by us.

If you have any questions or would like to receive more information about the handling of your Personal Data, please contact us using the contact details provided in this Privacy Policy.

3. Personal data

When we use the term "Personal Data" in this Privacy Policy, we mean information relating to you (see also the definition in Article 4 (1) of the General Data Protection Regulation (hereinafter: the "GDPR")).

4. AppSignal

For questions and/or comments about the processing of your Personal Data, you can contact us via the contact details below:

AppSignal B.V.
P.O. Box 10212
1001EE Amsterdam
The Netherlands
E: contact@appsignal.com
T: +31 20 42 84 105
Dutch Chamber of Commerce number: 62960407

5. The Personal Data which we can process when you visit our Website

When you visit our Website as a visitor, we may process certain Personal Data about you. This concerns the following processing of Personal Data.

When filling out a form on our Website

There are various forms available on our Website, such as a form for requesting a trial. In the form we can request the following information from you:

• First name
• Last name
• Email address
• Preferred password
• GitHub account

The basis for this processing of Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing, because otherwise we will not be able to contact you/provide you with a trial to our Product.

When signing up an account

When signing up an account we can request the following information from you:

• First name
• Last name
• Email address
• Preferred password

The basis for this processing of Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing, because otherwise we will not be able to contact you/provide you with our Product.

After signing up an account, it is possible to enter or import additional data on the Product, including Personal Data. However, this is not mandatory. This concerns, for example, the following data:

• (Additional) personal information
• (Additional) contact details
• Further data entered or imported in the Product

The basis for the processing of this Personal Data is Article 6(1) a of the GDPR: you have given us permission to process this data, because you have chosen to enter or import this data in the Product.

When contacting us

You can also contact us in other ways than filling out a form. This can be done, for example, by phone, email and live chat. With a contact request, we can ask you for the following information, among others:

• First name
• Last name
• Company
• Email address
• Phone number
• Other information that is relevant to the request

The basis for processing this Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing, because otherwise we cannot contact you.

When applying for a job via our Website

You can apply for a job with us via our Website. We have application forms on the Website for this purpose. In this form we ask for the following information, among others:

• First name
• Last name
• Email address
• Phone number
• Motivation
• Curriculum vitae (CV)
• LinkedIn profile URL
• Possible start date
• Referral

The basis for the processing of this Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing, because otherwise we cannot contact you and assess whether you fit AppSignal’s profile.

When processing job applications, we work together with Homerun who can process the above mentioned Personal Data for us.

Newsletters

You can subscribe to one of our newsletters, for example our internal newsletter, the “Ruby Magic” and/or the “Elixir Alchemy” and/or the "JavaScript SOurcery" newsletter, by entering your email address and/or by indicating that you wish to receive the newsletter when registering an account. In the newsletters you can read news, tips and information about our Product. The basis for the processing of this Personal Data is Article 6 (1) a GDPR: you have given permission for the processing of Personal Data.

After subscribing to one of our newsletters, your email address will automatically be added to the list of subscribers. Newsletters can contain, for example, updates about new features and other news regarding the Services. Every newsletter contains an unsubscribe link with which you can unsubscribe from the newsletter. You can also send an email to support@appsignal.com.

When sending our newsletters, we work together with Mailchimp and/or Intercom and/or Mailgun who can process the above mentioned Personal Data for us. Mailchimp, Intercom and Mailgun have developed software that we use to cover various aspects of our online marketing, including sending our newsletter.

6. When you use our Product as a user

When you use our Product as a user, we may process certain Personal Data about you. We provide various services in our Product, where various Personal Data are processed. Below is stated per service which Personal Data we process.

AppSignal login

In order to use our Product as a user, regardless of the chosen pricing plan, we process the following data from you:

• Email address
• Password; or
• GitHub account

After providing the above mentioned information, you can login to our Product with your email address and password, or GitHub account. We need the above mentioned information to know who you are.

The basis for the processing of this Personal Data is Article 6(1) b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide our services to you.

When paying for our Product

It is possible to purchase subscriptions to our Product for a fee. To arrange payment for our Product, we process the following payment details from you:

Payment by invoice:

When paying by invoice, we use information from you that is already known to us, such as the (company) name, the address details, and the registered email address. Other relevant data, such as Chamber of Commerce number and VAT number are only stated on the invoice if you have entered these data in your account.

Payment by credit card:

If you pay by credit card, we will process the following information of you:

• (Company) name of credit card holder
• Expiration date (mm/yy)
• Last four (4) digits of your credit card

We need the above mentioned information so that we can send you an invoice or a payment can be made with a credit card.

The basis for the processing of this Personal Data is Article 6(1) b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot arrange payment for our services. We also keep this data as long as your account is active. We delete the data six (6) months after the account is deleted or terminated so that we can still answer any questions. If you wish to have your data deleted immediately, you may request that we do so. We will make an exception to the six (6) month requirement if it is necessary by law to keep Personal Data for a longer period.

For payment we can use the services of Stripe and/or Moneybird. In that case, you provide your payment details (directly) to Stripe and/or Moneybird. Stripe and/or Moneybird may share certain information about you with us (such as your name and bank details), so that we can check whether you have paid. We recommend you to also read the privacy policies of Stripe and Moneybird.

7. When you visit our Website or use our Product as a user

In addition to the above processing of Personal Data, there are some other processing that may occur both when visiting our Website and when using our Product.

