nil database privacy policy

Updated Frebruary 9, 2019

Data collection

Information you give us

  • account info, such as account name, your name, billing address, and email.
  • payment method details, such as credit card numbers.
  • extra personal info, when corresponding with us by email, such as email, names, phones, and addresses.

Technical information

  • Browser and device data, such as internet protocol (IP) address used to connect to our servers, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons.
  • Cookie and tracking data, such as the login time, the duration of the authenticated sessions.

Data processing

Information you give us

We will use this information:

  • to provide you with the information, products and services you request from us
  • to notify you about changes to our services
  • to provide marketing information to you and for the purposes of customer support, and billing services

Technical information

We will use this information:

  • to administer our web services, applications, or for internal operations
  • to improve and further developp our web services and applications
  • as part of our efforts to keep our website and applications safe and secure

Data storage

Where

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for one of our suppliers. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this privacy policy.

Main services

The main services (the database and account management), with the browser and device data logs, are located on servers provides by DigitalOcean in the Amsterdam, Frankfurt and New York City areas.

Attachments

To be able to store and serve any kind of attachments, without storage capacity issues, we use the Amazon S3 service. We currently use 3 different Amazon web service regions: EU (Frankfurt), EU (Ireland) and US East (N. Virginia), picked during your account setup. By using nil database, you may download some of the attachments directly from Amazon servers. Amazon will have a log of your IP address, browser data, and the requested files, but no information linking to your identity.

Big attachments are processed separately, to avoid slowing the service down. We use a virtual server provided by Hetzner, located in Nürnberg, Germany. No personal information is shared during this process.

How long?

We store the browser and device data for 30 days.

We keep 30 days of database backups.

When you cancel your account, we will ensure that nothing is stored in our servers past 30 days.

We will keep the invoices and the corresponding personal information for 10 years, as required by the financial regulations covering our activity.

Sharing of the data with third parties

We will never sell your personal information to third parties.

We share your account name with our payment processor supplier, stripe, in order for us to be able to resolve issues quickly. They are responsible, and certified, for storing your card details too. We ourselves do not store any sensitive payment information. The card details are sent directly from your browser to stripe. The network connections to stripe are encrypted.

The emails you sent via nil database are processed by mailgun. This service takes care of the delivery, making sure that the recipients receive the emails. Mailgun keeps the bodies of messages for up to 3 days in their systems, and log the email activity, including the email addresses, for 30 days. The network connections to and from mailgun are encrypted.

We may disclose or share your personal data in order to comply with any legal obligation. Unless we are legally prevented from it, we will always inform you when such requests are made.

Cookies

Cookies are small text files that are stored in a computer’s web browser memory. Our web services only use cookies to distinguish you from other users, and for added security. You cannot block these cookies.

Domain Name Purpose
your-account.nil-database.com session_id Used to identify you, and fetch your account’s data and preferences.
your-account.nil-database.com csrftoken Used to store a secret to prevent other webpages to use your nil database session.
nilmanager.nil-database.com csrftoken Used by the account management application to protect the login form.
nilmanager.nil-database.com session_id Not always present. Used to identify you if you log into the account managemenent application

All the cookies we use are restricted to our domains. We do not make use of third party cookies.

Encryption

All communications between your devices and our servers are encrypted via TLS, with strong encryption settings.

The database backups are also encrypted.

Your rights

Under the EU General Data Protection Regulation, you have the right to revoke or amend any consent you have provided allowing us to store and use your personal data. You can exercise your data rights at any time by contacting us at support@nil-database.com.

You can choose to make a full export of your data at any time for extra peace of mind, with spreadsheets of human readable information.

You can request an archive of all the stored attachments (images, …) by contacting us at support@nil-database.com.