Data Security Policy

Data Security Policy

What is accessed


  • Your personal name and email attributes are needed as part of signup and login authentication process
  • We do not request other data from oauth channels


What data is stored


  • Your name and email are stored as part of the account creation process; Name, nickname and avatar can be modified within your personal account
  • License configuration requires you to supply your name and contact details for the payee
  • We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage are credit card details stored on, or even sent to, our servers. All credit card data is sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal
  • Other data that you create and control as part of managing Consortium
  • Audit of user access against a given consortium
  • Audit of configuration changes


What we do with data


  • Your name, nickname, and email are stored on your account record; Data is encrypted at rest; You can modify name, nickname and avatar image link
  • Our policy is to never share or sell data to any external party


Data Retention and Archival Policy for Neelix Core Data


  • Your name, nickname, email, experiences commentary and meta data are stored for as a long as the account is maintained in the system. There is no automatic archival and there is no account deactivation policy related to lack of activity.
  • Users can close their account and be "forgotten" as per our Account cancellation policy (see below). Consortium related user identifiable information is either deleted or anonymised on account closure. Data related to payments already processed will be securely stored in order to comply with our tax, accounting, and financial reporting obligations. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
  • Stripe data retention policy provides information about billing and payments data stored on © Stripe. At no stage are credit card details stored on, or even sent to, Neelix servers.


Data Retention and Archival Policy for Integrated Channels


  • This policy applies to Slack and Microsoft Teams integrations.
  • When the Neelix app is installed in a workspace, we store name, id, and bot token and associate the workspace with the user who added it. When the channel list is refreshed, we store the name, id and locale for any unrecognized channel and associate all relevant channels (new and existing) with the user who triggered the refresh. These values may be updated periodically but we do not retain any other workspace or channel data.
  • If a channel is deleted, all data about the channel, including any Neelix default configuration settings and any associations with any users, are deleted. Likewise, if the app is uninstalled from a workspace, all workspace, configuration, and user association data for the workspace are deleted along with the data for any channel in the workspace.


Encryption, Hosting, and Geo Location of Data


  • We do not run our own physical infrastructure. Instead, we leverage the power and security of the Google Cloud Platform (GCP)
  • The application and datastore are hosted in GCP - host region is us-central
  • Data is encrypted at rest
  • Internet communications are secure - https only


People and Access Policy


  • User can access data only with specific Consortia as per permissions administered by the maintenance user(s) of each Consortium
  • Only authenticated users can access functionality


Backups


  • 24-hour backup policy


Account cancellation


"Close Account"

is a self service process (same link is available under user's personal cabinet).

  • Users can leave the system at any time. Personal name, nickname, account pairing details, and email details will be deleted when the account is closed
  • Experiences commentary will be deleted and person identifiable information purged if your Consortium is not in use
  • If Consortium is in use by other permitted users, then a clear notification will be provided during the account closure process. You will have the opportunity to agree with other users to archive the Consortium in its entirety or to purge your own commentary only.

Account Support

is the preferred method when enquiring more about information about stored data, or when any other assistance is required.

Contact us

is another method of reaching out for enquiries or assistance.


Billing and Invoices Data Management


  • We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage are credit card details stored on, or even sent to, our servers. All credit card data is sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal.
  • Stripe data retention policy provides information about billing and payments data stored on © Stripe.
  • Participants Dashboard lists billing entities. If you are a maintenance user of a billing entity, then you will be able to access "Invoices | Stripe Customer Portal" link.


Vulnerability Management


  • See Security Vulnerability Process


The right find out more about data usage & Correction of details


Contact Us if you need more information, or if you find errors that cannot be corrected via self-service.


Share by: