Play SQL is located in France, Europe, which is famous for protecting the consumer's rights and privacy. On the other hand we want to provide a good service to customers, and that means understanding how features are used.
CNIL
CNIL is the French regulatory body which ensures that personal data privacy laws are dutifully applied.
The following policy is covered by the norm NS-48 (see details) and the file has been declared to CNIL. For any enquiry, the contact person is Adrien Ragot (see details below).
What data we have
We have:
- Billing information: Information transmitted to us by Atlassian for the payment of the software licenses and the execution of the contract. It is mostly names, email addresses, phone numbers and license type. No credit card information.
- API information: Information provided to our software through the APIs of Atlassian products. Personally identifiable information includes user keys, emails, names, and IPs.
- In-App Analytics: Information we gather in our software about the usage of our online or offline apps. Personally identifiable information includes actions of users on our features, the number of users, the type of license, information the user explicitly provides (such as "Please enter the email address that Play SQL can use to contact you").
- Application data: Data created by the users in the application.
- Web Analytics: Information we gather about viewers of our websites, directly or through an analytics service (Google Analytics).
- Information you provide through the support, either by email or through a website (e.g. Atlassian Answers).
Who accesses data
Play SQL is currently a sole-trader company (titled "SASU" in France) with:
- The founder, Adrien Ragot,
- If any employee or intern is hired, they sign a contract stating that they are strongly forbidden from leaking any information,
- Temporary contractors, hired for a specific time or project.
There are special situations where external people may have access to the data:
- In the situation where the company or one product is sold to a new owner: We sign a mutual NDA before the negotiation. Upon ownership transfer, the new owner takes responsibility for respecting the current licenses and privacy policy.
- In the situation where someone illegally accesses our systems, we cannot provide control about your data,
- In the situation where we are compelled by law to provide this information, we cannot provide control about your data.
Here is what we allow:
Information | Founder | Employees under confidentiality agreement | Contractors |
---|---|---|---|
Billing | Yes | No | No |
API information | Yes | Yes | Yes |
In-App Analytics | Yes | Yes | No |
Application Data | Yes | Yes | Yes |
Web Analytics | Yes | Yes | No |
Support | Yes | Yes | No |
Use and purpose of the information we collect
We use the information to:
- Provide the service,
- Provide support for the software,
- Explain features and develop engagement about the software,
- Balance the time we spend improving features which are used the most,
- We may use information in aggregated form (statistics, etc) for advertising,
- For legal reasons, to protect the owner, the company, the software or when required by law.
This includes:
- Customers who create an evaluation license are subscribed by default to an "Evaluator Training" mailing list which explains how to use the product week by week,
- Accessing the user's data for to provide support.
How we keep our servers secure
We make our best to use state-of-the-art techniques to keep the data safe:
- We use SSH keys to access our servers,
- Our customer-facing activities use HTTPS and SSL certificates,
- We don't transfer data in clear-text over the network, except in situations where we display a warning,
- The hard drives of our personal computers are encrypted (for example with Apple's FileVault 2),
- Our backup drives are encrypted (for example with Apple's FileVault 2 / Time Machine).
- Whenever a leak affecting the software we use is published (for example Heartbleed or Shellshock), we halt the service in emergency and upgrade our systems.
We cannot guarantee that no leak will ever happen, but we make our best to keep your data safe.
How you can opt out
- Viewers can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
- Users of Play SQL Spreadsheets for Confluence Server can opt-out of In-App Analytics inside the software.
- Keep your computers secure, using up-to-date software and higher settings for SSL certificates.
How the information is processed - and how we share with partners
The information is processed on servers around the world. This may include servers which are not in your country of residence. In most cases:
- The web servers are located in Europe and USA,
- The Atlassian servers are not under our control,
- The author is based in France, so your data may be downloaded and processed on personal computers.
- We process your information using partners' services. We never sell or provide partners with permission to collect, use or sell your information. Our partners include:
- Hosting: Amazon, Digital Ocean, 1and1, OVH,
- The mailing partner: MailChimp,
- Marketplace platform: Atlassian,
- Support: Twitter, Google Mail, FastMail,
- Please see our "Providers" page for the details of our providers.
Deletion
Your information will not be kept longer than 2 years after the end of our commercial relationship. The data which may be used for legal reasons (in the event of a trial for example) will be kept as long as required by the law.
Access and correction
You have a right to access the personal information we collect and correct it. You may perform this right of access and correction by mail to:
Adrien Ragot
107 cours Gambetta
69003 Lyon
Application
Our Privacy Policy applies to all of the websites and software offered by us and our affiliates, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.
When we receive formal written complaints, we contact the person who made the complaint to follow up. In case of dispute, we seek the best amicable resolution. We may work with appropriate regulatory authorities to resolve complaints. The privacy policy is governed by the laws of France, and, subject to the following sentence, in case of dispute, the parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of Lyon, France.
Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page.