SmartTask and the GDPR
Privacy and Security Contact
Shyamal Parikh
support@smarttask.io
102, Sardar Center
Opp Vastrapur Lake
Vastrapur
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
Data Processing Partners
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
| Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
 |
Angular JS |  |
IP Address | Angular is what HTML would have been if it had been designed for building web applications. |
|
Azure | |
Database WebApps | SmartTask is hosted on Microsoft Azure |
|
COVID-19 | |
IP Address | This website mentions COVID-19 / Novel Coronavirus. |
|
Dropbox | |
IP Address | Widgets for file upload and management from Dropbox. |
| Facebook Conversion Tracking | |
IP Address | Conversion tracking functionality from Facebook, allows a user to track advertisement clicks. |
|
| Facebook Custom Audiences | |
IP Address | Custom Audiences from your website makes it possible to reach people who visit your website and deliver the right message to them on Facebook. |
|
| Facebook Domain Insights | |
IP Address | This website contains tracking information that allows admins to see Facebook Insights out of Facebook to this domain. |
|
| Facebook Pixel | |
IP Address | Facebook Pixel is Facebooks conversion tracking system for ads on Facebook to websites. |
|
|
Global Site Tag | |
IP Address | Google's primary tag for Google Measurement/Conversion Tracking, Adwords and DoubleClick. |
| Google AdWords Conversion | |
IP Address | Adwords conversion tracking code. |
|
| Google Analytics | |
IP Address | Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers. |
|
| Google API | |
IP Address | The website uses some form of Google APIs to provide interaction with the many API's Google Providers. |
|
| Google Conversion Tracking | |
IP Address | This free tool in AdWords can show you what happens after customers click your ad (for example, whether they purchased your product, called from a mobile phone or downloaded your app). |
|
| Google Font API | |
IP Address | The Google Font API helps you add web fonts to any web page. |
|
| Google Remarketing | |
IP Address | Google code specifically for remarketing/retargeting based advertising. |
|
| Google Tag Manager | |
IP Address | Tag management that lets you add and update website tags without changes to underlying website code. |
|
| Google Universal Analytics | |
IP Address | The analytics.js JavaScript snippet is a new way to measure how users interact with your website. It is similar to the previous Google tracking code, ga.js, but offers more flexibility for developers to customize their implementations. |
|
|
Intercom | |
IP Address | Intercom is a customer relationship management and messaging tool for web app owners |
|
LinkedIn Insights | |
IP Address | The LinkedIn Insight Tag is a piece of lightweight JavaScript code that you can add to your website to enable in-depth campaign reporting and unlock valuable insights about your website visitors and for conversion optimization of ads. |
|
Mouseflow | |
IP Address | Mouseflow records videos of your site visitors and generates heatmaps highlighting areas users are clicking, scrolling and ignoring. |
|
Namecheap Hosting | |
IP Address | Domain registration and hosting services from Namecheap. |
|
OneSignal | |
IP Address | Push notification delivery solution. |
|
reCAPTCHA v2 | |
IP Address | v2 of the Google reCAPTCHA system. |
|
Sendgrid | |
Email Name | For Transactional Emails |
|
Stripe | |
IP Address | Stripe makes it easy for developers to accept credit cards on the web. |
Compliance Tasks
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
| Application Site Security | |
|---|---|
| Status | Name |
| Completed | Establish Development Environment Data Handling Guidelines |
| Completed | Restrict Personal Data at Signup to the Minimum Necessary |
| Completed | Registered with HaveIBeenPwned Domain Notification |
| Completed | Ensure Web Application Firewall enabled and blocking common attacks |
| Completed | Ensure Intrusion Detection Systems are in Place |
| Completed | Redact Logs from Writing Unneeded Personal or Sensitive Data |
| Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of App Site |
| Completed | Added External Javascript Files to Data Partners |
| Completed | Ensure Access to Backups is Restricted |
| Completed | SSL (TLS) Deployed on App Site |
| Completed | Affirmative Consent mechanism added to User Signup |
| Completed | Ensure Database Backups of Personal Data are working |
| Completed | Inform Users about the GDPR Page |
| Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
| Completed | Ensure Backups are Stored in on Encrypted File Storage |
| Completed | Personal Data in File Storage is Encrypted |
| Completed | Personal Data in Databases is Encrypted |
| Completed | Establish Stale Data and User Policies |
| Data Mapping | |
|---|---|
| Status | Name |
| Completed | Add Hosting Provider to Data Partners |
| Completed | Add Internal Email Service to Data Partners |
| Completed | Add Web Analytics Service to Data Partners |
| Completed | Add Exception/Error Reporting Services to Data Partners |
| Completed | Add Performance Monitoring Applications to Data Providers |
| Completed | Add Customer Support (Helpdesk) Service to Partners |
| Completed | Add Social Embeds to Data Partners |
| Completed | Add Third Party Web Font Services to Data Partners |
| Completed | Add Transactional Email Service to Partners |
| Completed | Add Email Newsletter Service to Partners |
| Completed | Add CDN Provider to Data Partners |
| Completed | Add File Collaboration Service to Data Partners |
| Completed | Add Database Provider to Data Partner |
| Marketing Site Security | |
|---|---|
| Status | Name |
| Completed | Reviewed list of users with access to site |
| Completed | SSL (TLS) Deployed on Marketing Site |
| Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of Marketing Site |
| Privacy Procedures | |
|---|---|
| Status | Name |
| Completed | Informed all Employees and Contractors about GDPR Compliance |
| Completed | Privacy Policy Updates |
| Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
| Completed | Process established for subject data requests |
| Completed | Get Management Approval for GDPR Efforts |
| Completed | Data Protection Policy Created |
| Completed | Developed a Data Processing Agreement |
| Completed | Briefed all Staff on GDPR Impact to the organization |
| Completed | Nominate a Data Protection Lead or Data Protection |
| Security Procedures | |
|---|---|
| Status | Name |
| Completed | Data Breach Notification Policy has been established |
| Completed | Publish statement on public website on how to report security and data issues. |
Frequently Asked Questions
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
What's the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.
How Do I Report a Security Issue?
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
Do Non EU Companies need to comply with the GDPR?
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
- Customers and Prospects are making it a requirement
- It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.