Cookies

Our Website and our Product use cookies. AppSignal uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your computer, tablet or smartphone when you first visit the Website or the Product. AppSignal uses cookies with merely technical functionality. These ensure that the Website or the Product works properly and that your preferred settings are remembered, for example. These cookies are also used to make the Website and the Product work properly and to be able to optimise them. In addition, we place cookies that keep track of your surfing behaviour. On your first visit to our Website or the Product, we will inform you about these cookies and ask for permission to place tracking cookies. You can unsubscribe from cookies by setting your internet browser in such a way that it no longer stores cookies. In addition, you can also delete all information that was previously stored via the settings of your browser. For more information about the cookies we can place, we kindly refer to our cookie policy.

PostHog

We use PostHog to improve our Website and our Product. With PostHog, we gain insights into how visitors and users use our Website and Product. With this service little to no Personal Data is processed.

The legal basis for the processing of this Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing. This information is valuable for us and the impact on your privacy is nil.

We recommend you to also read the privacy policy of PostHog.

Matomo

We use Matomo in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing our Website and Product. We have configured Matomo in a privacy friendly manner in accordance with this configuration guide. With these configurations Matomo does not track Personal Data, but it only tracks anonymized data.

You can opt-out from being tracked by Matomo by unchecking the box below.

Logging

We use logging on our Website and on our Product. Logging is the automatic recording of certain data. We keep logs from the Website and the Product. These logs are stored in log files. These log files include the IP address of the visitor or user, the browser that the visitor or user uses, the time the visitor visited our Website or the user used our Product and which pages the visitor or user visited during his visit.

The log files are used, among other things, to manage the Website and the Product, to keep track of visit and usage statistics, to prevent misuse of the Website and the Product and to ensure security.

We also use logs to detect and resolve errors and bugs on the Website and on the Product. These logs are necessary so that we can respond as quickly as possible to possible problems with the Website and the Product.

The log data will be pseudonymised as much as possible. This means that the log data cannot be linked to you without additional data being used.

The legal basis for the processing of this Personal Data is Article 6(1) f of the GDPR: we have a legitimate interest in this processing. This information is required for the Website and the Product to function properly.

8. Security

We protect your Personal Data by taking technical and organisational measures against unauthorised, unlawful or accidental access, loss, destruction or damage to Personal Data. We are constantly taking steps to improve data security.

In this way we ensure that your personal data will be processed in accordance with the applicable data protection laws and regulations, only the necessary persons have access to your Personal Data, that access to Personal Data is secured and that our security measures are regularly checked and evaluated. Among others, we take the following security measures:

1. We have secured the connections to our Services via Secure Socket Layer (SSL) technology (including communication between the AppSignal data collection agent and our servers)
2. The application data you send us is only stored in ISO 9001:2015, ISO/IEC 27001:2015, ISO 14001:2015, and PCI DSS certified facilities in the Netherlands
3. Strong, unique passwords and password vaults are used
4. There are procedures for the acquisition, development, maintenance and destruction of data and information systems
5. Security measures are built into all application systems, including adequate access management
6. A procedure is available to deal with possible data breaches
7. We ensure that our IT infrastructure is provided with security updates in a timely manner
8. We randomly check compliance with the policy

The Personal Data is stored with parties that can ensure careful security. With these parties agreements have been made that are necessary for the processing of Personal Data. Insofar as the data centres of these parties are located outside the European Economic Area (EEA), appropriate safeguards have been put in place to make the transfer possible.

9. Retention period

We do not keep your Personal Data longer than necessary for the purposes for which they were collected or used. We only keep the Personal Data for a longer period if this is necessary to comply with a legal obligation, such as a tax retention obligation.

10. Third parties

We do not sell your data to third parties. We may, however, engage third parties who process certain Personal Data under our responsibility.

Some of these third parties are located in the EEA. Some third parties may be located in countries outside the EEA, such as the United States. In order to protect your Personal Data and to comply with our legal obligations, we will only engage third parties as processors if those third parties offer sufficient safeguards for the protection of your Personal Data. We will conclude a data processing agreement with these third parties, which provides appropriate protection with regard to your Personal Data. These third parties may only process the Personal Data in the context of the assignment we have given them, and not for other purposes.

11. Updates or changes to this Privacy Policy

The way in which we process Personal Data, and the composition of the data we process, may change over time. AppSignal reserves the right to change this Privacy Policy at any time. For that reason, Appsignal encourages you to check the Privacy Policy regularly to stay informed of such changes. We make commercially reasonable efforts to inform you of major changes. In this way we ensure that you are aware of recent changes.

12. Your rights

In the context of our processing of your Personal Data, you have, among others, the following rights:

1. The right to inspect the Personal Data that we process of you
2. If you have given permission for the processing of your Personal Data, you also have the right to withdraw this permission
3. The right to exercise data portability
4. The right to have errors corrected
5. The right to have outdated Personal Data deleted
6. The right to object to a particular use of Personal Data

If you wish to exercise these rights, you can contact us. We request that you describe in your request as clearly as possible to which Personal Data your request relates.

You can only exercise your rights to the extent that the law grants you these rights. To ensure that a request has been made by you, we may ask you to send a copy of your identity document with this request. We only ask for this if we deem it necessary to identify you. We destroy the copy of your identity document immediately after we have identified you.

13. Other

This Privacy Policy does not apply to third-party websites that are linked to our websites. We cannot guarantee that these third parties will handle your Personal Data in a reliable or secure manner. We recommend that you also read the privacy policies of these parties/websites.

14. Complaints

If you have a complaint about the way we process your Personal Data, you can contact us. We then try to find a solution together. You also have the right to lodge a complaint with the supervisory authority. In the Netherlands this is the Dutch Data Protection Authority (in Dutch: “Autoriteit Persoonsgegevens”).