Privacy Policy for ThanksChat

Last updated - 05/08/2020

At ThanksChat we care deeply about your rights as a customer and we will always respect your trust. Because of this, we try to collect as little information as possible, and only keep what we need. We've done our best to clearly lay out our policies on this page. If you see any way to improve this policy, please let us know by emailing support@mcgirk.com. We're providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive from our users (who we will refer to as "you") when you access or use our web site and the ThanksChat service (which we refer to as "ThanksChat").

We break down this privacy policy into 4 sections

• What do we collect and why?
• Where is the information stored and what protections are there?
• Who has access to your data?
• Any other questions?

What do we collect and why?

When ThanksChat is added to your Slack instance, we collect:

• The team name - we collect this so we can display it back to you to make the experience that bit nicer
• The admin user email and slack username - We need the email address to communicate with you about your account. We need the slack username to log you in correctly in the future.

When a user logs in:

• The user email and slack username - We need the email address to communicate with you about your account. We need the slack username to log you in correctly in the future.

When a user gives a token:

• Details about the message - we only collect information about messages that contain the token that your organization has set in the body of that message. When we get one of those messages, we collect the following:
• Time the message was sent
• The username of the sender
• The username of the recipient
• The id of the channel the message was sent on
• The text of the message

As well as the above, ThanksChat also retains information about the settings that enable it to work. This is as follows:

• The token that is set for the team
• The max points per day set for the team
• The username set for the bot
• The logo set for the bot
• The team timezone offset
• A user id and token to allow ThanksChat to send messages to your slack instance

Where is the information stored and what protections are there?

The API for ThanksChat and the associated database is run on top of Heroku

We use Heroku as a hosting provider in the United States to store and protect your information. They are up to date and are set up with the latest security standards and regularly undergo security assessments to protect your information.

When you submit information via our service, your information is protected through secure connections. Your data is also encrypted at rest with AES-256, block-level storage encryption. If your personal data is exposed to an unknown 3rd party we will notify you within 72 hours of the incident being reported.

Information is stored for as long as you continue to use ThanksChat. If you decide to stop using ThanksChat then any personally identifiable information will be removed after a suitable period of time. No more than 12 months from time of deletion.

Who has access to your data?

We do not sell or give out any of the information that ThanksChat gathers for any purpose other than for the purpose of providing our service to you. The only parties who have access to any of the data that ThanksChat collects are you, ThanksChat staff, and third parties that need access to particular subsets of data to perform duties to provide you with that service.

Third parties that do have some access:

• Heroku - our hosting provider, controls the data.
• Google Analytics - tracks visits to our website
• Stripe - For billing purposes.

We may also release your information when it is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

How do we handle data access/deletion requests?

We handle data access/deletion requests differently depending on if you are an administrator or a member.

If you are a member and would like a copy of the data that we hold about you, or would like your data to be removed from our system, please ask the administrator of your ThanksChat app (the person who added ThanksChat to your Slack instance) to make a request to support@mcgirk.com.

If you are the administrator of your ThanksChat app, and would like a copy of the information we hold about you or your team, or would like that data to be removed from our systems, please contact us at support@mcgirk.com and we will send you or remove that data as appropriate within 30 days.

As mentioned elsewhere in this policy and in our terms, if a data access request is made to us by law enforcement, we will verify that the request is legit, and then cooperate in any way we can.

Any other questions?

We are constantly trying to improve this privacy policy. If you have any further questions or suggestions then please let us know at support@mcgirk.com.