Usage of our software allows you and your organization to fulfill the regulatory requirements of GDPR. It is important to note that we do not retain or store any data you add to our software. None of this information is transferred or synced to any of our servers. Instead, any account you add to 2Do results in direct, secure communication between the app and the service in question (such as iCloud / Fruux / Toodledo / Dropbox and so on), thus it is important to realize that the service you’re using our software with needs to comply with GDPR regulations.
1. OUR DETAILS AS THE DATA CONTROLLER
2Do App (the “App“) is brought to you by Beehive Innovations. (the “Data Controller” of your personal data). Consequently, “We“, “Us” and “Ours” refers to the Data Controller.
2. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION
We collect certain information about you when you provide it directly to us or use our App. We only obtain information necessary to provide you with our services. We do not use your data for marketing purposes. We do not store your personal data on our servers, as 2Do does not offer a sync service of its own or any web-service for that matter. There is no internal or external Web API that 2Do uses to communicate any of this information. All data is stored locally on your device and only syncs to another device if you were to setup sync (of your choice).
Email address: When using our Email to 2Do add-on (available as an in app ourchase on iOS), 2Do accesses your emails as an email client). As an email client, the core functionality of the feature is based on providing you with the ability to read your emails and convert these into tasks, based on in-app capturing rules that you create. 2Do performs such a “conversion” by copying the subject line of the email and using that as the title of the task, as well as the contents of the email as notes. The sender’s email address is prepended to the notes to remind you of its origin. 2Do also stores the unique message-id of the email into the task as a URL Action, tapping on which opens takes you to the original email it created a task from. For the reasons stated, 2Do accesses your email account when you start using this add-on. Your email address is never used for marketing purposes and is never stored or communicated outside of your device.
OAuth login or mail server credentials: When using our Email to 2Do add-on (available as an in app ourchase on iOS), 2Do requires your credentials to log into your mail system (such as Gmail and Outlook) in order to receive email messages and apply capturing rules that you setup within 2Do on top of them. These capturing rules act as filters to decide which incoming email need to be converted into tasks. Without such access, our Product won’t be able to provide you with the necessary experience expected of a feature that reads and converts emails into Tasks.
Email content while using Email to 2Do: This information is stored on your devices locally only, and will sync to any other device based on your sync preferences (such as with iCloud Reminders over CalDAV). 2Do does not store this elsewhere. Based on the capturing rules that you have setup within the app, 2Do will modify the flagged or read status of your email in order to either flag / unflag emails or mark those as read that it has successfully read and converted into a task.
APNS device token (Apple Push Notification Service): Push notifications allow 2Do to notify other devices running 2Do of any changes observed. This effectively allows other device to initiate background sync automatically where possible. You’re free to enable or disable them during initial App setup or later using your device’s system preferences.
Device, App version, iOS version information: We need to have this information so the App functions properly on your specific device, or in order to diagnose errors or issues if these were to ever arise.
Statistical information with regards to App usage: In order to better understand general app usage patterns, improve the Product and its user experience, 2Do collects general statistical information about the usage of the Product. Collecting such data helps us optimize the App in future updates and such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.
Non-Personal Information: Non-personal information is data that cannot, on its own, be used to uniquely identify a specific individual in any way or form. This information is usually in the form of crash logs and performance related analytics. We use Google Firebase (http://firebase.google.com) (previously known as Fabric / Crashlytics), as well as Microsoft’s App Center (http://appcenter.ms) (in older versions of the app) for receiving automatic crash reports (in the event of a crash) and performance metrics that would help identify bugs and performance bottlenecks in code. This data is not used for any other purpose. We do not track any individual nor do we collect, transfer or share any information you may store within our apps (with the only exception to users sending their application logs willingly for running support related diagnostics, upon being notified that the logs may contain sensitive information.)
Internet Access Policy: Other than 3rd party CalDAV / Dropbox accounts that you may configure our apps with, here is a list of domains our apps communicate with. Absolutely no personal information is ever collected, tracked, stored or shared, especially anything you may enter or store within the apps.
Our apps connect to the this server to check for updates.
Our apps send crash reports to Google Firebase (Crashlytics) to help with the identification of bugs and crashes. Crash logs are generated by macOS / iOS every time an app may abruptly close or crash due to user-interaction or a memory leak. These crash stack traces help developers improve the app’s overall stability.
Firebase offers out of the box analytics features (entirely anonymous usage) to help identify general performance issues and usage trends. These analytics also help us identify areas that are under-utilized and need greater attention. Any data collected here strictly satisfies the General Data Protection Regulation (GDPR).
*.appcenter.ms (older versions)
This domain is used by older versions of our apps for crash reports collected by and received from Microsoft’s App Center. We switched to Google Crashlystics as the quality of crash reporting offered by Google is unmatched.
