To make sure Hedge works as promised we need to collect data. It ensures and improves quality. Without data we would be forced to conduct pricey and less effective research, which would result in a much higher price for you, the user.
Still, to us this feels as an undesirable situation. It's creepy. It's too easy nowadays to slip into the Land Of Gimme-All-Yer-Data, and make money off your data. So hereby we offer you a complete insight into what we think is the bare minimum of data needed.
We do not share raw data with anyone, ever. Period. We consider the data yours, and you give us a right to use that data by using Hedge.
We have no trackers on our website. We do not monitor server logs stored by Webfaction for statistics or analytics. We only track downloads and purchases in external systems.
Say, you, a visitor on our website downloads a product. Your email is required to do so and sent to Zapier using Mailgun, along with your specific OS version, whether you want to subscribe to the newsletter, the part of the website you viewed when clicking download, the referrer, which product, and the number of the week. Zapier parses the data and stores it in Airtable. We use this information to decide whether you're a new user or not and if we can email you about your download. We do this to make sure we don't bug you inadvertently. If we do email you, we do so manually, also known as transactional, and use Mailgun to send the email. If you upon download choose to receive our newsletter your email is added to MailChimp. A Slack notification containing your email is sent upon successfully subscribing your email to Mailchimp.
Upon opening our products, our licensing provider DevMate gathers data about your computer. The data is only made available to us as anonymous aggregated data within their dashboard only. It shows us how many users we have, and which versions of our products are in use on which hardware.
Purchases of our products are made through our payment providers FastSpring, Paddle, Stripe, and Mollie. These all store data we don't have access to, to make the payment process work. We do get access to your email, name, payment method and sometimes locale info like country and state. We process this data automatically using Zapier, and store it in Airtable and archive in Google Mail. A customer record containing your name and email is also created in DevMate and used to generate a license. Notifications are then sent to Slack, including your email and details of your purchase.
Upon activation of your license, your MAC address is stored by DevMate. We have no access to this through DevMate's API, but we can look it up for you to aid disabling activations on a per-machine basis. If you use the in-app feedback form, your email and diagnostics are stored in DevMate. Your feedback is then sent to Groove, our support platform.
When using our products, we track events to make sure our products work as advertised. We use Mixpanel for this. These events are completely anonymized and sent with best effort. We can only connect events to you personally if you give us a Transfer Log or your machine specific user ID. Both require considerable effort from your side, so we feel it's as safe as it can be. You could block these events from being sent to us by using a firewall, but keep in mind that when doing so we won't be able to help you when you experience issues with our products. We sometimes export data from Mixpanel manually for a specific analysis carried out locally. When done, all raw data is deleted from our systems. Mixpanel retains information for 5 years.
All emails sent to firstname.lastname@example.org are received and stored by Groove. Emailing to other addresses on domain names Hedge owns are either stored by Webfaction, Groove or Google Mail. Notifications for each incoming support email are sent to Slack.
Since we only store data to make your license work, an execution of your right to be forgotten implies that your license(s) has to be revoked, without a refund. To do so, simply reach out to email@example.com and we will reply to you with 24 business hours. Our timezone is CET.
Our development process is iterative: each sprint we decide on new features and the data points needed to build and validate it. When done we will remove the data point(s), unless it's part of an ongoing process (like a quality measurement). If a data point is added to the app, it will be added to this document. At any time, you can reach out to us to request a list of your data.
Login credentials to the third parties mentioned above are not shared outside our executive layer of employees. Data collected from those third parties for internal use is collected through API's or by executives.
If you think we use your or anyone's data in a wrongful way, or should be more stringent in how we use it, please let us know. We promise to be responsive, cooperative and open to suggestions.
Last changed on 20180626 by Paul Matthijs Lombert