GDPR

EFFECTIVE DATE - October 1, 2021

btw has aligned our policies and practices with the General Data Protection Regulation (GDPR). Even if our website visitors and customers might not be based in the EU, their end-users may be, so it is important that btw become GDPR compliant to ensure all our clients are covered. This page provides a high-level summary of our approach to GDPR. Please contact deepti@btw.so with any questions.

How we comply with GDPR

btw, as a Data Processor, collects and stores a minimum of Personal Data only as instructed by our Customer, the Data Controller, for the purposes of delivering the btw Services. Additionally, here's a list of processes to ensure we comply with GDPR-

  1. Collecting Consents- You can configure btw to collect consents via chat prior to collecting email addresses or additional personal data.
  2. Appropriate Safeguards- Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored in Azure.
  3. Contracts- We have in place the appropriate Data Processing Agreements (DPAs) with all vendors and sub-processors that process data on our behalf.
  4. Honoring Data Subject Rights- We have processes in place to honor data subject requests. btw will export, correct, or delete contact data upon request by the customers. If we receive a request directly from an end-user, we will work with btw customers to honor the request.

Our Subprocessors

  1. Azure - United States - Cloud Infrastructure
  2. Mailgun - United States - Email delivery services

We have in place Data Processing Agreements with all of our sub-processors. We rely on a combination of Privacy Shield Certifications and execution of EU Model Clauses where data is being transferred across borders.

What data do we collect?

  • Email addresses (provided by customers, website visitors and end-users)
  • Name, Phone Number (provided by the customers, website visitors and end-users)
  • Company name and role in the company (provided by customers to create an account to use btw Services)
  • Avatars (automatically deduced using Gravatar or overridden by customers using btw Services)
  • Credit card information and related payment information (provided by customers to use btw paid Services)
  • Device data like OS, Browser type, IP address, unique device identifier (automatically captured when customers, end-users and website visitors engage with the Sites or Services)
  • Service data like referrer data, engagement data on btw Sites and btw customer domains (automatically captured when customers, end-users and website visitors engage with btw Sites, Services or btw customers domains)

Who is responsible for end-user data?

btw customers who enable btw Services on their sites are responsible for the end-user data. btw provides products and services to enable our customers to comply with data requests from their end-users.

How are end-user data requests handled?

Under GDPR, individuals have the right to ask for the right to portability, rectify and be forgotten. btw collects end-user's data on behalf of our customers, any requests regarding accessing/ editing/ deleting end-users data will be forwarded to our customers. We give our customers the mechanisms to access their end-user's data and also comply with relevant data requests. This way, our customers are always in control of their data.

Note that our customer can determine if the request is valid and can be fulfilled. We will take action based on the direction provided by our customer on how to proceed with any such request.

As a processor, btw gives flexibility to our clients to determine their data policies, which offer rights to their end-users. This includes the ability to access / edit/ delete information. We also give the ability to set a routine data deletion process at a cadence determined by the customer.

This page provides a high-level summary of our approach to GDPR. Please contact deepti@btw.so with any questions.

Start finding your
1000 true fans today