Record of Processing Activities (RoPA)
Record of Processing Activities (RoPA)
Record of Processing Activities (RoPA)
This document serves as the Record of Processing Activity (RoPA) for our organization. It provides a detailed account of how we collect, use, store, and manage personal data in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR). The RoPA is intended to ensure transparency, accountability, and adherence to lawful data processing practices. This document details the types of data we process, the purposes behind the processing, the legal bases for our activities, and the safeguards we have implemented to protect personal data.
Document Structure
This document is formatted in the following format for each provider or tool that we use within our platform.
Name of Service
•How We Use the Service Provider
•What user information is shared with or collected by this Service Provider, and what information is returned to the Company.
Technical Service Providers
•APIs are used to generate both static and dynamic maps, which may involve processing location-based data.
•Company does not share any User personal information directly with Google.
•Securely storing and organizing data within databases, blob storage, other services.
•Full site and application content, including User data, is stored in Azure SQL Server. All personal data is encrypted during transit and at rest, ensuring data security.
•Headless Content Management Platform used for managing content of Website and Services.
•Sanity is used for managing content on the Website and Services. The Company does not share any User personal information directly with Sanity.
•Vercel hosts the website. The Company does not share any User personal information directly with Vercel.
•Content generation and analysis.
•OpenAI is utilized for content generation and analysis. The Company does not share any User personal information directly with OpenAI.
•Sending programmatic transactional email notifications or updates to Users about specific activity as well as Company product related emails to non-User users.
•Email addresses and other associated user-level data (e.g., Name, Order Details).
•Payment transaction processor for all purchases made on Website.
•PayTheory collects credit card information and then shares with the Company a Payment Method Id, Last 4 of Credit Card Number, Expiration Date and Credit Card type with Company to use for displaying to User when selecting payment method for purchase.
•Google Analytics collects anonymized usage data, including IP addresses, for analytics purposes. Individual user activity is not tracked by Google Analytics.
Marketing Service Providers
•Analytics on our Website (e.g., what pages on our Website people visit, how long the visits, where they click)
•Google Analytics collects anonymized usage data, including IP addresses, for analytics purposes. Individual user activity is not tracked by Google Analytics.
•To send surveys to users to request feedback about the Company Services and Platform.
•A user’s email address and survey responses may be shared between Mailchimp and Company to allow Company to obtain feedback and improve the Platform and the Services.
•To send email newsletters to Users who have subscribed.
•A user’s email address is shared between Company and Zoho to allow Company to send email newsletters to Users.
•Usage analytics for Website and aid when determining issues and optimal usage of site.
•HotJar collects website visitor information, such as device type, operating system, browser, and screen size, to aid in determining site issues and optimizing user experience.
Internal Tools
•Utilized for Company internal emails, docs, slides, spreadsheets, etc.
•Company may share personal information with Microsoft during the utilization of these services, for instance, if a user contacts employees for support.
•Task management software to organize engineering or other internal teamwork.
•Incidental personal information may be shared with Jira for the purpose of debugging errors on the Company Services and Website or to fulfill specific data requests.
•Internal team communication tool
•Personal information may be incidentally shared via Slack during internal communications, such as when engineers or support teams are debugging user issues.
•Incident Management Platform used to address issues reported by User.
•Users may submit incident tickets, which may include their email address or other personal information, depending on the nature of the issue raised.