Logs: We collect this information to prevent fraud and potential unauthorized access to your personal information, or to perform technical troubleshooting upon your rest. These logs can be shared with us when we request them or if you wish to share these with us voluntarily. The App may record requests your device makes to the server, the details on device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information. This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.
Customer Support communication: We save a record of communication including attachments and information you voluntary decide to share with us for troubleshooting purposes whenever you communicate with our support team. This information is normally kept around as long as the case is opened and is later archived and deleted.
Regarding the Website: your browser transfers certain data so that it can access the Website, namely:
the IP address
the date and time of the request
the browser type
the operating system
the language and version of the browser software.
Cookies: Use of (Further Analyzing) Tools
Cookies are stored on your computer when using the Website. Cookies are small text files that are stored on your hard disk of the computer with which you visit a website and which are allocated to your browser and through which certain information is submitted to the cookies user that sets the cookie (in this case us). Cookies serve to make the website offering more user-friendly and effective overall.
Transient / Session cookies
Persistent / Setting cookies
Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, which identify user session in the browser. Session cookies are deleted when you log out or close your browser.
Persistent cookies help the Website remember your information and settings when you visit them in the future. They are automatically deleted after a specified period, which may differ depending on the cookie.
The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States.
In case IP-anonymization is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of Readdle for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for Readdle relating to website activity and internet usage.
The IP address that your browser transfers within the scope of Google Analytics will not be associated with any other data held by Google.
As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website). In this case an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again.
For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/, https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/privacy?hl=en&gl=en
Email messages sent by us via third-party services like MailChimp or CampaignMonitor may contain tracking pixel which helps us collect statistics on delivery and opening rates of our correspondence. These pixels do not provide us with any additional personal data about you or your behavior online. You can disable image rendering in your email client which will deactivate this feature, however you will be unable to see any images within other received emails.
If you decide to deactivate (some of) the cookies and tools described above, please note that certain features and functionalities of the Services might not work or might not be accessible to you.
3. Location Data in our apps
2Do on iOS, macOS and Android offers a “Near By” function with the ability to create locations and assign locations to tasks. This enables you to create tasks that you only get reminders of when as you arrive or pass by the given location. With this, 2Do also allows you to filter on specific locations and combine these with other filters such as tags, keywords and dates.
For this feature to work effectively, 2Do requires that you give it access to background location updates. 2Do will prompt you only when you wish to use these features, and will only fetch location updates after you have granted it explicit access.
Your location information, or any related information, never leaves your device and is never sent to any external server, including ours. The location data is stored and kept on device for the sole purpose of alerting you for nearby tasks. The only exception to this rule is when you setup sync with a service of your choosing; this data will sync back and forth between your device and the server (and any other device connected to that service, such as iCloud). The data is encrypted at transit and is never shared with anyone else.
4. WHAT WE DO WITH YOUR PERSONAL DATA
Your personal data is used to provide you our services, and to improve the Product. Your personal data is not used for marketing purposes. Since 2Do does not offer its own sync service, we do not store any information or data that you create or store within the app as this is instead stored locally on your device and is only synced with other devices you use, using the sync service of your choice (namely any CalDAV server of your choice, Dropbox or Toodledo). We communicate with these named services over SSL to ensure the data is transferred securely.
As stated in section 2 above, We only process personal data for the purposes strictly necessary to provide you with the service. Some of the purposes for processing the data provided by you include:
Providing you with the services
Improving our services
Notifying you of any changes in our services
5. HOW LONG PERSONAL DATA IS STORED FOR
Your data stored within the app is stored for as long as you keep the app installed. All your personal data is deleted once the app is deleted. 2Do does not communicate this data or store backups on its own servers. All backups are stored locally and deleted as soon as the app is deleted.
6. YOUR RIGHTS
You are entitled to the full spectrum of the rights under the General Data Protection Regulation and We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting your account and all information associated with it from your device or by emailing us at email@example.com
You have a wide array of rights that we respect. Among those the right to:
Require access to your personal data (i.e. your support emails sent to us);
Require erasure of your personal data (i.e. your support email history with us);
Withdraw consent to processing of your personal data, where applicable;
Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached.
The right to data portability is inapplicable with the App. You should contact your email provider directly to request combined access to all of your personal data. If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.
7. CHILDREN’S PRIVACY
We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at firstname.lastname@example.org.
8. OUR COMMITMENT
We will only collect and use your data where We have a legal basis to do so;
We will always be transparent and tell you about how we use your information;
When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;
We will not ask for more data than needed for the purposes of providing our services;
We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;
We will observe and respect Your rights (in section 5 above) by ensuring that queries relating to privacy issues are dealt with promptly and transparently;
We will keep our staff trained in privacy and security obligations;
We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;
We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;
We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.