Privacy Policy & GDPR
Effective Date: 1 Oct 2024
Introduction
Welcome to Enkryptify (“we”, “our”, “us”). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data, and outlines your rights regarding your information. We are dedicated to being transparent about how we handle your data in compliance with the General Data Protection Regulation (GDPR).
Information We Collect
Account Information
When you create an account on Enkryptify, we collect personal information such as your name, email address, password, and profile picture. This data is essential for providing our services and managing your account. We do not use this information for marketing purposes.
Team and Project Information
We collect data related to teams and projects, including team names and project names. This information is used solely to facilitate your use of our services and is not utilized for marketing purposes.
Secrets
Enkryptify allows users to manage secrets (environment variables) for various environments (production, staging, development, etc.). We collect and store these secrets to provide our service. This data is kept confidential and is not used for any other purpose.
Anonymized Usage Data
We collect anonymized data such as browser type, operating system, visited pages, and duration per page. This data helps us improve our services and gain internal insights. It is not linked to any identifiable user.
Data Retention
We retain user data as long as the user maintains an account with Enkryptify. Anonymized analytics data is not tied to any specific user and is kept indefinitely for service improvement purposes. Users can delete their accounts at any time, which will result in the deletion of their personal data.
Data Sharing and Subprocessors
To provide and enhance our services, Enkryptify uses various third-party services. These services are carefully selected to ensure they comply with relevant data protection regulations. Here is a detailed explanation of how your data may be shared with these subprocessors:
- Hetzner: Hetzner is our primary hosting provider for backend services and our self-hosted Plausible Analytics instance.
- Vercel: Vercel hosts our frontend websites, providing fast and reliable access to our web interfaces.
- Neon: Neon is our database provider. All user data, including account information, project data, and encrypted secrets, are securely stored with encryption at rest & transit.
- Stripe: Stripe is our payment processor. When you make a payment, your payment information is securely handled by Stripe in compliance with PCI-DSS standards.
- Resend: Resend handles our transactional email communications, including account verification and notifications. Your email address may be shared with Resend for these purposes.
- Upstash: We use Upstash for caching purposes to ensure quick data retrieval and improve user experience. Additionally, Upstash is used for rate limiting based on IP addresses for unauthenticated users and user IDs for authenticated users.
- Apollo: Apollo handles our email marketing communications. Your email address may be shared with Apollo for these purposes if you've opted in to receive marketing communications.
- Tawk.to: To provide live chat support, we use Tawk.to. This allows us to assist you in real-time with any issues or questions you may have.
- Plausible Analytics: We use a self-hosted instance of Plausible for anonymous analytics on our main website (enkryptify.com). No personal data is collected or processed through this service.
- PostHog: PostHog is used for analytics on our dashboard (app.enkryptify.com). We ensure that no personal or sensitive data is ever recorded or tracked through PostHog.
- Sentry: Sentry provides error tracking and performance monitoring for our applications. Error logs may include technical details about issues you encounter, helping us improve service reliability.
- Third-Party Integrations: Enkryptify integrates with various third-party services to enhance functionality. These integrations may require sharing secrets (environment variables) with your explicit consent. For a comprehensive list of integrations, please visit our integrations page.
We ensure that all third-party providers adhere to strict data protection standards and use your data only for the specified purposes.
User Rights
Users have the right to access, rectify, and delete their personal data. To exercise these rights, users can contact us at contact@enkryptify.com.
Data Security
We implement various security measures to protect your data. These measures are detailed on our security page. While no system connected to the internet can be guaranteed to be 100% secure, we take extensive precautions, including regular penetration testing by independent third-party companies, to safeguard your information.
Cookies and Local Storage
We use cookies and local storage to store user preferences such as language settings, themes, and access tokens. External tools integrated into our service may also store cookies. Users can manage their cookie preferences through their browser settings.
Data Transfers
All data is stored on servers within the EU. However, data may be sent to third-party integrations, which may be located outside the EU, if the user has explicitly enabled these integrations. We ensure that appropriate safeguards are in place for any such data transfers.
Children's Privacy
Enkryptify is intended for users aged 18 and above. We do not knowingly collect data from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. In the event of significant changes, we will notify users via email and on our platform. We encourage you to review this policy periodically for any updates.
Contact Us
If you have any questions or concerns about your privacy, please contact us at contact@enkryptify.com.