Rachit Khator
security@stackby.com
702 Empire State Building, Ring Road, Surat, Gujarat - India
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
If you need a signed DPA, please use the button below to cross sign and download your copy of our DPA.
We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
Services | ||||
---|---|---|---|---|
Partner | Locale | Data Shared | Purpose | |
Amazon | IP Address | This site is hosted on Amazon AWS EC2 Infrastructure. |
||
Amazon Route 53 | IP Address | Amazon's scalable DNS web service system. |
||
Amazon S3 CDN | IP Address | Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. |
||
Babel | IP Address | Babel is a JavaScript compiler. |
||
CDN JS | IP Address | CloudFlare's CDN with popular javascript frameworks available. |
||
crypto browserify | IP Address | A port of node's crypto module to the browser. |
||
DoubleClick.Net | IP Address | DoubleClick enables agencies, marketers and publishers to work together successfully and profit from their digital marketing investments. |
||
Elliptic | IP Address | Fast Elliptic Curve Cryptography in plain javascript. |
||
FirstPromoter | IP Address | Affiliate and referral tracking system. |
||
Global Site Tag | IP Address | Google's primary tag for Google Measurement/Conversion Tracking, Adwords and DoubleClick. |
||
Google Analytics | IP Address | Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers. |
||
Google Apps for Business | IP Address | Web-based email, calendar, and documents for teams. Renamed to Google Apps for Work, but now known as G Suite From Google Cloud. |
||
Google Font API | IP Address | The Google Font API helps you add web fonts to any web page. |
||
Google Tag Manager | IP Address | Tag management that lets you add and update website tags without changes to underlying website code. |
||
Google Universal Analytics | IP Address | The analytics.js JavaScript snippet is a new way to measure how users interact with your website. It is similar to the previous Google tracking code, ga.js, but offers more flexibility for developers to customize their implementations. |
||
GStatic Google Static Content | IP Address | Google has off-loaded static content (Javascript/Images/CSS) to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user. |
||
Intercom | IP Address | Intercom is a customer relationship management and messaging tool for web app owners |
||
MailChimp | IP Address | MailChimp is a widely used Mailng List delivery and support service. |
||
Popper.js | IP Address | A library to manage your pop ups. |
||
Raven JS | IP Address | Raven.js is the official browser JavaScript client for Sentry. |
||
Segment | IP Address | Segment gives you the ability to instrument your web app for analytics once, and then send your data to any number of analytics services. Previously known as Segment.io |
||
StackPath BootstrapCDN | IP Address | StackPath's Bootstrap CDN system - encompasses MaxCDN and NetDNA. |
||
Ubuntu | IP Address | Ubuntu is a free, Debian derived Linux-based operating system, available with both community and professional support. |
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
Application Site Security | |
---|---|
Status | Name |
Completed | Restrict Personal Data at Signup to the Minimum Necessary |
Completed | SSL (TLS) Deployed on App Site |
Completed | Personal Data in File Storage is Encrypted |
Completed | Affirmative Consent mechanism added to User Signup |
Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of App Site |
Completed | Ensure Database Backups of Personal Data are working |
Completed | Ensure Access to Backups is Restricted |
Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
Completed | Personal Data in Databases is Encrypted |
Completed | Ensure Web Application Firewall enabled and blocking common attacks |
Completed | Ensure Backups are Stored in on Encrypted File Storage |
Completed | Inform Users about the GDPR Page |
Completed | Ensure Intrusion Detection Systems are in Place |
Data Mapping | |
---|---|
Status | Name |
Completed | Add CDN Provider to Data Partners |
Completed | Add File Collaboration Service to Data Partners |
Completed | Add Database Provider to Data Partner |
Completed | Add Internal Email Service to Data Partners |
Completed | Add Customer Support (Helpdesk) Service to Partners |
Completed | Add Email Newsletter Service to Partners |
Completed | Add Hosting Provider to Data Partners |
Completed | Add Performance Monitoring Applications to Data Providers |
Completed | Add Transactional Email Service to Partners |
Completed | Add Exception/Error Reporting Services to Data Partners |
Completed | Add Web Analytics Service to Data Partners |
Completed | Add Third Party Web Font Services to Data Partners |
Completed | Add Social Embeds to Data Partners |
Marketing Site Security | |
---|---|
Status | Name |
Completed | Reviewed list of users with access to site |
Completed | SSL (TLS) Deployed on Marketing Site |
Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of Marketing Site |
Privacy Procedures | |
---|---|
Status | Name |
Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
Completed | Get Management Approval for GDPR Efforts |
Completed | Process established for subject data requests |
Completed | Nominate a Data Protection Lead or Data Protection |
Completed | Informed all Employees and Contractors about GDPR Compliance |
Completed | Briefed all Staff on GDPR Impact to the organization |
In Progress | Developed a Data Processing Agreement |
Security Procedures | |
---|---|
Status | Name |
Completed | Publish statement on public website on how to report security and data issues. |
Completed | Data Breach Notification Policy has been established |
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.