Scope

Suptask and its affiliates (collectively, “Suptask,” “we”, “us”, or “our”) have created this Privacy Policy to describe how we collect, use, and disclose information. This Privacy Policy is applicable for you when you use our products, services or attend our events (as long as no other privacy policy is displayed). We refer to these as our "Services".

Suptask  (Happyning AB), 559219-8211, with headquarters at Scheelegatan 28, 112 28 Stockholm, Sweden.

How we handle your data

We work continuously to ensure that your personal privacy is protected when you use our Services. Your personal data is processed in accordance with applicable legislation (the GDPR).

We do not sell your data with any other party.

We safeguard your data with technical solutions, processes and training

We apply automated technical solutions to make sure your data is safe from unauthorized access.

We only store the data related to our Services and the data you provide to us. For example your Slack username or your email.

You can at any time reach out to us and ask us to remove data relating to you.

Contact us at dpo@suptask.com to delete, transfer or access your data.

Compliance

Our technical solution is hosted within Amazon Web Services (AWS) and is covered by SOC2, ISO27001, ISO27017, ISO27018 and CSA. The complete list can be found here: https://aws.amazon.com/compliance/programs/

Information security

All data information is encrypted in transit and at rest using the most up to date secured ciphers and AES-256.

Amazon Web Services (AWS) has years of experience in designing, building and operating large-scale data centres. Physical access to these data centres is strictly controlled by professional security personnel. Authorized personnel must go through multiple authentication steps to gain access to these data centres. The design and precise location of these data centres constitute classified information to which, for security reasons, only selected members of the Amazon staff have access.

We never store any credit card information in our databases. All sensitive payment information is handled securely by our partner Paddle. All communication with our payment partner is encrypted in accordance with industry standards. Passwords are always saved one-way encrypted in our databases.

Our service with Slack

We provide a solution that works inside of Slack, which trusts the way Slack is managing the data for you as a customer to Slack.

The technical solution we provide does only access the data we need to provide the functionality we include to you as a customer of ours. In relation to Slack data we only process the data you give access to according to the security permissions that the bot requires. Data is primarily consumed from the Slack channels where you as a customer specifically invite the Bot.

Event data that we evaluate, but do not store, inside of channels: reactions (emojis), messages and threads, bot actions (e.g filtering).
Data that we store is only related to the Tickets e.g we do not store all messages but only those related to a Ticket.

Personal data breaches

We are liable for processing your data as securely as possible by following the requirements set out in the GDPR.

Suptask assumes its obligations in the event of a personal data breach. In the event of such a breach, Suptask will report the breach to the Data Inspection Board within 120 business hours, and inform the affected parties as well as specify what we will do to remedy and prevent a breach in the future.

The responsibility relies within our Data Protection Officer (dpo@suptask.com).