Butler and the GDPR
What is the GDPR, and what are we doing to comply?
GDPR stands for the General Data Protection Regulation and is effective as of May 25, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer, and processing of any personal data that originates from the EU.
What data do we collect?
Account and billing information
We collect your name, email address, as well as other personal information you directly give us on the service in order to create and maintain your user account. We also collect and retain your Trello user information and email address to communicate critical service updates.
We use a third-party service called Stripe to collect and process your payment information if you have an upgraded account, and we have access to your invoices, name, billing address, and the last four digits of your credit card number.
We use a third-party service called Help Scout to provide customer support. Help Scout collects your name, email address, and details about your usage of our help center.
We store your Butler commands, preferences, settings and any other information that you enter through the user interface.
Your Trello board data, as necessary
In order to perform the service, we receive notifications about every Trello action you perform and match them to your commands. If an action doesn't trigger a command, the data associated to the action is discarded immediately except for an action identifier, a 24-digit hexadecimal serial number, which does not contain any information about your action. This action identifier is stored to avoid processing actions multiple times.
If one or more triggers are activated by your action, all of the information from your action and any subsequent commands triggered is stored in an execution queue until each can be executed. Once executed, the information is deleted from the queue and stored in a logging system along with any additional information gathered as a result of the execution. We keep the information in the execution logs for up to 90 days in order to debug possible malfunctions.
After 90 days or less, the execution log data is discarded, but we may store certain Trello operational data for longer (e.g. usernames, field names, identifiers, programmatic values, and similar data) in order to accelerate the performance of the service for you.
Like most websites, we automatically log some information about you and your web-enabled device. For example, when visiting the service, we log your device’s operating system type, browser type, browser language, the referring website you visited before browsing to our service, pages you viewed on our service, how long you spent on a page, access times, and information about your use of and actions on the service. We currently use a third-party service called Google Analytics to collect, monitor, and analyze this type of information in order to improve the site and service’s functionality and design.
How do we use and share the data we collect?
In summary, we only use and share your data in order to:
- provide, operate and improve the site and services,
- provide technical and administrative support,
- run our company,
- comply with laws and regulations.
With your additional consent, we may also use and share your data for:
- marketing activities such as contacting you about new products or promotions. We currently use a service called MailChimp to maintain our newsletters and send all marketing communications.
How can you access, correct or restrict your personal information?
You can generally access and correct your data using the Butler user interface and, since we obtain most of the data from Trello, the Trello user interface.
You may revoke our continued access to your Trello data by following the steps here: https://help.trello.com/article/1153-revoking-access-to-trello.
If your account is administered by an organization and you are not the administrator, you must refer to that organization’s policies regarding your personal information and contact your administrator accordingly.
If the personal data access controls you are looking for are not available through the user interface, you can contact us at email@example.com with your request and we'll make commercially reasonable efforts to extract the information from our servers, as required under applicable laws and regulations.
You may contact us about privacy, terms of service, and GDPR questions at our email address: firstname.lastname@example.org.